Issued:: 2024-02-20
Updated:: 2024-02-20

RHSA-2024:0889 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: oniguruma security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for oniguruma is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Oniguruma is a regular expressions library that supports a variety of character encodings.

Security Fix(es):

oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224)
oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163)
oniguruma: integer overflow in search_in_range function in regexec.c leads to out-of-bounds read (CVE-2019-19012)
oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)
oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64
Red Hat CodeReady Linux Builder for x86_64 8 x86_64
Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x

Fixes

BZ - 1728970 - CVE-2019-13224 oniguruma: Use-after-free in onig_new_deluxe() in regext.c
BZ - 1768997 - CVE-2019-16163 oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c
BZ - 1802051 - CVE-2019-19012 oniguruma: integer overflow in search_in_range function in regexec.c leads to out-of-bounds read
BZ - 1802061 - CVE-2019-19203 oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c
BZ - 1802068 - CVE-2019-19204 oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
oniguruma-6.8.2-2.1.el8_9.src.rpm	SHA-256: e74d828539753e82a21a7966f1d61a41660276dd5a37264991bb58556289c6de
x86_64
oniguruma-6.8.2-2.1.el8_9.i686.rpm	SHA-256: 19ac9c85d6896d26c0cb8dc046ca2a1565ee4d864afc3fb050833bd29cf70c19
oniguruma-6.8.2-2.1.el8_9.x86_64.rpm	SHA-256: a3ea55c425337d9bf906d4a85bfa8131c8c5525294c4686457bbdd31f164afae
oniguruma-debuginfo-6.8.2-2.1.el8_9.i686.rpm	SHA-256: a7b2b643f92387a1e3fd5318aee7caacbd92712537ff1acbe22cf1559b0c1e63
oniguruma-debuginfo-6.8.2-2.1.el8_9.x86_64.rpm	SHA-256: fdc73e23a7456fd659dc77fe46ad052f633e853c8f040120c225bc0d1ab02376
oniguruma-debugsource-6.8.2-2.1.el8_9.i686.rpm	SHA-256: c60f3feaf74efc44582ce5230b05b41a0020f3cbd3b0b11e77a38c43edea819d
oniguruma-debugsource-6.8.2-2.1.el8_9.x86_64.rpm	SHA-256: 177c9e53abe84e0cfa07844556fa296923811a717f686229c09691167f359ba1

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
oniguruma-6.8.2-2.1.el8_9.src.rpm	SHA-256: e74d828539753e82a21a7966f1d61a41660276dd5a37264991bb58556289c6de
s390x
oniguruma-6.8.2-2.1.el8_9.s390x.rpm	SHA-256: 759489703b81676b0bc1dc9020fda1d720f23a30f00a89a66b539ec1621ef747
oniguruma-debuginfo-6.8.2-2.1.el8_9.s390x.rpm	SHA-256: 6e578a3378adcfaadc08ffd1decb1babf0a563a0d040bea2556dbbddf0740522
oniguruma-debugsource-6.8.2-2.1.el8_9.s390x.rpm	SHA-256: 93439b0ed2dd79091cddf27b22ff8a5538848ccaadabd2d4deb1c326a3615447

Red Hat Enterprise Linux for Power, little endian 8

SRPM
oniguruma-6.8.2-2.1.el8_9.src.rpm	SHA-256: e74d828539753e82a21a7966f1d61a41660276dd5a37264991bb58556289c6de
ppc64le
oniguruma-6.8.2-2.1.el8_9.ppc64le.rpm	SHA-256: 6c715c136f7b20aef1f9e6dc8ac8883ffa3f0033ddb10d80b0723db862696b32
oniguruma-debuginfo-6.8.2-2.1.el8_9.ppc64le.rpm	SHA-256: aa8dfaef8c7474399fdab5cd77a1e9d5ab92b6180259b2a49cf9a658869a6aeb
oniguruma-debugsource-6.8.2-2.1.el8_9.ppc64le.rpm	SHA-256: 2030b2896b2f7ff760d288e589d94da1b79b9176f74cb4e290d185cc82cb3427

Red Hat Enterprise Linux for ARM 64 8

SRPM
oniguruma-6.8.2-2.1.el8_9.src.rpm	SHA-256: e74d828539753e82a21a7966f1d61a41660276dd5a37264991bb58556289c6de
aarch64
oniguruma-6.8.2-2.1.el8_9.aarch64.rpm	SHA-256: 0f0714be0436072025099c496788dd26cd9ef50e945201284dd637dfd675c514
oniguruma-debuginfo-6.8.2-2.1.el8_9.aarch64.rpm	SHA-256: fea4bdd857e79c77b2eb70474ed096f9e591d2763ead79c97ab5cf884be1df6f
oniguruma-debugsource-6.8.2-2.1.el8_9.aarch64.rpm	SHA-256: 79a84d0114dcf6200266d6ccf3f5883456293a860693aa0e5ca2887011e5a44e

Red Hat CodeReady Linux Builder for x86_64 8

SRPM
x86_64
oniguruma-debuginfo-6.8.2-2.1.el8_9.i686.rpm	SHA-256: a7b2b643f92387a1e3fd5318aee7caacbd92712537ff1acbe22cf1559b0c1e63
oniguruma-debuginfo-6.8.2-2.1.el8_9.x86_64.rpm	SHA-256: fdc73e23a7456fd659dc77fe46ad052f633e853c8f040120c225bc0d1ab02376
oniguruma-debugsource-6.8.2-2.1.el8_9.i686.rpm	SHA-256: c60f3feaf74efc44582ce5230b05b41a0020f3cbd3b0b11e77a38c43edea819d
oniguruma-debugsource-6.8.2-2.1.el8_9.x86_64.rpm	SHA-256: 177c9e53abe84e0cfa07844556fa296923811a717f686229c09691167f359ba1
oniguruma-devel-6.8.2-2.1.el8_9.i686.rpm	SHA-256: 617a471d4c9597627eca1212f3fa3602e8d394b585911492cdcafc08f40578dc
oniguruma-devel-6.8.2-2.1.el8_9.x86_64.rpm	SHA-256: 1d5ba27abd70427276f7660f05747dd55146d10f33b4a631d808622e5af70dcd

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM
ppc64le
oniguruma-debuginfo-6.8.2-2.1.el8_9.ppc64le.rpm	SHA-256: aa8dfaef8c7474399fdab5cd77a1e9d5ab92b6180259b2a49cf9a658869a6aeb
oniguruma-debugsource-6.8.2-2.1.el8_9.ppc64le.rpm	SHA-256: 2030b2896b2f7ff760d288e589d94da1b79b9176f74cb4e290d185cc82cb3427
oniguruma-devel-6.8.2-2.1.el8_9.ppc64le.rpm	SHA-256: 49f1b9006e029c983c15cba209c61077ce45920d5f8746451e3982389d4f651a

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM
aarch64
oniguruma-debuginfo-6.8.2-2.1.el8_9.aarch64.rpm	SHA-256: fea4bdd857e79c77b2eb70474ed096f9e591d2763ead79c97ab5cf884be1df6f
oniguruma-debugsource-6.8.2-2.1.el8_9.aarch64.rpm	SHA-256: 79a84d0114dcf6200266d6ccf3f5883456293a860693aa0e5ca2887011e5a44e
oniguruma-devel-6.8.2-2.1.el8_9.aarch64.rpm	SHA-256: e4f54781e4db494484ee588c56bc44ed51f5a855961faa890a2e97de2047ad4b

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM
s390x
oniguruma-debuginfo-6.8.2-2.1.el8_9.s390x.rpm	SHA-256: 6e578a3378adcfaadc08ffd1decb1babf0a563a0d040bea2556dbbddf0740522
oniguruma-debugsource-6.8.2-2.1.el8_9.s390x.rpm	SHA-256: 93439b0ed2dd79091cddf27b22ff8a5538848ccaadabd2d4deb1c326a3615447
oniguruma-devel-6.8.2-2.1.el8_9.s390x.rpm	SHA-256: 8b1bf5be7bed228b488f8c5de3faeb6ce6b218e5df9bc54e4bcd4c24816ecd11

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation