RHSA-2020:4539: Moderate: pcre2 security and enhancement update
The pcre2 package contains a new generation of the Perl Compatible Regular Expression libraries for implementing regular expression pattern matching using the same syntax and semantics as Perl. Security Fix(es): pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode (CVE-2019-20454) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2020:4539?
The severity of RHSA-2020:4539 is classified as moderate.
How do I fix RHSA-2020:4539?
To fix RHSA-2020:4539, update the pcre2 package to version 10.32-2.el8 or later.
What caused the vulnerability in RHSA-2020:4539?
The vulnerability in RHSA-2020:4539 was caused by an out-of-bounds read when using \X in JIT mode of the pcre library.
Which packages are affected by RHSA-2020:4539?
The affected packages in RHSA-2020:4539 include pcre2, pcre2-debuginfo, pcre2-devel, and pcre2-tools among others.
Is there a workaround for RHSA-2020:4539?
There is no documented workaround for RHSA-2020:4539; updating is recommended to remediate the vulnerability.