Bug 1185205 (CVE-2014-7926)
Summary: | CVE-2014-7926 ICU: regexp engine incorrect handling of a zero length quantifier | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Martin Prpič <mprpic> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | caolanm, chazlett, denis.arnaud_fedora, erack, erik-fedora, tpopela, tuxator |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Chrome 40.0.2214.91 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-12-17 21:17:36 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1185236, 1185237, 1190131, 1190132, 1190133 | ||
Bug Blocks: | 1185232, 1186680 |
Description
Martin Prpič
2015-01-23 09:03:31 UTC
Google Chrome bug is: https://code.google.com/p/chromium/issues/detail?id=422824 However, the bug is currently not public. However, the following commit can be identified using the bug id: https://chromium.googlesource.com/chromium/deps/icu/+/3af4ce5982311035e5f36803d547c0befa576c8c It covers two Chrome bugs, the other one is associated with CVE-2014-7923 also fixed in Chrome 40.0.2214.91. The commit references ICU upstream bugs, which are also currently non-public. ICU bug and commit links follow: http://bugs.icu-project.org/trac/ticket/11369 http://bugs.icu-project.org/trac/changeset/36727 "Regex, fix incorrect optimization of patterns with a zero length quantifier {0}" http://bugs.icu-project.org/trac/ticket/11370 http://bugs.icu-project.org/trac/changeset/36724 "Regex, add missing range check of length of a look-behind expression." I do not currently see any information that would allow mapping the two ICU changes to Google Chrome CVEs. This issue has been addressed in the following products: Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2015:0093 https://rhn.redhat.com/errata/RHSA-2015-0093.html (In reply to Tomas Hoger from comment #2) > Google Chrome bug is: > > https://code.google.com/p/chromium/issues/detail?id=422824 > As per the chrome bug, this was fixed upstream via: http://bugs.icu-project.org/trac/ticket/11369 http://bugs.icu-project.org/trac/changeset/36727 "Regex, fix incorrect optimization of patterns with a zero length quantifier {0}" Created mingw-icu tracking bugs for this issue: Affects: fedora-all [bug 1190132] Affects: epel-7 [bug 1190133] Created icu tracking bugs for this issue: Affects: fedora-all [bug 1190131] icu-50.1.2-12.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. icu-52.1-6.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. icu-54.1-5.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. icu-54.1-4.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. |