Bug 1226918
Summary: | CVE-2015-3210 pcre: heap buffer overflow in pcre_compile2() / compile_regex() | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED DUPLICATE | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | adam.stokes, andrew, ashishks, carnil, c.david86, erik-fedora, jorton, jrusnack, lkundrak, mmaslano, ppisar, rcollet, sardella, svh, webstack-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-06-29 16:40:43 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1236659, 1236660 | ||
Bug Blocks: | 1226929 |
Description
Vasyl Kaigorodov
2015-06-01 12:46:08 UTC
I know. I also know that Red Hat Security Team does handle regular expression-driven crashes as security issues. Are you going to close this one as deferred? *** Bug 1232053 has been marked as a duplicate of this bug. *** Statement: (none) Created pcre tracking bugs for this issue: Affects: fedora-all [bug 1236659] Created mingw-pcre tracking bugs for this issue: Affects: fedora-all [bug 1236660] Upstream fixed it by: commit 4b79af6b4cbeb5326ae5e4d83f3e935e00286c19 Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> Date: Fri May 15 17:17:03 2015 +0000 Fix buffer overflow for named recursive back reference when the name is duplicated. git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1558 2f5784b3-3f2a-0410-8824- cb99058d5e15 Please note that php 5.6 in SCL 2 ships an embedded version of PCRE 8.34 which is vulnerable, however this issue is difficult to exploit (the attacker must create custom regex patterns), and the impact of exploitation is limited (e.g. PHP runs as a non root user within the web server SELinux context in almost all cases). pcre-8.37-2.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. pcre-8.35-12.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. *** This bug has been marked as a duplicate of bug 1287623 *** |