Bug 1683683 (CVE-2009-5155)

Summary: CVE-2009-5155 glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result
Product: [Other] Security Response Reporter: msiddiqu
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ashankar, codonell, dj, fweimer, glibc-bugzilla, jik, maxim.cournoyer, mnewsome, pfrankli, ponikam, sbalasub, yozone
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: glibc 2.28 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-27 03:26:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1683684, 1685392    
Bug Blocks: 1683695    
Attachments:
Description Flags
Backport of upstream commits fixing CVE-2009-5155
none
Backport of upstream commits fixing CVE-2009-5155 (patch 1/2) none

Description msiddiqu 2019-02-27 14:54:00 UTC 
In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.

Upstream commit:
http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672

References:
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238
https://sourceware.org/bugzilla/show_bug.cgi?id=11053
https://sourceware.org/bugzilla/show_bug.cgi?id=18986
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793
Comment 1 msiddiqu 2019-02-27 14:54:26 UTC 
Created glibc tracking bugs for this issue:

Affects: fedora-28 [bug 1683684]
Comment 3 Huzaifa S. Sidhpurwala 2019-03-05 05:52:10 UTC 
This issue was fixed in glibc-2.28
Comment 6 Maxim Cournoyer 2019-03-15 14:13:31 UTC 
Created attachment 1544481 [details]
Backport of upstream commits fixing CVE-2009-5155

I believe I've successfully backported the two commits which makes it possible to fix this CVE for the glibc 2.17 of RHEL7.

Theses patches are rebased on top of the existing RHEL7 patches.

I'm uploading these here in case they'd be useful.

Maxim
Comment 7 Maxim Cournoyer 2019-03-15 14:21:24 UTC 
Created attachment 1544482 [details]
Backport of upstream commits fixing CVE-2009-5155 (patch 1/2)
Comment 8 Jonathan Kamens 2020-05-07 20:59:42 UTC 
Is there some reason why it has been nearly a year since there has been any progress toward releasing the fix for this issue for RHEL 7?