Bug 1684374 (CVE-2019-9192)
| Summary: | CVE-2019-9192 glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
Upstream glibc does not classify this bug as a security issue as per: https://sourceware.org/glibc/wiki/Security%20Exceptions
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-04-01 08:09:26 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1684375 | ||
| Bug Blocks: | 1684377 | ||
|
Description
Dhananjay Arunesh
2019-03-01 06:20:04 UTC
Created glibc tracking bugs for this issue: Affects: fedora-all [bug 1684375] Upstream does not classify this as a security flaw as per: https://sourceware.org/glibc/wiki/Security%20Exceptions "Consequently, resource exhaustion issues which can be triggered only with crafted patterns (either during compilation or execution) are not treated as security bugs. (This does not mean we do not intend to fix such issues as regular bugs if possible.) " |