Bug 315881 (CVE-2007-1660)

Summary: CVE-2007-1660 pcre regular expression flaws
Product: [Other] Security Response Reporter: Josh Bressers <bressers>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: medium    
Version: unspecifiedCC: azelinka, kreilly, mmcallis, omoris, than
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-14 13:36:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 315951, 315961, 315971, 315981, 378401, 381991, 382081, 411731, 413871, 414271, 445917    
Bug Blocks: 307451    
Attachments:
Description Flags
Patch backported to pcre-3.9 in EL3
none
Patch backported to pcre-3.4 in EL2.1 none

Description Josh Bressers 2007-10-02 19:37:46 UTC 
Tavis Ormandy of the Google Security Team reported multiple pcre regular
expressions flaws.  Here are the details pasted from Tavis' mail:

CVE-2007-1660:
multiple forms of character class had their sizes miscalculated on
initial passes, resulting in too little memory being allocated, this
was also inadvertently fixed in version 7.0, where the compile phase
was entirely re-engineered (and much improved, from a security
standpoint).

Acknowledgements:

Red Hat would like to thank Tavis Ormandy and Will Drewry for properly disclosing these issues.
Comment 7 Josh Bressers 2007-11-05 16:05:14 UTC 
Lifting embargo
Comment 8 Tomas Hoger 2007-11-15 16:41:29 UTC 
Created attachment 259991 [details]
Patch backported to pcre-3.9 in EL3
Comment 10 Tomas Hoger 2007-11-16 17:20:21 UTC 
Created attachment 261501 [details]
Patch backported to pcre-3.4 in EL2.1
Comment 15 Red Hat Product Security 2008-01-14 13:36:16 UTC 
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2007-0967.html
  http://rhn.redhat.com/errata/RHSA-2007-0968.html
  http://rhn.redhat.com/errata/RHSA-2007-1063.html
  http://rhn.redhat.com/errata/RHSA-2007-1065.html