Bug 452079 (CVE-2008-2371)
Summary: | CVE-2008-2371 pcre: heap overflow caused by incorrect option handling | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | high | Docs Contact: | |||||
Priority: | high | ||||||
Version: | unspecified | CC: | kasal, mclasen | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-07-07 15:05:23 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 453555, 453556, 453557, 453559, 453560, 453561 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Tomas Hoger
2008-06-19 08:04:22 UTC
Tavis' proposed patch: --- pcre_compile.c~ 2008-06-12 16:55:22.860930000 +0200 +++ pcre_compile.c 2008-06-12 16:54:53.647168000 +0200 @@ -4931,7 +4931,7 @@ (lengthptr == NULL || *lengthptr == 2 + 2*LINK_SIZE)) { cd->external_options = newoptions; + options = *optionsptr = newoptions; - options = newoptions; } else { This issue did not affect the versions of pcre as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. This issue only affects pcre 7.x versions, so all current Fedora versions are affected. Public now via: http://bugs.gentoo.org/show_bug.cgi?id=228091 http://bugs.gentoo.org/show_bug.cgi?id=230039 glib2-2.14.6-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. glib2-2.16.4-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. pcre-7.3-4.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. pcre-7.3-4.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-6025 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-6111 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-6048 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-6110 Created attachment 311810 [details]
Upstream patch
Upstream patch in comment #14 applied upstream in SVN r360: http://vcs.pcre.org/viewvc?view=rev&revision=360 |