Bug 912276 (CVE-2013-1667)
Summary: | CVE-2013-1667 perl: DoS in rehashing code | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | carnil, jrusnack, mjc, ppisar, psabata, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-04-03 18:27:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 915690, 915691, 915692, 915693, 918008 | ||
Bug Blocks: | 912291 | ||
Attachments: |
Description
Jan Lieskovsky
2013-02-18 09:31:30 UTC
Created attachment 698789 [details]
Proposed upstream patch against perl-5.8.5 version
Created attachment 698790 [details]
Proposed upstream patch against perl-5.8.8 version
Created attachment 698791 [details]
Proposed upstream patch against perl-5.10.1 version
Created attachment 698792 [details]
Proposed upstream patch against perl-5.12.5 version
Created attachment 698793 [details]
Proposed upstream patch against perl-5.14.3 version
Created attachment 698794 [details]
Proposed upstream patch against perl-5.16.2 version
Acknowledgements: Red Hat would like to thank Perl project for reporting this issue. Upstream acknowledges Yves Orton as the original issue reporter. This issue affects the versions of the perl package, as shipped with Red Hat Enterprise Linux 5 and 6. -- This issue affects the versions of the perl package, as shipped with Fedora release of 17 and 18. Created attachment 705064 [details]
Upstream 5.8.8 patch ported to RHEL-5 perl
This is now corrected upstream: Prevent premature hsplit() calls, and only trigger REHASH after hsplit(): http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5 (maint-5.16) http://perl5.git.perl.org/perl.git/commitdiff/9d83adc (maint-5.12) http://perl5.git.perl.org/perl.git/commitdiff/d59e31f (maint-5.14) Created perl tracking bugs for this issue Affects: fedora-all [bug 918008] perl-5.16.2-240.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2013:0685 https://rhn.redhat.com/errata/RHSA-2013-0685.html perl-5.14.4-224.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. |