Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1320995 - (CVE-2014-9769) CVE-2014-9769 pcre: incorrect nested table jumps when JIT is used (8.36/6)
CVE-2014-9769 pcre: incorrect nested table jumps when JIT is used (8.36/6)
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20160323,repor...
: Security
Depends On: 1320996 1320997 1320998 1320999 1321000 1321001 1321002
Blocks: 1285420 1321003
  Show dependency treegraph
 
Reported: 2016-03-24 08:54 EDT by Adam Mariš
Modified: 2016-04-01 13:31 EDT (History)
41 users (show)

See Also:
Fixed In Version: pcre 8.36
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-04-01 08:05:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Adam Mariš 2016-03-24 08:54:49 EDT 
It was reported that segmentation fault in surricata appeared when certain regex is processed by pcre_exec in libpcre3.

Bug report:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819050
Comment 1 Adam Mariš 2016-03-24 08:56:31 EDT 
Created pcre tracking bugs for this issue:

Affects: fedora-all [bug 1320996]
Comment 2 Adam Mariš 2016-03-24 08:56:49 EDT 
Created suricata tracking bugs for this issue:

Affects: fedora-all [bug 1321002]
Comment 3 Adam Mariš 2016-03-24 08:57:02 EDT 
Created glib2 tracking bugs for this issue:

Affects: fedora-all [bug 1320998]
Comment 4 Adam Mariš 2016-03-24 08:57:16 EDT 
Created mingw-glib2 tracking bugs for this issue:

Affects: fedora-all [bug 1320999]
Affects: epel-7 [bug 1321001]
Comment 5 Adam Mariš 2016-03-24 08:57:31 EDT 
Created mingw-pcre tracking bugs for this issue:

Affects: fedora-all [bug 1320997]
Affects: epel-7 [bug 1321000]
Comment 6 Petr Pisar 2016-03-24 10:04:43 EDT 
Could you please provide reproducer? The debian bug report <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819050> is missing the "file" file content.

Moreover, the reporter claimed it happens with pcre-8.35 but not with 8.38. We have 8.38 in all supported Fedoras.
Comment 7 Andrej Nemec 2016-03-29 03:48:20 EDT 
CVE assignment:

http://seclists.org/oss-sec/2016/q1/704
Comment 8 Petr Pisar 2016-03-29 04:04:16 EDT 
This was fixes with upstream commit:

commit 60f995fc2f823183783633d5eb8af2eceb0bb663
Author: zherczeg <zherczeg@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date:   Fri Apr 25 11:59:19 2014 +0000

    Fixed an issue with nested table jumps.
    
    git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1475 2f5784b3-3f2a-0410-8824-cb99058d5e15

and fixed in subsequent pcre-8.36 release.

Reproducer from the commit:

$ printf '%s\n%s\n' '/(?:x|(?:(xx|yy)+|x|x|x|x|x)|a|a|a)bc/' 'acb' | ./pcretest -s++
PCRE version 8.35 2014-04-04

  re> Segmentation fault (core dumped)
Comment 9 Tomas Hoger 2016-04-01 08:05:44 EDT 
The following post indicates that this issue was introduced in pcre version 8.35 via the following commit:

http://vcs.pcre.org/pcre?view=revision&revision=1434

and corrected in 8.36 using the following commit (the same one as pointed out in comment 8 above):

http://vcs.pcre.org/pcre?view=revision&revision=1475

Only upstream version 8.35 was affected by this issue.  Red Hat products do not currently contain any package that includes pcre version 8.35.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.