Red Hat Bugzilla – Bug 315871
CVE-2007-1659 pcre regular expression flaws
Last modified: 2010-09-24 07:20:19 EDT
Tavis Ormandy of the Google Security Team reported multiple pcre regular
expressions flaws. Here are the details pasted from Tavis' mail:
unmatched \Q\E sequences with orphan \E codes can cause the compiled
regex to become desynchronized, resulting in corrupt bytecode that may
result in multiple exploitable conditions. This was inadvertently
fixed by the pcre maintainer in version 7.0, however another case of a
lone \E inside a character class remained, this has been fixed in 7.3
Red Hat would like to thank Tavis Ormandy and Will Drewry for properly disclosing these issues.
This issue was addressed in:
Red Hat Enterprise Linux:
pcre-7.3-3.fc7 has been submitted as an update for Fedora 7
pcre-7.3-3.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.