Red Hat Bugzilla – Bug 443780
CVE-2008-1026 WebKit: Integer overflow in the PCRE regular expression compiler
Last modified: 2016-03-04 07:52:08 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1026 to the following vulnerability:
Relevant part of the Apple security advisory:
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista
Impact: Viewing a maliciously crafted web page may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in WebKit's handling of
repetition counts. This may lead to an unexpected application
termination or arbitrary code execution. This update addresses the
expressions. Credit to Charlie Miller working with TippingPoint's
Zero Day Initiative for reporting this issue.
Upstream fix: http://trac.webkit.org/projects/webkit/changeset/31388
This fix should be included in WebKit-1.0.0-0.8.svn31787, which is already in F8
and F9 and on the way to F7 as well.
This issue did not affect pcre packages as shipped in Red Hat Enterprise Linux
2.1, 3, 4, and 5, and Fedora 7 and 8. This issue was specific to WebKit's
modified PCRE version.
WebKit-1.0.0-0.8.svn31787 or newer is now in all current Fedora versions.