Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1927 to the following vulnerability: Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems. References: http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792
Created attachment 303744 [details] Patch from DSA-1556-1 http://www.debian.org/security/2008/dsa-1556 http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=26;filename=27_fix_regcomp_utf8;att=1;bug=454792
Created attachment 303746 [details] Test case extracted from Debian patch
Created attachment 303751 [details] Test case from Debian bug #454792
perl-5.8.8-39.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
perl-5.8.8-29.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
it seems that segfaults can be produced in RHEL-3, RHEL-4, and RHEL-5 with test case attachment in #2. Is this issue being addressed for RHEL?
This issue was addressed in: Red Hat Application Stack: http://rhn.redhat.com/errata/RHSA-2008-0532.html Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0522.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-3399 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-3392
This issue has been addressed in following products: Red Hat Certificate System 7.3 Via RHSA-2010:0602 https://rhn.redhat.com/errata/RHSA-2010-0602.html