This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 443928 - (CVE-2008-1927) CVE-2008-1927 perl: heap corruption by regular expressions with utf8 characters
CVE-2008-1927 perl: heap corruption by regular expressions with utf8 characters
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
http://nvd.nist.gov/nvd.cfm?cvename=C...
source=vendor-sec,reported=20080420,p...
: Security
Depends On: 466966 449319 449320 449321 449322 449323 449324 466967
Blocks: 466968
  Show dependency treegraph
 
Reported: 2008-04-24 03:10 EDT by Tomas Hoger
Modified: 2010-08-04 17:32 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-06-17 12:20:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Patch from DSA-1556-1 (8.06 KB, patch)
2008-04-25 02:54 EDT, Tomas Hoger
no flags Details | Diff
Test case extracted from Debian patch (400 bytes, text/plain)
2008-04-25 03:02 EDT, Tomas Hoger
no flags Details
Test case from Debian bug #454792 (250 bytes, text/plain)
2008-04-25 03:42 EDT, Tomas Hoger
no flags Details

  None (edit)
Description Tomas Hoger 2008-04-24 03:10:09 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1927 to the following vulnerability:

Double free vulnerability in Perl 5.8.8 allows context-dependent
attackers to cause a denial of service (memory corruption and crash)
via a crafted regular expression containing UTF8 characters.  NOTE:
this issue might only be present on certain operating systems.

References:
http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792
Comment 2 Tomas Hoger 2008-04-25 03:02:43 EDT
Created attachment 303746 [details]
Test case extracted from Debian patch
Comment 3 Tomas Hoger 2008-04-25 03:42:10 EDT
Created attachment 303751 [details]
Test case from Debian bug #454792
Comment 8 Fedora Update System 2008-04-29 16:58:48 EDT
perl-5.8.8-39.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2008-04-29 16:59:25 EDT
perl-5.8.8-29.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Johnny Hughes 2008-05-21 06:25:43 EDT
it seems that segfaults can be produced in RHEL-3, RHEL-4, and RHEL-5 with test
case attachment in #2.

Is this issue being addressed for RHEL?
Comment 15 errata-xmlrpc 2010-08-04 17:32:46 EDT
This issue has been addressed in following products:

  Red Hat Certificate System 7.3

Via RHSA-2010:0602 https://rhn.redhat.com/errata/RHSA-2010-0602.html

Note You need to log in before you can comment on or make changes to this bug.