Red Hat Bugzilla – Bug 443928
CVE-2008-1927 perl: heap corruption by regular expressions with utf8 characters
Last modified: 2010-08-04 17:32:46 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1927 to the following vulnerability:
Double free vulnerability in Perl 5.8.8 allows context-dependent
attackers to cause a denial of service (memory corruption and crash)
via a crafted regular expression containing UTF8 characters. NOTE:
this issue might only be present on certain operating systems.
Created attachment 303744 [details]
Patch from DSA-1556-1
Created attachment 303746 [details]
Test case extracted from Debian patch
Created attachment 303751 [details]
Test case from Debian bug #454792
perl-5.8.8-39.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
perl-5.8.8-29.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
it seems that segfaults can be produced in RHEL-3, RHEL-4, and RHEL-5 with test
case attachment in #2.
Is this issue being addressed for RHEL?
This issue was addressed in:
Red Hat Application Stack:
Red Hat Enterprise Linux:
This issue has been addressed in following products:
Red Hat Certificate System 7.3
Via RHSA-2010:0602 https://rhn.redhat.com/errata/RHSA-2010-0602.html