392911 – (CVE-2007-4768) CVE-2007-4768: pcre before 7.3 incorrect unicode in char class optimization

Bug 392911 (CVE-2007-4768) - CVE-2007-4768: pcre before 7.3 incorrect unicode in char class optimization

Summary: CVE-2007-4768: pcre before 7.3 incorrect unicode in char class optimization

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	CVE-2007-4768
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	378411
Blocks:	307451
TreeView+	depends on / blocked

Reported:	2007-11-20 19:51 UTC by Ville Skyttä
Modified:	2019-09-29 12:22 UTC (History)
CC List:	1 user (show)
Fixed In Version:	7.3-3.fc7
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-03-06 16:36:53 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2007:1126	0	normal	SHIPPED_LIVE	Critical: flash-plugin security update	2007-12-18 23:52:53 UTC

Description Ville Skyttä 2007-11-20 19:51:58 UTC

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4768

"Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library
before 7.3 allows context-dependent attackers to execute arbitrary code via a
singleton Unicode sequence in a character class in a regex pattern, which is
incorrectly optimized."

F7 ships pcre 7.0.

Comment 1 Fedora Update System 2008-02-15 16:34:38 UTC

pcre-7.3-3.fc7 has been submitted as an update for Fedora 7

Comment 2 Fedora Update System 2008-02-19 03:20:19 UTC

pcre-7.3-3.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update pcre'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F7/FEDORA-2008-1842

Comment 3 Fedora Update System 2008-03-06 16:36:28 UTC

pcre-7.3-3.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.