Bug 1683683 (CVE-2009-5155) - CVE-2009-5155 glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result
Summary: CVE-2009-5155 glibc: parse_reg_exp in posix/regcomp.c misparses alternatives ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2009-5155
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1683684 1685392
Blocks: 1683695
TreeView+ depends on / blocked
 
Reported: 2019-02-27 14:54 UTC by msiddiqu
Modified: 2021-10-27 03:26 UTC (History)
12 users (show)

Fixed In Version: glibc 2.28
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-27 03:26:33 UTC


Attachments (Terms of Use)
Backport of upstream commits fixing CVE-2009-5155 (218.05 KB, patch)
2019-03-15 14:13 UTC, Maxim Cournoyer
no flags Details | Diff
Backport of upstream commits fixing CVE-2009-5155 (patch 1/2) (11.65 KB, patch)
2019-03-15 14:21 UTC, Maxim Cournoyer
no flags Details | Diff

Description msiddiqu 2019-02-27 14:54:00 UTC
In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.

Upstream commit:
http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672

References:
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238
https://sourceware.org/bugzilla/show_bug.cgi?id=11053
https://sourceware.org/bugzilla/show_bug.cgi?id=18986
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793

Comment 1 msiddiqu 2019-02-27 14:54:26 UTC
Created glibc tracking bugs for this issue:

Affects: fedora-28 [bug 1683684]

Comment 3 Huzaifa S. Sidhpurwala 2019-03-05 05:52:10 UTC
This issue was fixed in glibc-2.28

Comment 6 Maxim Cournoyer 2019-03-15 14:13:31 UTC
Created attachment 1544481 [details]
Backport of upstream commits fixing CVE-2009-5155

I believe I've successfully backported the two commits which makes it possible to fix this CVE for the glibc 2.17 of RHEL7.

Theses patches are rebased on top of the existing RHEL7 patches.

I'm uploading these here in case they'd be useful.

Maxim

Comment 7 Maxim Cournoyer 2019-03-15 14:21:24 UTC
Created attachment 1544482 [details]
Backport of upstream commits fixing CVE-2009-5155 (patch 1/2)

Comment 8 Jonathan Kamens 2020-05-07 20:59:42 UTC
Is there some reason why it has been nearly a year since there has been any progress toward releasing the fix for this issue for RHEL 7?


Note You need to log in before you can comment on or make changes to this bug.