Bug 198196 - dev-lang/perl < 5.8.8-r4 UTF/Regular expressions boundary error (CVE-2007-5116)
Bug#: 198196 (CVE-2007-5116) Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: major Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: rbu@gentoo.org
Component: Vulnerabilities
URL:  https://bugzilla.redhat.com/show_bug.cgi?id=323571
Summary: dev-lang/perl < 5.8.8-r4 UTF/Regular expressions boundary error (CVE-2007-5116)
Keywords:  
Status Whiteboard: A2 [glsa]
Opened: 2007-11-05 19:40 0000
Description:   Opened: 2007-11-05 19:40 0000 
RedHat:
  A flaw was found in Perl's regular expression engine. Specially crafted
  input to a regular expression can cause Perl to improperly allocate memory,
  possibly resulting in arbitrary code running with the permissions of the
  user running Perl. (CVE-2007-5116)
  https://rhn.redhat.com/errata/RHSA-2007-0966.html

------- Comment #1 From Robert Buchholz 2007-11-05 19:41:42 0000 ------- 
Perl, please advise. A patch can be found at URL, I don't know the upstream
status of it.

------- Comment #2 From Robert Buchholz 2007-11-07 13:53:31 0000 ------- 
Perl, please advise.

------- Comment #3 From Antoine Raillon (RETIRED) 2007-11-07 23:12:45 0000 ------- 
We are aware of it, however there's no status upstream yet. I'll handle it
anyway =)

------- Comment #4 From Robert Buchholz 2007-11-12 02:44:42 0000 ------- 
What's the status here?

------- Comment #5 From Antoine Raillon (RETIRED) 2007-11-12 17:20:47 0000 ------- 
- still nothing upstream
- I have an ebuild ready to be released but I'm waiting for some feedback from
the security team :)

------- Comment #6 From Antoine Raillon (RETIRED) 2007-11-12 19:27:28 0000 ------- 
patch commited in perl-5.8.8-r3

------- Comment #7 From Pierre-Yves Rofes 2007-11-12 19:41:49 0000 ------- 
Thanks Antoine.
Arches, please test and mark stable perl-5.8.8-r3.
Target keywords: "alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc
~sparc-fbsd x86 ~x86-fbsd"

------- Comment #8 From Ferris McCormick 2007-11-12 20:44:24 0000 ------- 
Stable for sparc.  All tests run cleanly, autotools work, ....

------- Comment #9 From Jeroen Roovers 2007-11-13 06:50:24 0000 ------- 
Stable for HPPA.

------- Comment #10 From Dawid Węgliński 2007-11-13 09:26:41 0000 ------- 
Tested on amd64, please mark stable

Portage 2.1.3.19 (default-linux/amd64/2007.0, gcc-4.1.2, glibc-2.6.1-r0,
2.6.19-rc1-git3 x86_64)
=================================================================
System uname: 2.6.19-rc1-git3 x86_64 AMD Opteron(tm) Processor 842
Timestamp of tree: Tue, 13 Nov 2007 00:02:01 +0000
app-shells/bash:     3.2_p17
dev-lang/python:     2.4.4-r6
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.9-r2
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.61-r1
sys-devel/automake:  1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.22-r2
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=opteron -O2 -fomit-frame-pointer -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/php/apache2-php5/ext-active/
/etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/terminfo
/etc/udev/rules.d"
CXXFLAGS="-march=opteron -O2 -fomit-frame-pointer -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="collision-protect distlocks metadata-transfer multilib-strict sandbox
sfperms strict test unmerge-orphans userfetch"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/linux/distributions/gentoo"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages
--filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="acl amd64 berkdb bitmap-fonts cli cracklib crypt cups dri fortran gdbm gpm
iconv ipv6 isdnlog midi mmx mudflap ncurses nls nptl nptlonly openmp pam pcre
perl pppd python readline reflection session spl sse sse2 ssl tcpd test
truetype-fonts type1-fonts unicode vim-syntax xorg zlib zsh-completion"
ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x
ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3
trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw
asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa
lfloat linear meter mulaw multi null plug rate route share shm softvol"
ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux"
LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses
text" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint
i128 i810 mach64 mga neomagic nv r128 radeon rendition s3 s3virge savage
siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL,
LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS,
PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

------- Comment #11 From Markus Meier 2007-11-13 10:55:09 0000 ------- 
x86 stable

------- Comment #12 From Raúl Porcel 2007-11-13 13:46:00 0000 ------- 
alpha/ia64 stable

------- Comment #13 From Markus Rothe 2007-11-13 18:08:08 0000 ------- 
ppc64 stable

------- Comment #14 From Tobias Scherbaum 2007-11-13 19:53:56 0000 ------- 
ppc stable

------- Comment #15 From Chris Gianelloni (RETIRED) 2007-11-14 01:11:09 0000 ------- 
amd64 done...

------- Comment #16 From Robert Buchholz 2007-11-14 01:27:22 0000 ------- 
request filed.

------- Comment #17 From Jakub Moc (RETIRED) 2007-11-18 13:43:07 0000 ------- 
Back to ebuild, this patch broke the thing on any 64bit arch (Bug 199518)

  18 Nov 2007; <solar@gentoo.org> -files/perl-5.8.8-lib64.patch,
  +files/perl-5.8.8-libbits.patch, perl-5.8.8-r2.ebuild,
  perl-5.8.8-r3.ebuild:
  - fixed the lib64 patch that was breaking on amd64 32ul.

------- Comment #18 From Christian Hartmann 2007-11-19 09:57:31 0000 ------- 
Revbump to -r4 to clean up the mess in bug #199518 (see suggestion in comment
22).

------- Comment #19 From Robert Buchholz 2007-11-19 11:54:02 0000 ------- 
(In reply to comment #18)
> Revbump to -r4 to clean up the mess in bug #199518 (see suggestion in comment
> 22). 

Is that our target to be stabled?

------- Comment #20 From Christian Hartmann 2007-11-19 14:11:28 0000 ------- 
(In reply to comment #19)
> Is that our target to be stabled?

Yes. -r4 is what -r3 was before the mess introduced by the patch in the bug
mentioned above.

------- Comment #21 From Robert Buchholz 2007-11-19 14:23:25 0000 ------- 
Ah, it's already stable. Thanks.

------- Comment #22 From Pierre-Yves Rofes 2007-11-19 21:12:34 0000 ------- 
GLSA 200711-28, sorry for the delay.

------- Comment #23 From Peter Volkov 2008-03-06 09:46:26 0000 ------- 
Does not affect current (2008.0) release. Removing release.