Bug 198198

Summary:	dev-libs/libpcre < 7.3-r1 Multiple memory corruptions (CVE-2006-{7224,7227,7228,7230},CVE-2007-{1659,1660,1661,1662,4766,4767,4768})
Product:	Gentoo Security	Reporter:	Robert Buchholz (RETIRED) <rbu>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	major	CC:	anant, carlo
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://secunia.com/advisories/27543/
Whiteboard:	A2 [glsa]
Package list:		Runtime testing required:	---
Bug Depends on:	195416
Bug Blocks:

Description Robert Buchholz (RETIRED) gentoo-dev

2007-11-05 19:55:03 UTC

Copied from RedHat's BZ:

CVE-2007-1659:
unmatched \Q\E sequences with orphan \E codes can cause the compiled
regex to become desynchronized, resulting in corrupt bytecode that may
result in multiple exploitable conditions. This was inadvertently
fixed by the pcre maintainer in version 7.0, however another case of a
lone \E inside a character class remained, this has been fixed in 7.3

CVE-2007-1660:
multiple forms of character class had their sizes miscalculated on
initial passes, resulting in too little memory being allocated, this
was also inadvertently fixed in version 7.0, where the compile phase
was entirely re-engineered (and much improved, from a security
standpoint).

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-1659
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-1660

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2007-11-05 20:10:40 UTC

According to the comments, 7.3 is unaffected. Stabling takes place in bug #195416 since 2007-10-10. The only missing keywords right now are "arm m68k mips s390 sh".

What's left to do is a GLSA and an audit of other packages that ship code copies, I'm after that.

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2007-11-06 17:18:23 UTC

More issues.

Comment 3 Robert Buchholz (RETIRED) gentoo-dev

2007-11-09 10:23:27 UTC

CVE names are public, GLSA request filed.

Comment 4 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-11-20 21:56:32 UTC

GLSA 200711-30