Summary: | net-www/apache: vulnerability in included libpcre (CAN-2005-2491) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | apache-bugs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa] jaervosz | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 104807 | ||
Bug Blocks: |
Description
Sune Kloppenborg Jeppesen (RETIRED)
2005-08-23 22:12:57 UTC
They are vulnerable only if they use untrusted inputs as PCRE. nmap and postfix ebuilds have a libpcre depend. A bug was opened for PHP (Mandriva released an advisory). That leaves us with the following to analyze : exim Python gnumeric apache + do a more thorough check to find others ? Bug 103894 opened to track exim gnumeric and Python bugs opened after Mandriva disclosure. Keeping this bug to track Apache. The idea would be to link to the system libpcre rather than using the included-in-Apache-sources one. Fixed in Apache httpd 2.0.55-dev : low: PCRE overflow CAN-2005-2491 An integer overflow flaw was found in PCRE, a Perl-compatible regular expression library included within httpd. A local user who has the ability to create .htaccess files could create a maliciously crafted regular expression in such as way that they could gain the privileges of a httpd child. Patch at : http://svn.apache.org/viewcvs?rev=233493&view=rev I don't believe that patch will apply cleanly, since it is against PCRE 5.0, not 3.9 that httpd-2.0 comes with. Ah. I apparently got lost in the branches. This one should apply better to 2.0: http://people.apache.org/~jorton/CAN-2005-2491.patch If someone else from the apache herd doesn't step up to fix this, I'll take care of it this weekend. New ebuilds in CVS. Apache 2 old-style should upgrade to: =net-www/apache-2.0.54-r15 Apache 2 new-style should upgrade to: =net-www/apache-2.0.54-r30 Handling stable marking on bug #104807 GLSA 200509-12 |