Summary: | <dev-lang/perl-5.10: simple test program with regex segfaults (CVE-2010-1158) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Bruce Merry <bmerry> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | sven.vermeulen, thoger |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Bruce Merry
2010-04-06 19:36:25 UTC
CVE-2010-1158 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1158): Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string. https://bugzilla.redhat.com/show_bug.cgi?id=580605 Red Hat has at least a little more info thanks to Thomas 5.12.2 is stabilised now, and does not suffer this issue, at least as far as I can tell. Is this good enough quality assurance to mark this bug as resolved? ( and perhaps make sure there is a GLSA to encourage people to upgrade to it ) dev-lang/perl-5.8.8 is package masked. GLSA request filed. This issue was resolved and addressed in GLSA 201311-17 at http://security.gentoo.org/glsa/glsa-201311-17.xml by GLSA coordinator Sergey Popov (pinkbyte). |