Summary: | <dev-libs/libpcre-8.41: invalid memory read in match (pcre_exec.c) (CVE-2017-7186) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/ | ||
Whiteboard: | A3 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 614052 | ||
Bug Blocks: | 620660 |
Description
Agostino Sarubbo
2017-03-27 09:46:21 UTC
CVE ID: CVE-2017-7186 Summary: libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. Published: 2017-03-20T00:59:00.000Z Same fix like bug 614054. See https://bugs.exim.org/show_bug.cgi?id=2052 and https://bugs.exim.org/show_bug.cgi?id=2054 Oh dear, we will need to create a tracker bug for the PCRE vulns. pcre2 bug is bug 614050. Freeing CVE alias for tracking bug. Fixed in >=dev-libs/libpcre-8.41, stabilization will happen in bug 614052. This issue was resolved and addressed in GLSA 201710-25 at https://security.gentoo.org/glsa/201710-25 by GLSA coordinator Aaron Bauman (b-man). |