Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 103337 - <=dev-libs/libpcre-6.1 - Heap Overflow May Let Users Execute Arbitrary Code
Summary: <=dev-libs/libpcre-6.1 - Heap Overflow May Let Users Execute Arbitrary Code
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B1 [glsa] DerCorny
Keywords:
Depends on:
Blocks:
 
Reported: 2005-08-22 06:51 UTC by Carsten Lohrke (RETIRED)
Modified: 2005-08-25 12:38 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Maybe a bit lame, but helps till the real ebuild comes (libpcre-6.3.ebuild,1.27 KB, application/octet-stream)
2005-08-22 09:55 UTC, Peter Schölzer
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Carsten Lohrke (RETIRED) gentoo-dev 2005-08-22 06:51:19 UTC
A remote or local user may be able to supply a specially crafted regular
expression to trigger a heap integer overflow in PCRE.

http://www.securitytracker.com/alerts/2005/Aug/1014744.html
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-08-22 06:59:48 UTC
"Applications that parse untrusted regular expressions may be vulnerable."
Not sure that's very common. Should of course be fixed nevertheless.
Comment 2 Andreas Waschbuesch 2005-08-22 08:41:04 UTC
PCRE 6.3 is available:

ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
Comment 3 Peter Schölzer 2005-08-22 09:55:08 UTC
Created attachment 66565 [details]
Maybe a bit lame, but helps till the real ebuild comes
Comment 4 Jeremy Huddleston (RETIRED) gentoo-dev 2005-08-22 13:39:31 UTC
6.3 is in portage.

What's the m68k alias?
Comment 5 Markus Rothe (RETIRED) gentoo-dev 2005-08-23 00:55:49 UTC
stable on ppc64
Comment 6 Aaron Walker (RETIRED) gentoo-dev 2005-08-23 10:14:26 UTC
stable on mips.
Comment 7 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-08-23 11:12:43 UTC
Stable on ppc, added vapier for m68k.
Comment 8 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-08-23 11:19:03 UTC
Also stable on hppa.
Comment 9 Fabian Groffen gentoo-dev 2005-08-23 11:22:03 UTC
stable on ppc-macos
Comment 10 Fernando J. Pereda (RETIRED) gentoo-dev 2005-08-23 12:42:26 UTC
We came, we tested, we alpha'd.

Cheers,
Ferdy
Comment 11 Stefan Cornelius (RETIRED) gentoo-dev 2005-08-23 12:48:25 UTC
Security covered arches stable, ready for GLSA.
Comment 12 Stefan Cornelius (RETIRED) gentoo-dev 2005-08-25 12:03:23 UTC
GLSA 200508-17
Thanks to everybody involved.
Comment 13 Carsten Lohrke (RETIRED) gentoo-dev 2005-08-25 12:30:41 UTC
Minor issue: The GLSA says <6.3 is affected, but from the annnouncement it's <6.2.
Comment 14 Sune Kloppenborg Jeppesen gentoo-dev 2005-08-25 12:38:42 UTC
I don't think we've ever had a 6.2 in Portage.