Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/metadata/glsa/glsa-200711-30.xml
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/glsa/glsa-200711-30.xml')
-rw-r--r--metadata/glsa/glsa-200711-30.xml99
1 files changed, 99 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-200711-30.xml b/metadata/glsa/glsa-200711-30.xml
new file mode 100644
index 000000000000..5a39d34d1a88
--- /dev/null
+++ b/metadata/glsa/glsa-200711-30.xml
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="200711-30">
+ <title>PCRE: Multiple vulnerabilities</title>
+ <synopsis>
+ PCRE is vulnerable to multiple buffer overflow and memory corruption
+ vulnerabilities, possibly leading to the execution of arbitrary code.
+ </synopsis>
+ <product type="ebuild">libpcre</product>
+ <announced>2007-11-20</announced>
+ <revised>2007-11-20: 01</revised>
+ <bug>198198</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-libs/libpcre" auto="yes" arch="*">
+ <unaffected range="ge">7.3-r1</unaffected>
+ <vulnerable range="lt">7.3-r1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ PCRE is a library providing functions for Perl-compatible regular
+ expressions.
+ </p>
+ </background>
+ <description>
+ <p>
+ Tavis Ormandy (Google Security) discovered multiple vulnerabilities in
+ PCRE. He reported an error when processing "\Q\E" sequences with
+ unmatched "\E" codes that can lead to the compiled bytecode being
+ corrupted (CVE-2007-1659). PCRE does not properly calculate sizes for
+ unspecified "multiple forms of character class", which triggers a
+ buffer overflow (CVE-2007-1660). Further improper calculations of
+ memory boundaries were reported when matching certain input bytes
+ against regex patterns in non UTF-8 mode (CVE-2007-1661) and when
+ searching for unmatched brackets or parentheses (CVE-2007-1662).
+ Multiple integer overflows when processing escape sequences may lead to
+ invalid memory read operations or potentially cause heap-based buffer
+ overflows (CVE-2007-4766). PCRE does not properly handle "\P" and
+ "\P{x}" sequences which can lead to heap-based buffer overflows or
+ trigger the execution of infinite loops (CVE-2007-4767), PCRE is also
+ prone to an error when optimizing character classes containing a
+ singleton UTF-8 sequence which might lead to a heap-based buffer
+ overflow (CVE-2007-4768).
+ </p>
+ <p>
+ Chris Evans also reported multiple integer overflow vulnerabilities in
+ PCRE when processing a large number of named subpatterns ("name_count")
+ or long subpattern names ("max_name_size") (CVE-2006-7227), and via
+ large "min", "max", or "duplength" values (CVE-2006-7228) both possibly
+ leading to buffer overflows. Another vulnerability was reported when
+ compiling patterns where the "-x" or "-i" UTF-8 options change within
+ the pattern, which might lead to improper memory calculations
+ (CVE-2006-7230).
+ </p>
+ </description>
+ <impact type="normal">
+ <p>
+ An attacker could exploit these vulnerabilities by sending specially
+ crafted regular expressions to applications making use of the PCRE
+ library, which could possibly lead to the execution of arbitrary code,
+ a Denial of Service or the disclosure of sensitive information.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no known workaround at this time.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ All PCRE users should upgrade to the latest version:
+ </p>
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=dev-libs/libpcre-7.3-r1"</code>
+ </resolution>
+ <references>
+ <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7227">CVE-2006-7227</uri>
+ <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228">CVE-2006-7228</uri>
+ <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7230">CVE-2006-7230</uri>
+ <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1659">CVE-2007-1659</uri>
+ <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1660">CVE-2007-1660</uri>
+ <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1661">CVE-2007-1661</uri>
+ <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1662">CVE-2007-1662</uri>
+ <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4766">CVE-2007-4766</uri>
+ <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4767">CVE-2007-4767</uri>
+ <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4768">CVE-2007-4768</uri>
+ </references>
+ <metadata tag="requester" timestamp="2007-11-09T10:23:13Z">
+ rbu
+ </metadata>
+ <metadata tag="submitter" timestamp="2007-11-20T00:43:59Z">
+ rbu
+ </metadata>
+ <metadata tag="bugReady" timestamp="2007-11-20T00:44:04Z">
+ rbu
+ </metadata>
+</glsa>