[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200711-30.xml - gentoo-commits

From:	"Pierre-Yves Rofes (py)" <py@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200711-30.xml
Date:	Tue, 20 Nov 2007 21:37:52
Message-Id:	`E1Iuamw-0007cG-CS@stork.gentoo.org`

1

py          07/11/20 21:37:46

2

3

  Added:                glsa-200711-30.xml

4

  Log:

5

  GLSA 200711-30

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/security/en/glsa/glsa-200711-30.xml

9

10

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200711-30.xml?rev=1.1&view=markup

11

plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200711-30.xml?rev=1.1&content-type=text/plain

12

13

Index: glsa-200711-30.xml

14

===================================================================

15

<?xml version="1.0" encoding="utf-8"?>

16

<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>

17

<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>

18

<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

19

20

<glsa id="200711-30">

21

  <title>PCRE: Multiple vulnerabilities</title>

22

  <synopsis>

23

    PCRE is vulnerable to multiple buffer overflow and memory corruption

24

    vulnerabilities, possibly leading to the execution of arbitrary code.

25

  </synopsis>

26

  <product type="ebuild">libpcre</product>

27

  <announced>November 20, 2007</announced>

28

  <revised>November 20, 2007: 01</revised>

29

  <bug>198198</bug>

30

  <access>remote</access>

31

  <affected>

32

    <package name="dev-libs/libpcre" auto="yes" arch="*">

33

      <unaffected range="ge">7.3-r1</unaffected>

34

      <vulnerable range="lt">7.3-r1</vulnerable>

35

    </package>

36

  </affected>

37

  <background>

38

<p>

39

    PCRE is a library providing functions for Perl-compatible regular

40

    expressions.

41

    </p>

42

  </background>

43

  <description>

44

<p>

45

    Tavis Ormandy (Google Security) discovered multiple vulnerabilities in

46

    PCRE. He reported an error when processing "\Q\E" sequences with

47

    unmatched "\E" codes that can lead to the compiled bytecode being

48

    corrupted (CVE-2007-1659). PCRE does not properly calculate sizes for

49

    unspecified "multiple forms of character class", which triggers a

50

    buffer overflow (CVE-2007-1660). Further improper calculations of

51

    memory boundaries were reported when matching certain input bytes

52

    against regex patterns in non UTF-8 mode (CVE-2007-1661) and when

53

    searching for unmatched brackets or parentheses (CVE-2007-1662).

54

    Multiple integer overflows when processing escape sequences may lead to

55

    invalid memory read operations or potentially cause heap-based buffer

56

    overflows (CVE-2007-4766). PCRE does not properly handle "\P" and

57

    "\P{x}" sequences which can lead to heap-based buffer overflows or

58

    trigger the execution of infinite loops (CVE-2007-4767), PCRE is also

59

    prone to an error when optimizing character classes containing a

60

    singleton UTF-8 sequence which might lead to a heap-based buffer

61

    overflow (CVE-2007-4768).

62

    </p>

63

<p>

64

    Chris Evans also reported multiple integer overflow vulnerabilities in

65

    PCRE when processing a large number of named subpatterns ("name_count")

66

    or long subpattern names ("max_name_size") (CVE-2006-7227), and via

67

    large "min", "max", or "duplength" values (CVE-2006-7228) both possibly

68

    leading to buffer overflows. Another vulnerability was reported when

69

    compiling patterns where the "-x" or "-i" UTF-8 options change within

70

    the pattern, which might lead to improper memory calculations

71

    (CVE-2006-7230).

72

    </p>

73

  </description>

74

  <impact type="normal">

75

<p>

76

    An attacker could exploit these vulnerabilities by sending specially

77

    crafted regular expressions to applications making use of the PCRE

78

    library, which could possibly lead to the execution of arbitrary code,

79

    a Denial of Service or the disclosure of sensitive information.

80

    </p>

81

  </impact>

82

  <workaround>

83

<p>

84

    There is no known workaround at this time.

85

    </p>

86

  </workaround>

87

  <resolution>

88

<p>

89

    All PCRE users should upgrade to the latest version:

90

    </p>

91

    <code>

92

    # emerge --sync

93

    # emerge --ask --oneshot --verbose &quot;&gt;=dev-libs/libpcre-7.3-r1&quot;</code>

94

  </resolution>

95

  <references>

96

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7227">CVE-2006-7227</uri>

97

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228">CVE-2006-7228</uri>

98

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7230">CVE-2006-7230</uri>

99

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1659">CVE-2007-1659</uri>

100

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1660">CVE-2007-1660</uri>

101

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1661">CVE-2007-1661</uri>

102

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1662">CVE-2007-1662</uri>

103

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4766">CVE-2007-4766</uri>

104

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4767">CVE-2007-4767</uri>

105

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4768">CVE-2007-4768</uri>

106

  </references>

107

  <metadata tag="requester" timestamp="Fri, 09 Nov 2007 10:23:13 +0000">

108

rbu

109

  </metadata>

110

  <metadata tag="submitter" timestamp="Tue, 20 Nov 2007 00:43:59 +0000">

111

rbu

112

  </metadata>

113

  <metadata tag="bugReady" timestamp="Tue, 20 Nov 2007 00:44:04 +0000">

114

rbu

115

  </metadata>

116

</glsa>

--

121

gentoo-commits@g.o mailing list

1	py 07/11/20 21:37:46
2
3	Added: glsa-200711-30.xml
4	Log:
5	GLSA 200711-30
6
7	Revision Changes Path
8	1.1 xml/htdocs/security/en/glsa/glsa-200711-30.xml
9
10	file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200711-30.xml?rev=1.1&view=markup
11	plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200711-30.xml?rev=1.1&content-type=text/plain
12
13	Index: glsa-200711-30.xml
14	===================================================================
15	<?xml version="1.0" encoding="utf-8"?>
16	<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17	<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18	<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19
20	<glsa id="200711-30">
21	<title>PCRE: Multiple vulnerabilities</title>
22	<synopsis>
23	PCRE is vulnerable to multiple buffer overflow and memory corruption
24	vulnerabilities, possibly leading to the execution of arbitrary code.
25	</synopsis>
26	<product type="ebuild">libpcre</product>
27	<announced>November 20, 2007</announced>
28	<revised>November 20, 2007: 01</revised>
29	<bug>198198</bug>
30	<access>remote</access>
31	<affected>
32	<package name="dev-libs/libpcre" auto="yes" arch="*">
33	<unaffected range="ge">7.3-r1</unaffected>
34	<vulnerable range="lt">7.3-r1</vulnerable>
35	</package>
36	</affected>
37	<background>
38	<p>
39	PCRE is a library providing functions for Perl-compatible regular
40	expressions.
41	</p>
42	</background>
43	<description>
44	<p>
45	Tavis Ormandy (Google Security) discovered multiple vulnerabilities in
46	PCRE. He reported an error when processing "\Q\E" sequences with
47	unmatched "\E" codes that can lead to the compiled bytecode being
48	corrupted (CVE-2007-1659). PCRE does not properly calculate sizes for
49	unspecified "multiple forms of character class", which triggers a
50	buffer overflow (CVE-2007-1660). Further improper calculations of
51	memory boundaries were reported when matching certain input bytes
52	against regex patterns in non UTF-8 mode (CVE-2007-1661) and when
53	searching for unmatched brackets or parentheses (CVE-2007-1662).
54	Multiple integer overflows when processing escape sequences may lead to
55	invalid memory read operations or potentially cause heap-based buffer
56	overflows (CVE-2007-4766). PCRE does not properly handle "\P" and
57	"\P{x}" sequences which can lead to heap-based buffer overflows or
58	trigger the execution of infinite loops (CVE-2007-4767), PCRE is also
59	prone to an error when optimizing character classes containing a
60	singleton UTF-8 sequence which might lead to a heap-based buffer
61	overflow (CVE-2007-4768).
62	</p>
63	<p>
64	Chris Evans also reported multiple integer overflow vulnerabilities in
65	PCRE when processing a large number of named subpatterns ("name_count")
66	or long subpattern names ("max_name_size") (CVE-2006-7227), and via
67	large "min", "max", or "duplength" values (CVE-2006-7228) both possibly
68	leading to buffer overflows. Another vulnerability was reported when
69	compiling patterns where the "-x" or "-i" UTF-8 options change within
70	the pattern, which might lead to improper memory calculations
71	(CVE-2006-7230).
72	</p>
73	</description>
74	<impact type="normal">
75	<p>
76	An attacker could exploit these vulnerabilities by sending specially
77	crafted regular expressions to applications making use of the PCRE
78	library, which could possibly lead to the execution of arbitrary code,
79	a Denial of Service or the disclosure of sensitive information.
80	</p>
81	</impact>
82	<workaround>
83	<p>
84	There is no known workaround at this time.
85	</p>
86	</workaround>
87	<resolution>
88	<p>
89	All PCRE users should upgrade to the latest version:
90	</p>
91	<code>
92	# emerge --sync
93	# emerge --ask --oneshot --verbose ">=dev-libs/libpcre-7.3-r1"</code>
94	</resolution>
95	<references>
96	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7227">CVE-2006-7227</uri>
97	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228">CVE-2006-7228</uri>
98	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7230">CVE-2006-7230</uri>
99	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1659">CVE-2007-1659</uri>
100	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1660">CVE-2007-1660</uri>
101	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1661">CVE-2007-1661</uri>
102	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1662">CVE-2007-1662</uri>
103	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4766">CVE-2007-4766</uri>
104	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4767">CVE-2007-4767</uri>
105	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4768">CVE-2007-4768</uri>
106	</references>
107	<metadata tag="requester" timestamp="Fri, 09 Nov 2007 10:23:13 +0000">
108	rbu
109	</metadata>
110	<metadata tag="submitter" timestamp="Tue, 20 Nov 2007 00:43:59 +0000">
111	rbu
112	</metadata>
113	<metadata tag="bugReady" timestamp="Tue, 20 Nov 2007 00:44:04 +0000">
114	rbu
115	</metadata>
116	</glsa>
117
118
119
120	--
121	gentoo-commits@g.o mailing list

Gentoo Archives: gentoo-commits