Hosting Provided By

Re: perl regex vulnerability - debian - pcre only?

From: <paddy(at)panici.net>
Date: Tue Nov 06 2007 - 12:10:46 EST

On Tue, Nov 06, 2007 at 12:59:29PM +0000, Mike Astle wrote:
> That don't look so good:
>
> ----
>
> "[...] discovered a flaw in Perl's regular
> expression engine. Specially crafted input to a regular expression can
> cause Perl to improperly allocate memory, resulting in the possible
> execution of arbitrary code with the permissions of the user running
> Perl."
>
> https://rhn.redhat.com/errata/RHSA-2007-0966.html
>
> Also...
>
> http://www.debian.org/security/2007/dsa-1399
>
> ----
>
> I only see new pcre3 packages for debian. Is this a problem with just
> pcre or perl itself?
>
> -mike

http://security-tracker.debian.net/tracker/CVE-2007-5116

is uninformative, but that is cve id that redhat and others are referring to.

(Apologies for the cross-post. please set follow-ups correctly according to proportions of debian, security, perl, beer, buffy and a pony. Thank you.)

Regards,
Paddy

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Tue Nov 6 12:11:26 2007

This message: [ Message body ]
Next message: Florian Weimer: "Re: perl regex vulnerability - debian - pcre only?"
Previous message: Marcin Owsiany: "Re: How to verify debian packages?"
Next in thread: Florian Weimer: "Re: perl regex vulnerability - debian - pcre only?"
Reply: Florian Weimer: "Re: perl regex vulnerability - debian - pcre only?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:54:16 EDT