← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

PublicDateAtUSN: 2015-12-01
Candidate: CVE-2015-8381
PublicDate: 2015-12-01
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8381
 http://www.openwall.com/lists/oss-security/2015/08/24/1
 http://www.openwall.com/lists/oss-security/2015/08/05/3
 http://www.openwall.com/lists/oss-security/2015/11/29/1
 http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup
 http://www.ubuntu.com/usn/usn-2943-1
Description:
 The compile_regex function in pcre_compile.c in PCRE before 8.38 and
 pcre2_compile.c in PCRE2 before 10.2x mishandles the
 /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and
 /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/
 patterns, and related patterns with certain group references, which allows
 remote attackers to cause a denial of service (heap-based buffer overflow)
 or possibly have unspecified other impact via a crafted regular expression,
 as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Ubuntu-Description:
Notes:
 tyhicks> Marking 'low' since it requires PCRE to operate on untrusted regular
  expressions which is not very likely
 mdeslaur> introduced in 8.34
 mdeslaur>
 mdeslaur> 0001-Hack-in-yet-other-patch-for-a-bug-in-size-computatio.patch
 mdeslaur> in jessie
Bugs:
 https://launchpad.net/bugs/1549609
 https://bugs.exim.org/show_bug.cgi?id=1667
 https://bugs.exim.org/show_bug.cgi?id=1672
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795539
 https://bugzilla.redhat.com/show_bug.cgi?id=1250943
Priority: low
Discovered-by: Wen Guanxing
Assigned-to:

Patches_pcre3:
 upstream: http://vcs.pcre.org/pcre?view=revision&revision=1594
upstream_pcre3: released (8.38)
precise_pcre3: not-affected
precise/esm_pcre3: not-affected
trusty_pcre3: not-affected (reproducer doesn't work)
vivid_pcre3: ignored (reached end-of-life)
vivid/stable-phone-overlay_pcre3: pending (2:8.35-3.3ubuntu1.3)
vivid/ubuntu-core_pcre3: released (2:8.35-3.3ubuntu1.2)
wily_pcre3: released (2:8.35-7.1ubuntu1.3)
xenial_pcre3: not-affected (2:8.38-3)
yakkety_pcre3: not-affected (2:8.38-3)
zesty_pcre3: not-affected (2:8.38-3)
devel_pcre3: not-affected (2:8.38-3)

Patches_pcre2:
upstream_pcre2: released (10.20-3)
precise_pcre2: DNE
precise/esm_pcre2: DNE
trusty_pcre2: DNE
vivid_pcre2: DNE
vivid/stable-phone-overlay_pcre2: DNE
vivid/ubuntu-core_pcre2: DNE
wily_pcre2: DNE
xenial_pcre2: not-affected (10.20-3)
yakkety_pcre2: not-affected (10.20-3)
zesty_pcre2: not-affected (10.20-3)
devel_pcre2: not-affected (10.20-3)