Ubuntu
pcre3 package

[CVE-2008-2371] Heap overflow in PCRE leading to arbitrary code execution

Bug #245934 reported by Till Ulen on 2008-07-06

254

Affects		Status	Importance	Assigned to	Milestone
	pcre3 (Debian)	Fix Released	Unknown	debbugs #488919
	pcre3 (Ubuntu)	Fix Released	Low	Kees Cook

Bug Description

CVE-2008-2371 description from Debian security advisory DSA-1602-1:

"Tavis Ormandy discovered that PCRE, the Perl-Compatible Regular
Expression library, may encounter a heap overflow condition when
compiling certain regular expressions involving in-pattern options and
branches, potentially leading to arbitrary code execution."

http://www.debian.org/security/2008/dsa-1602

CVE References

2008-2371

Bug Watch Updater (bug-watch-updater) on 2008-07-06

Changed in pcre3:
status:	Unknown → Fix Released

Vladimir Osintsev (osintsev) on 2008-07-06

Changed in pcre3:
status:	New → Confirmed

Revision history for this message

Kees Cook (kees) wrote on 2008-07-15:

Thanks for the report. This update has been released now: http://www.ubuntu.com/usn/usn-624-1

Changed in pcre3:
assignee:	nobody → kees
importance:	Undecided → Low
status:	Confirmed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #488919
[done grave patch] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntupcre3 package