Debian Bug report logs -
#783285
pcre3: CVE-2015-2326: heap buffer overflow in pcre_compile2()
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 25 Apr 2015 08:39:02 UTC
Severity: important
Tags: patch, security, upstream
Found in version pcre3/2:8.35-3.3
Fixed in versions pcre3/2:8.35-3.3+deb8u1, pcre3/2:8.35-7.2
Done: Salvatore Bonaccorso <carnil@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Matthew Vernon <matthew@debian.org>
:
Bug#783285
; Package src:pcre3
.
(Sat, 25 Apr 2015 08:39:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Matthew Vernon <matthew@debian.org>
.
(Sat, 25 Apr 2015 08:39:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: pcre3
Version: 2:8.35-3.3
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for pcre3.
CVE-2015-2326[0]:
heap buffer overflow in pcre_compile2()
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
It seems to be caused as side effect from some refactoring between
8.33 and 8.35, and an invalid can be reproduced. Upstream report [1]
has a detailed explanation.
| ==15750== Memcheck, a memory error detector
| ==15750== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
| ==15750== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
| ==15750== Command: .libs/pcretest
| ==15750==
| PCRE version 8.35 2014-04-04
|
| re> /((?+1)(\1))/
| ==15750== Invalid read of size 1
| ==15750== at 0x4E3863D: could_be_empty_branch (pcre_compile.c:2395)
| ==15750== by 0x4E388CA: could_be_empty_branch (pcre_compile.c:2468)
| ==15750== by 0x4E388CA: could_be_empty_branch (pcre_compile.c:2468)
| ==15750== by 0x4E4523C: pcre_compile2 (pcre_compile.c:9462)
| ==15750== by 0x4E439B3: pcre_compile (pcre_compile.c:8734)
| ==15750== by 0x10EC7B: main (pcretest.c:4023)
| ==15750== Address 0x58a39a2 is 32,914 bytes inside an unallocated block of size 4,093,648 in arena "client"
| ==15750==
| data> abc
| No match
| data>
| ==15750==
| ==15750== HEAP SUMMARY:
| ==15750== in use at exit: 0 bytes in 0 blocks
| ==15750== total heap usage: 9 allocs, 9 frees, 133,767 bytes allocated
| ==15750==
| ==15750== All heap blocks were freed -- no leaks are possible
| ==15750==
| ==15750== For counts of detected and suppressed errors, rerun with: -v
| ==15750== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-2326
[1] http://bugs.exim.org/show_bug.cgi?id=1592
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>
:
Bug#783285
; Package src:pcre3
.
(Thu, 10 Sep 2015 20:06:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>
.
(Thu, 10 Sep 2015 20:06:06 GMT) (full text, mbox, link).
Message #10 received at 783285@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi Matthew,
I worked on doing a NMU for pcre3 since it has accumulated some CVEs
which we as well would like see fixed in jessie via pu (and so needs
to be fixed first in unstable).
Current debdiff is attached, but note that I have explicitly not
(yet?) addressed as well
- CVE-2015-3217 / #787641
- #795539
- #796762
Do you plan to update to at least 8.37 fixing some of them, some other
are scheduled for 8.38 which is not yet released.
Regards,
Salvatore
[pcre3_8.35-7.2.debdiff (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]
Added tag(s) patch.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Thu, 10 Sep 2015 20:33:14 GMT) (full text, mbox, link).
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>
:
You have taken responsibility.
(Fri, 11 Sep 2015 18:39:11 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Fri, 11 Sep 2015 18:39:11 GMT) (full text, mbox, link).
Message #17 received at 783285-close@bugs.debian.org (full text, mbox, reply):
Source: pcre3
Source-Version: 2:8.35-7.2
We believe that the bug you reported is fixed in the latest version of
pcre3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 783285@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated pcre3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 11 Sep 2015 20:04:19 +0200
Source: pcre3
Binary: libpcre3 libpcre3-udeb libpcrecpp0v5 libpcre3-dev libpcre3-dbg pcregrep libpcre16-3 libpcre32-3
Architecture: source
Version: 2:8.35-7.2
Distribution: unstable
Urgency: low
Maintainer: Matthew Vernon <matthew@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 781795 783285 787433 794589
Description:
libpcre16-3 - Perl 5 Compatible Regular Expression Library - 16 bit runtime fil
libpcre3 - Perl 5 Compatible Regular Expression Library - runtime files
libpcre3-dbg - Perl 5 Compatible Regular Expression Library - debug symbols
libpcre3-dev - Perl 5 Compatible Regular Expression Library - development files
libpcre3-udeb - Perl 5 Compatible Regular Expression Library - runtime files (ude (udeb)
libpcre32-3 - Perl 5 Compatible Regular Expression Library - 32 bit runtime fil
libpcrecpp0v5 - Perl 5 Compatible Regular Expression Library - C++ runtime files
pcregrep - grep utility that uses perl 5 compatible regexes.
Changes:
pcre3 (2:8.35-7.2) unstable; urgency=low
.
* Non-maintainer upload (with maintainer's permission).
* Add Fix-compiler-crash-misbehaviour-for-zero-repeated-gr.patch.
Fixes "PCRE Library Stack Overflow Vulnerability" (Upstream bug 1503)
* Add Fix-compile-time-loop-for-recursive-reference-within.patch.
Fixes "PCRE Call Stack Overflow Vulnerability" (Upstream bug 1515)
* Add 794589-information-disclosure.patch.
Fixes "pcre_exec does not fill offsets for certain regexps" leading to
information disclosure. (Closes: #794589)
* Add Fix-bad-compile-for-groups-like-2-0-1999.patch.
CVE-2015-2325: heap buffer overflow in compile_branch(). (Closes: #781795)
* Add Fix-bad-compilation-for-patterns-like-1-1-with-forwa.patch.
CVE-2015-2326: heap buffer overflow in pcre_compile2(). (Closes: #783285)
* Add Fix-buffer-overflow-for-named-recursive-back-referen.patch.
CVE-2015-3210: heap buffer overflow in pcre_compile2() /
compile_regex(). (Closes: #787433)
Checksums-Sha1:
d1afd74a080757a16f01c344b6d6195c6619f7a2 2074 pcre3_8.35-7.2.dsc
dd16fc1fa3c85fa3f5a313470af51ccec487a8d9 29105 pcre3_8.35-7.2.debian.tar.gz
Checksums-Sha256:
cb15b92f85a894cade62cf59892d989ace89d9c7500edda7ec8866a9acaea2f3 2074 pcre3_8.35-7.2.dsc
087754802f54f133a10576186ed4195d7cb39dfba0f2f9c94e20c31f13e25e9c 29105 pcre3_8.35-7.2.debian.tar.gz
Files:
7ce1fc5823e8125d4d8f1707a633dd1d 2074 libs optional pcre3_8.35-7.2.dsc
8254b0c3a0e9399a7a093537674fd185 29105 libs optional pcre3_8.35-7.2.debian.tar.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJV8xmlAAoJEAVMuPMTQ89E1/YP/ix2ydDB9mMSm64KpcDWFAAe
vy8ojv2aEVM5h+S5eZv20Enx0oG9FORApm5J7R2FMjNNutAOc1zQxjoym8r6DkkD
vn2WK+OjOnEu7j78atM8QYoTG+kgC/thrT7Tn+hz+fjSHezvRXl4bGZ5x2oFvGmj
lgZTbc3dzY0WDXKZpy0WqsNshnyqcOqpZST81nT6XFwIyAqQryqHbM77j4VZ2vic
SsfETlOcxZCzYtzKh0pkVg7c9Xj0Tu+PWk5byUFynHdvPFnHqnADcy3Txnny46op
z427TSObS6cqhSAUkP1Mir7nGLS3eW1zSSiqPA/wDq9AjMvVPjKkgjrlRUCgNpQJ
haM8weHIIAlQblsv7zY67jBA0no/smVb4ig9d9PTWd0PDU26V28sHV2pS1AMvUOB
L0S+rhQw6EEX3C8sxcr3B0X6giPxiiqLFK8yqJbKyTsFKmCNNBh9maRBvW0BdWvX
Xn8B8kiD7kzVPLaxpt7xm85UtkeK9JWMCUEhrvN4ylAgt+CQAcfULNBeyZjC+S/v
xeJxYfITRB5WpwSVnzhf3Xx7XS4IBERLLXxWwqSyjDBun5XqPXyCzSPjAw1kvZ9X
G5QotasfCVPWgtkaGztKV5rYqJITNbnpSu87pVBdQ+EoL2L67F7qvI7bOydt9Xeu
pvl55R2tiFytxA0/axUf
=F5r0
-----END PGP SIGNATURE-----
Marked as fixed in versions pcre3/2:8.35-3.3+deb8u1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Mon, 28 Dec 2015 13:51:11 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Mon, 01 Feb 2016 07:41:22 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:31:51 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.