perl regex vulnerability - debian - pcre only?

Mike Astle astle at lokku.com
Tue Nov 6 12:59:29 GMT 2007


That don't look so good:

----

"[...] discovered a flaw in Perl's regular
expression engine. Specially crafted input to a regular expression can
cause Perl to improperly allocate memory, resulting in the possible
execution of arbitrary code with the permissions of the user running
Perl."

https://rhn.redhat.com/errata/RHSA-2007-0966.html

Also...

http://www.debian.org/security/2007/dsa-1399

----

I only see new pcre3 packages for debian.  Is this a problem with just 
pcre or perl itself?

-mike


More information about the london.pm mailing list