perl regex vulnerability - debian - pcre only?
paddy@panici.net
paddy at panici.net
Tue Nov 6 17:10:46 GMT 2007
On Tue, Nov 06, 2007 at 12:59:29PM +0000, Mike Astle wrote:
> That don't look so good:
>
> ----
>
> "[...] discovered a flaw in Perl's regular
> expression engine. Specially crafted input to a regular expression can
> cause Perl to improperly allocate memory, resulting in the possible
> execution of arbitrary code with the permissions of the user running
> Perl."
>
> https://rhn.redhat.com/errata/RHSA-2007-0966.html
>
> Also...
>
> http://www.debian.org/security/2007/dsa-1399
>
> ----
>
> I only see new pcre3 packages for debian. Is this a problem with just
> pcre or perl itself?
>
> -mike
http://security-tracker.debian.net/tracker/CVE-2007-5116
is uninformative, but that is cve id that redhat and others are
referring to.
(Apologies for the cross-post. please set follow-ups correctly
according to proportions of debian, security, perl, beer, buffy
and a pony. Thank you.)
Regards,
Paddy
More information about the london.pm
mailing list