[CVE-2008-1927] Perl 5.8.8 vulnerability via UTF-8 regular expression
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Debian |
Fix Released
|
Unknown
|
|||
perl (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Dapper |
Fix Released
|
Low
|
Unassigned | ||
Feisty |
Fix Released
|
Low
|
Unassigned | ||
Gutsy |
Fix Released
|
Low
|
Unassigned | ||
Hardy |
Fix Released
|
Low
|
Unassigned |
Bug Description
Binary package hint: perl
From the National Vulnerability Database, CVE-2008-1927:
"Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems."
From the Debian security advisory DSA-1556-1:
"It has been discovered that the Perl interpreter may encounter a buffer
overflow condition when compiling certain regular expressions containing
Unicode characters. This also happens if the offending characters are
contained in a variable reference protected by the \Q...\E quoting
construct. When encountering this condition, the Perl interpreter
typically crashes, but arbitrary code execution cannot be ruled out."
References:
http://
http://
http://
CVE References
Changed in perl: | |
status: | New → Confirmed |
status: | New → Confirmed |
status: | New → Confirmed |
status: | New → Confirmed |
Hi
Does anybody know if this is also biting dapper 6.06 LTS? It has perl 5.8.7, though.
thx /markus