[Bug 1287614] CVE-2015-8383 pcre: Buffer overflow caused by repeated
conditional group (8.38/3)
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1287614
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|medium |high
Whiteboard|impact=moderate,public=2015 |impact=important,public=201
|1123,reported=20151128,sour |51123,reported=20151128,sou
|ce=oss-security,cvss2=5.8/A |rce=oss-security,cvss2=6.8/
|V:N/AC:M/Au:N/C:N/I:P/A:P,c |AV:N/AC:M/Au:N/C:P/I:P/A:P,
|we=CWE-120,rhel-5/pcre=nota |cwe=CWE-120,rhel-5/pcre=not
|ffected,rhel-6/pcre=notaffe |affected,rhel-6/pcre=notaff
|cted,rhel-7/pcre=notaffecte |ected,rhel-7/pcre=notaffect
|d,fedora-all/pcre=affected, |ed,fedora-all/pcre=affected
|fedora-all/mingw-pcre=affec |,fedora-all/mingw-pcre=affe
|ted,epel-7/mingw-pcre=affec |cted,epel-7/mingw-pcre=affe
|ted,rhel-6/glib2=notaffecte |cted,rhel-6/glib2=notaffect
|d,rhel-7/glib2=notaffected, |ed,rhel-7/glib2=notaffected
|fedora-all/glib2=notaffecte |,fedora-all/glib2=notaffect
|d,fedora-all/mingw-glib2=no |ed,fedora-all/mingw-glib2=n
|taffected,epel-7/mingw-glib |otaffected,epel-7/mingw-gli
|2=notaffected,rhel-7/virtuo |b2=notaffected,rhel-7/virtu
|so-opensource=notaffected,r |oso-opensource=notaffected,
|hscl-2/php54-php=notaffecte |rhscl-2/php54-php=notaffect
|d,rhscl-2/php55-php=notaffe |ed,rhscl-2/php55-php=notaff
|cted,rhscl-2/rh-php56-php=a |ected,rhscl-2/rh-php56-php=
|ffected,rhscl-2/rh-mariadb1 |affected,rhscl-2/rh-mariadb
|00-mariadb=affected,rhscl-2 |100-mariadb=affected,rhscl-
|/rh-mariadb101-mariadb=nota |2/rh-mariadb101-mariadb=not
|ffected,jbews-1/httpd=notaf |affected,jbews-1/httpd=nota
|fected,jbews-2/httpd=notaff |ffected,jbews-2/httpd=notaf
|ected,jbews-3/pcre=notaffec |fected,jbews-3/pcre=notaffe
|ted,directory_server_8/pcre |cted,directory_server_8/pcr
|=notaffected |e=notaffected
Severity|medium |high
--
You are receiving this mail because:
You are on the CC list for the bug.
7 years, 11 months
[Bug 1285399] CVE-2015-2328 pcre: infinite recursion compiling
pattern with recursive reference in a group with indefinite repeat (8.36/20)
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1285399
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|low |medium
Status|CLOSED |NEW
Resolution|WONTFIX |---
Whiteboard|impact=low,public=20140807, |impact=moderate,public=2014
|reported=20151125,source=os |0807,reported=20151125,sour
|s-security,cvss2=4.3/AV:N/A |ce=oss-security,cvss2=4.3/A
|C:M/Au:N/C:N/I:N/A:P,cwe=CW |V:N/AC:M/Au:N/C:N/I:N/A:P,c
|E-674,rhel-5/pcre=notaffect |we=CWE-674,rhel-5/pcre=nota
|ed,rhel-6/pcre=notaffected, |ffected,rhel-6/pcre=notaffe
|rhel-7/pcre=wontfix,fedora- |cted,rhel-7/pcre=affected,f
|all/pcre=notaffected,fedora |edora-all/pcre=notaffected,
|-all/mingw-pcre=notaffected |fedora-all/mingw-pcre=notaf
|,epel-7/mingw-pcre=affected |fected,epel-7/mingw-pcre=af
|,rhel-6/glib2=notaffected,r |fected,rhel-6/glib2=notaffe
|hel-7/glib2=wontfix,fedora- |cted,rhel-7/glib2=wontfix,f
|all/glib2=affected,fedora-a |edora-all/glib2=affected,fe
|ll/mingw-glib2=affected,epe |dora-all/mingw-glib2=affect
|l-7/mingw-glib2=affected,rh |ed,epel-7/mingw-glib2=affec
|el-7/virtuoso-opensource=no |ted,rhel-7/virtuoso-opensou
|taffected,rhscl-2/php54-php |rce=notaffected,rhscl-2/php
|=wontfix,rhscl-2/php55-php= |54-php=wontfix,rhscl-2/php5
|wontfix,rhscl-2/rh-php56-ph |5-php=wontfix,rhscl-2/rh-ph
|p=wontfix,rhscl-2/rh-mariad |p56-php=wontfix,rhscl-2/rh-
|b100-mariadb=notaffected,rh |mariadb100-mariadb=notaffec
|scl-2/rh-mariadb101-mariadb |ted,rhscl-2/rh-mariadb101-m
|=notaffected,jbews-1/httpd= |ariadb=notaffected,jbews-1/
|notaffected,jbews-2/httpd=n |httpd=notaffected,jbews-2/h
|otaffected,jbews-3/pcre=won |ttpd=notaffected,jbews-3/pc
|tfix,directory_server_8/pcr |re=wontfix,directory_server
|e=notaffected |_8/pcre=notaffected
Severity|low |medium
Keywords| |Reopened
--
You are receiving this mail because:
You are on the CC list for the bug.
7 years, 11 months
[Bug 1301928] New: libxml2: out-of-bounds read in
htmlParseNameComplex()
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1301928
Bug ID: 1301928
Summary: libxml2: out-of-bounds read in htmlParseNameComplex()
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: mprpic(a)redhat.com
CC: athmanem(a)gmail.com, c.david86(a)gmail.com,
erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
ohudlick(a)redhat.com, rjones(a)redhat.com,
veillard(a)redhat.com
An out-of-bounds read flaw was reported in libxml2's htmlParseNameComplex()
function:
http://seclists.org/oss-sec/2016/q1/199
A remote attacker could provide a specially crafted XML file that, when
processed by an application linked against libxml2, could cause the application
to disclose crash.
--
You are receiving this mail because:
You are on the CC list for the bug.
7 years, 12 months
[Bug 1287614] CVE-2015-8383 pcre: Buffer overflow caused by repeated
conditional group (8.38/3)
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1287614
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2015 |impact=moderate,public=2015
|1123,reported=20151128,sour |1123,reported=20151128,sour
|ce=oss-security,cvss2=5.8/A |ce=oss-security,cvss2=5.8/A
|V:N/AC:M/Au:N/C:N/I:P/A:P,c |V:N/AC:M/Au:N/C:N/I:P/A:P,c
|we=CWE-120,rhel-5/pcre=nota |we=CWE-120,rhel-5/pcre=nota
|ffected,rhel-6/pcre=notaffe |ffected,rhel-6/pcre=notaffe
|cted,rhel-7/pcre=notaffecte |cted,rhel-7/pcre=notaffecte
|d,fedora-all/pcre=affected, |d,fedora-all/pcre=affected,
|fedora-all/mingw-pcre=affec |fedora-all/mingw-pcre=affec
|ted,epel-7/mingw-pcre=affec |ted,epel-7/mingw-pcre=affec
|ted,rhel-6/glib2=notaffecte |ted,rhel-6/glib2=notaffecte
|d,rhel-7/glib2=notaffected, |d,rhel-7/glib2=notaffected,
|fedora-all/glib2=notaffecte |fedora-all/glib2=notaffecte
|d,fedora-all/mingw-glib2=no |d,fedora-all/mingw-glib2=no
|taffected,epel-7/mingw-glib |taffected,epel-7/mingw-glib
|2=notaffected,rhel-7/virtuo |2=notaffected,rhel-7/virtuo
|so-opensource=notaffected,r |so-opensource=notaffected,r
|hscl-2/php54-php=notaffecte |hscl-2/php54-php=notaffecte
|d,rhscl-2/php55-php=notaffe |d,rhscl-2/php55-php=notaffe
|cted,rhscl-2/rh-php56-php=n |cted,rhscl-2/rh-php56-php=a
|ew,rhscl-2/rh-mariadb100-ma |ffected,rhscl-2/rh-mariadb1
|riadb=new,rhscl-2/rh-mariad |00-mariadb=affected,rhscl-2
|b101-mariadb=notaffected,jb |/rh-mariadb101-mariadb=nota
|ews-1/httpd=notaffected,jbe |ffected,jbews-1/httpd=notaf
|ws-2/httpd=notaffected,jbew |fected,jbews-2/httpd=notaff
|s-3/pcre=notaffected,direct |ected,jbews-3/pcre=notaffec
|ory_server_8/pcre=notaffect |ted,directory_server_8/pcre
|ed |=notaffected
--
You are receiving this mail because:
You are on the CC list for the bug.
8 years