Bug 20546 - pcre2 new security issues CVE-2017-7186 and CVE-2017-8786
Summary: pcre2 new security issues CVE-2017-7186 and CVE-2017-8786
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Olav Vitters
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-03-21 00:49 CET by David Walser
Modified: 2017-05-07 18:04 CEST (History)
2 users (show)

See Also:
Source RPM: pcre2-10.23-1.mga6.src.rpm
CVE: CVE-2017-7186
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2017-03-21 00:49:57 CET 
A security issue fixed upstream in pcre2 has been announced:
http://openwall.com/lists/oss-security/2017/03/20/4

The commits that fixed the issue are linked in the message above and the fix will be included in 10.24.
Comment 1 Marja Van Waes 2017-03-21 07:46:14 CET 
Assigning to the registered maintainer.

CC: (none) => marja11
Assignee: bugsquad => olav

Comment 2 David Walser 2017-04-23 00:25:24 CEST 
Fedora has issued an advisory for CVE-2017-7186 on April 21:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TQ6PIE4TXTZQP7KMWCXA4KI6BZQOGEPM/
Nicolas Lécureuil 2017-04-25 16:40:51 CEST

CVE: (none) => CVE-2017-7186
CC: (none) => mageia

Comment 3 Nicolas Lécureuil 2017-04-25 16:44:22 CEST 
Fixed in cauldron

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 4 David Walser 2017-05-07 18:04:04 CEST 
pcre2-10.23-Previous-patch-was-not-quite-complete.patch added in this update fixed CVE-2017-8786:
http://openwall.com/lists/oss-security/2017/05/07/1

Summary: pcre2 new security issue CVE-2017-7186 => pcre2 new security issues CVE-2017-7186 and CVE-2017-8786
Note You need to log in before you can comment on or make changes to this bug.