On 03/24/2016 09:38 AM, Yves-Alexis Perez wrote: > control: affects -1 suricata > On jeu., 2016-03-24 at 07:20 +0100, Florian Weimer wrote: >> * Hilko Bengen: >> >>> >>> the original report may not have been 100% clear on this, but the bug is >>> the main cause of a vulnerability in Suricata (a network IDS/IPS) that >>> allows for remote denial of service, possibly remote code execution by >>> simply passing crafted packets by a Suricata installation. >> Without the complete test case, that's hard to tell. >> >> If we cannot reproduce this, perhaps Suricata (at least in stable) >> should not explicitly enable the PCRE JIT compiler? > > Adding Pierre (Suricata maintainer) to the loop then. >
Hi, Is it the same bug on PCRE that was reported last year ? If so, I have confirmed that it is reproducible in a mail to security@ (<564c6de1.9000...@debian.org>) The bug is in libpcre, see https://lists.exim.org/lurker/message/20140425.115921.793bec64.en.html for details, and http://vcs.pcre.org/pcre?view=revision&revision=1475 for the upstream fix. It indeed affects programs using the JIT feature, that includes suricata. Cheers, Pierre