Your message dated Sat, 26 Mar 2016 17:47:08 +0000
with message-id <e1ajsim-0007rn...@franck.debian.org>
and subject line Bug#819050: fixed in pcre3 2:8.35-3.3+deb8u4
has caused the Debian Bug report #819050,
regarding libpcre3 segfaults on certain regex when jit is used
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
819050: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819050
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libpcre3
Version: 2:8.35-3.3+deb8u2
Severity: serious
Dear Maintainer,
When investigating a segmentation fault in suricata it was showing the
crash
is caused by libpcre3 when pcre_exec of a certain regex is called.
Further investigations have shown that also prcegrep using the regex
resulted
is a segfault.
pcregrep
'\/(?:(?:s(?:ystem\/(?:logs|engine)\/[^\x2f]+?|e(?:rv(?:au|er)|ct)|gau\/.*?|alam|ucks|can|ke)|p(?:lugins\/content\/vote\/\.ssl\/[a-z0-9]|(?:rogcicic|atr)ic|osts?\/[a-z0-9]+)|(?=[a-z]*[0-9])(?=[0-9]*[a-z])(?!setup\d+\.exe$)[a-z0-9]{5,10}|a(?:d(?:min\/images\/\w+|obe)|(?:sala|kee)m|live)|(?:i(?:mage\/flags|nvoice)|xml\/load)\/[^\x2f]+|d(?:o(?:c(?:\/[a-z0-9]+)?|ne)|bust)|m(?:edia\/files\/\w+|arch)|~.+?\/\.[^\x2f]+\/.+?|c(?:onfig|hris|alc)|u(?:swinz\w+|pdate)|Ozonecrytedserver|w(?:or[dk]|insys)|fa(?:cture|soo)|n(?:otepad|ach)|k(?:be|ey|is)|(?:tes|ve)t|ArfBtxz|office|yhaooo|[a-z]|etna|link|\d+)\.exe$|(?:(?=[a-z0-9]*?[3456789][a-z0-9]*?[3456789])(?=[a-z0-9]*?[h-z])[a-z0-9]{3,31}\+|PasswordRecovery|RemoveWAT|Dejdisc|Host\d+|Msword)\.exe)'
file
Segmentation fault
If the jit is disabled the crash does not happen
pcregrep --no-jit
'\/(?:(?:s(?:ystem\/(?:logs|engine)\/[^\x2f]+?|e(?:rv(?:au|er)|ct)|gau\/.*?|alam|ucks|can|ke)|p(?:lugins\/content\/vote\/\.ssl\/[a-z0-9]|(?:rogcicic|atr)ic|osts?\/[a-z0-9]+)|(?=[a-z]*[0-9])(?=[0-9]*[a-z])(?!setup\d+\.exe$)[a-z0-9]{5,10}|a(?:d(?:min\/images\/\w+|obe)|(?:sala|kee)m|live)|(?:i(?:mage\/flags|nvoice)|xml\/load)\/[^\x2f]+|d(?:o(?:c(?:\/[a-z0-9]+)?|ne)|bust)|m(?:edia\/files\/\w+|arch)|~.+?\/\.[^\x2f]+\/.+?|c(?:onfig|hris|alc)|u(?:swinz\w+|pdate)|Ozonecrytedserver|w(?:or[dk]|insys)|fa(?:cture|soo)|n(?:otepad|ach)|k(?:be|ey|is)|(?:tes|ve)t|ArfBtxz|office|yhaooo|[a-z]|etna|link|\d+)\.exe$|(?:(?=[a-z0-9]*?[3456789][a-z0-9]*?[3456789])(?=[a-z0-9]*?[h-z])[a-z0-9]{3,31}\+|PasswordRecovery|RemoveWAT|Dejdisc|Host\d+|Msword)\.exe)'
file
This can be used to remotely crash Suricata when used with the open
emergingthreats rules which contain the above regex.
The crash does no longer happen in stretch/sid which has a newer pcre
version.
-- System Information:
Debian Release: 8.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
--- End Message ---
--- Begin Message ---
Source: pcre3
Source-Version: 2:8.35-3.3+deb8u4
We believe that the bug you reported is fixed in the latest version of
pcre3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 819...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated pcre3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 25 Mar 2016 19:58:10 +0100
Source: pcre3
Binary: libpcre3 libpcre3-udeb libpcrecpp0 libpcre3-dev libpcre3-dbg pcregrep
Architecture: source
Version: 2:8.35-3.3+deb8u4
Distribution: jessie
Urgency: medium
Maintainer: Mark Baker <m...@mnb.org.uk>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 819050
Description:
libpcre3 - Perl 5 Compatible Regular Expression Library - runtime files
libpcre3-dbg - Perl 5 Compatible Regular Expression Library - debug symbols
libpcre3-dev - Perl 5 Compatible Regular Expression Library - development files
libpcre3-udeb - Perl 5 Compatible Regular Expression Library - runtime files
(ude (udeb)
libpcrecpp0 - Perl 5 Compatible Regular Expression Library - C++ runtime files
pcregrep - grep utility that uses perl 5 compatible regexes.
Changes:
pcre3 (2:8.35-3.3+deb8u4) jessie; urgency=medium
.
* Non-maintainer upload.
* Add 0001-Fixed-an-issue-with-nested-table-jumps.patch.
Fixes issue with nested table jumps. (Closes: #819050)
Checksums-Sha1:
ed005c75cd39580467bbb60e16e6c2ade029e30c 1985 pcre3_8.35-3.3+deb8u4.dsc
4fc739987e165b16693de34c36a4ba59fff57b0f 38081
pcre3_8.35-3.3+deb8u4.debian.tar.gz
Checksums-Sha256:
862ee7365c8cc9916f58856617701e2e2f3dcd384a34375379ddfa52b642c649 1985
pcre3_8.35-3.3+deb8u4.dsc
93e38ad38d4cdb21d346226eebc7e2ad419cbfe0261b27d2910e8e5c3a946fb9 38081
pcre3_8.35-3.3+deb8u4.debian.tar.gz
Files:
92aad733f262f92a6d47f908a40d1b5e 1985 libs optional pcre3_8.35-3.3+deb8u4.dsc
ea36f15f106f19cfad8ea0896606c11c 38081 libs optional
pcre3_8.35-3.3+deb8u4.debian.tar.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJW9pM+AAoJEAVMuPMTQ89EAxkQAIBI8L/jCPJgBHfP3DzNTMpI
DgyTZ0LSs71wHN9ydlSM18nAdQP8TQZc4L34HvuQz714qCPqmi/nydQX4yG1CvPt
SBMhCwO47czMRdWMPrdbUcGMzCfvs7eZdll2O1HZtHWMNz473BusDYhspgOHCTCJ
qZh24dC/0TDhgs6r8EZHfUw6mH3Jq3p+J4Sfk+gzafq2A7vVfmQ/u+CO5009wt8D
Ol2G1JzNjESDy6EiAr+BTxyrSsqIlHX5dqIzP12LyXejX3Es41CoODhlW/Luj1+B
rS6oFJX5mo/TfcasU02CIBkBx9MbohoQl8AKVvp3xTTIHnRHrr+T5e4x2ZsNbiR1
uxyRPUJJzlFg8IxVUgLbFHdjM9Y2uHbtCMc8VoauGIqCNfzwDO+z8BoIjdLggiV6
AMK3tnHWDAWXO0CVvfDvKSwUTAsgUOD4HT+140poPZjvcNcGT98iDK8VZPWJ38Ou
xE6H4CkgfxOA8G3lutzmz6lEAwvR5ZvGLc7lxf+oS7L0/hssLWk6DMPghmca6Iqg
QN73lCngLerAAHOn/KkPuWxyjfcQIMLMolVfNn6CN1mMqeQTENv2/xfAZ9RcCxNl
1f4ppr4g/AP9QJeq9TW7OXTSWbYIBQPK1R5BeAqIbpFOLM8YGJCJIuPkFP3XZrQH
81JY6KW9DlffD2mTOe6E
=YdBO
-----END PGP SIGNATURE-----
--- End Message ---
