Hi all, On Fri, Mar 25, 2016 at 08:18:34AM +0100, Pierre Chifflier wrote: > On 03/24/2016 09:38 AM, Yves-Alexis Perez wrote: > > control: affects -1 suricata > > On jeu., 2016-03-24 at 07:20 +0100, Florian Weimer wrote: > >> * Hilko Bengen: > >> > >>> > >>> the original report may not have been 100% clear on this, but the bug is > >>> the main cause of a vulnerability in Suricata (a network IDS/IPS) that > >>> allows for remote denial of service, possibly remote code execution by > >>> simply passing crafted packets by a Suricata installation. > >> Without the complete test case, that's hard to tell. > >> > >> If we cannot reproduce this, perhaps Suricata (at least in stable) > >> should not explicitly enable the PCRE JIT compiler? > > > > Adding Pierre (Suricata maintainer) to the loop then. > > > > Hi, > > Is it the same bug on PCRE that was reported last year ? If so, I have > confirmed that it is reproducible in a mail to security@ > (<[email protected]>) > The bug is in libpcre, see > https://lists.exim.org/lurker/message/20140425.115921.793bec64.en.html > for details, and > http://vcs.pcre.org/pcre?view=revision&revision=1475 > for the upstream fix. > > It indeed affects programs using the JIT feature, that includes suricata.
Can you confirm that the packages at https://people.debian.org/~carnil/tmp/pcre3/jessie/ fix as well the case reported in #819050? The package at above link contain the proposed fixes which I submitted for the next Jessie point release and on top of it r1475 commit from upstream. Can you otherwise provide a complete test case for #819050? Regards, Salvatore
signature.asc
Description: PGP signature
