Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2015-2305

Published: 30 March 2015

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.

From the Ubuntu Security Team

It was discovered that regcomp implementation has a buffer overflow that affects vigor. An attacker could use this vulnerability to cause a denial of service (crash).

Priority

Medium

Status

Package Release Status
alpine
Launchpad, Ubuntu, Debian
artful Not vulnerable
(code not built)
bionic Not vulnerable
(code not built)
cosmic Not vulnerable
(code not built)
disco Not vulnerable
(code not built)
eoan Not vulnerable
(code not built)
focal Not vulnerable
(code not built)
groovy Not vulnerable
(code not built)
hirsute Not vulnerable
(code not built)
impish Not vulnerable
(code not built)
jammy Not vulnerable
(code not built)
kinetic Not vulnerable
(code not built)
lucid Not vulnerable
(code not built)
lunar Not vulnerable
(code not built)
mantic Not vulnerable
(code not built)
precise Not vulnerable
(code not built)
trusty Does not exist
(trusty was not-affected [code not built])
upstream Needs triage

utopic Not vulnerable
(code not built)
vivid Not vulnerable
(code not built)
wily Not vulnerable
(code not built)
xenial Not vulnerable
(code not built)
yakkety Not vulnerable
(code not built)
zesty Not vulnerable
(code not built)
clamav
Launchpad, Ubuntu, Debian
artful
Released (0.98.7+dfsg-0ubuntu1)
bionic
Released (0.98.7+dfsg-0ubuntu1)
cosmic
Released (0.98.7+dfsg-0ubuntu1)
disco
Released (0.98.7+dfsg-0ubuntu1)
eoan
Released (0.98.7+dfsg-0ubuntu1)
focal
Released (0.98.7+dfsg-0ubuntu1)
groovy
Released (0.98.7+dfsg-0ubuntu1)
hirsute
Released (0.98.7+dfsg-0ubuntu1)
impish
Released (0.98.7+dfsg-0ubuntu1)
jammy
Released (0.98.7+dfsg-0ubuntu1)
kinetic
Released (0.98.7+dfsg-0ubuntu1)
lucid Ignored
(end of life)
lunar
Released (0.98.7+dfsg-0ubuntu1)
mantic
Released (0.98.7+dfsg-0ubuntu1)
precise
Released (0.98.7+dfsg-0ubuntu0.12.04.1)
trusty
Released (0.98.7+dfsg-0ubuntu0.14.04.1)
upstream
Released (0.98.7)
utopic
Released (0.98.7+dfsg-0ubuntu0.14.10.1)
vivid
Released (0.98.7+dfsg-0ubuntu0.15.04.1)
wily
Released (0.98.7+dfsg-0ubuntu1)
xenial
Released (0.98.7+dfsg-0ubuntu1)
yakkety
Released (0.98.7+dfsg-0ubuntu1)
zesty
Released (0.98.7+dfsg-0ubuntu1)
Patches:
upstream: https://github.com/vrtadmin/clamav-devel/commit/0cc83247bcdac3b62da27d38490e3ec365d610ff

cups
Launchpad, Ubuntu, Debian
artful Not vulnerable
(code not built)
bionic Not vulnerable
(code not built)
cosmic Not vulnerable
(code not built)
disco Not vulnerable
(code not built)
eoan Not vulnerable
(code not built)
focal Not vulnerable
(code not built)
groovy Not vulnerable
(code not built)
hirsute Not vulnerable
(code not built)
impish Not vulnerable
(code not built)
jammy Not vulnerable
(code not built)
kinetic Not vulnerable
(code not built)
lucid Not vulnerable
(code not built)
lunar Not vulnerable
(code not built)
mantic Not vulnerable
(code not built)
precise Not vulnerable
(code not built)
trusty Does not exist
(trusty was not-affected [code not built])
upstream Needs triage

utopic Not vulnerable
(code not built)
vivid Not vulnerable
(code not built)
wily Not vulnerable
(code not built)
xenial Not vulnerable
(code not built)
yakkety Not vulnerable
(code not built)
zesty Not vulnerable
(code not built)
efl
Launchpad, Ubuntu, Debian
artful Not vulnerable
(code not built)
bionic Not vulnerable
(code not built)
cosmic Not vulnerable
(code not built)
disco Not vulnerable
(code not built)
eoan Not vulnerable
(code not built)
focal Not vulnerable
(code not built)
groovy Not vulnerable
(code not built)
hirsute Not vulnerable
(code not built)
impish Not vulnerable
(code not built)
jammy Not vulnerable
(code not built)
kinetic Not vulnerable
(code not built)
lucid Does not exist

lunar Not vulnerable
(code not built)
mantic Not vulnerable
(code not built)
precise Does not exist

trusty Does not exist

upstream Needs triage

utopic Not vulnerable
(code not built)
vivid Not vulnerable
(code not built)
wily Not vulnerable
(code not built)
xenial Not vulnerable
(code not built)
yakkety Not vulnerable
(code not built)
zesty Not vulnerable
(code not built)
haskell-regex-posix
Launchpad, Ubuntu, Debian
artful Not vulnerable
(code not built)
bionic Not vulnerable
(code not built)
cosmic Not vulnerable
(code not built)
disco Not vulnerable
(code not built)
eoan Not vulnerable
(code not built)
focal Not vulnerable
(code not built)
groovy Not vulnerable
(code not built)
hirsute Not vulnerable
(code not built)
impish Not vulnerable
(code not built)
jammy Not vulnerable
(code not built)
kinetic Not vulnerable
(code not built)
lucid Not vulnerable
(code not built)
lunar Not vulnerable
(code not built)
mantic Not vulnerable
(code not built)
precise Not vulnerable
(code not built)
trusty Does not exist
(trusty was not-affected [code not built])
upstream Needs triage

utopic Not vulnerable
(code not built)
vivid Not vulnerable
(code not built)
wily Not vulnerable
(code not built)
xenial Not vulnerable
(code not built)
yakkety Not vulnerable
(code not built)
zesty Not vulnerable
(code not built)
knews
Launchpad, Ubuntu, Debian
artful Not vulnerable
(code not built)
bionic Not vulnerable
(code not built)
cosmic Not vulnerable
(code not built)
disco Not vulnerable
(code not built)
eoan Not vulnerable
(code not built)
focal Not vulnerable
(code not built)
groovy Not vulnerable
(code not built)
hirsute Not vulnerable
(code not built)
impish Not vulnerable
(code not built)
jammy Not vulnerable
(code not built)
kinetic Not vulnerable
(code not built)
lucid Not vulnerable
(code not built)
lunar Not vulnerable
(code not built)
mantic Not vulnerable
(code not built)
precise Not vulnerable
(code not built)
trusty Does not exist
(trusty was not-affected [code not built])
upstream Needs triage

utopic Not vulnerable
(code not built)
vivid Not vulnerable
(code not built)
wily Not vulnerable
(code not built)
xenial Not vulnerable
(code not built)
yakkety Not vulnerable
(code not built)
zesty Not vulnerable
(code not built)
librcsb-core-wrapper
Launchpad, Ubuntu, Debian
artful Not vulnerable
(1.005-3)
bionic Not vulnerable
(1.005-3)
cosmic Not vulnerable
(1.005-3)
disco Not vulnerable
(1.005-3)
eoan Not vulnerable
(1.005-3)
focal Not vulnerable
(1.005-3)
groovy Not vulnerable
(1.005-3)
hirsute Not vulnerable
(1.005-3)
impish Not vulnerable
(1.005-3)
jammy Not vulnerable
(1.005-3)
kinetic Not vulnerable
(1.005-3)
lucid Does not exist

lunar Not vulnerable
(1.005-3)
mantic Not vulnerable
(1.005-3)
precise Does not exist

trusty Does not exist
(trusty was needed)
upstream
Released (1.005-3)
utopic Ignored
(end of life)
vivid Not vulnerable
(1.005-3)
wily Not vulnerable
(1.005-3)
xenial Not vulnerable
(1.005-3)
yakkety Not vulnerable
(1.005-3)
zesty Not vulnerable
(1.005-3)
llvm-toolchain-3.4
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lucid Does not exist

lunar Does not exist

mantic Does not exist

precise Ignored
(end of life)
trusty Does not exist
(trusty was needed)
upstream Needed

utopic Ignored
(end of life)
vivid Ignored
(end of life)
wily Ignored
(end of life)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

llvm-toolchain-3.5
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lucid Does not exist

lunar Does not exist

mantic Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

utopic Ignored
(end of life)
vivid Ignored
(end of life)
wily Not vulnerable
(1:3.5.2-2)
xenial Not vulnerable
(1:3.5.2-2)
yakkety Not vulnerable
(1:3.5.2-2)
zesty Does not exist

llvm-toolchain-3.6
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lucid Does not exist

lunar Does not exist

mantic Does not exist

precise Does not exist

trusty Not vulnerable
(1:3.6-2ubuntu1~trusty2)
upstream
Released (1:3.6-1)
utopic Does not exist

vivid Ignored
(end of life)
wily Ignored
(end of life)
xenial Not vulnerable
(1:3.6.2-3ubuntu2)
yakkety Ignored
(end of life)
zesty Does not exist

llvm-toolchain-snapshot
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lucid Does not exist

lunar Does not exist

mantic Does not exist

precise Does not exist

trusty Does not exist
(trusty was needed)
upstream
Released (1:3.8~svn245286-1)
utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

newlib
Launchpad, Ubuntu, Debian
artful Ignored
(end of life)
bionic Not vulnerable
(2.1.0-3)
cosmic Not vulnerable
(2.1.0-3)
disco Not vulnerable
(2.1.0-3)
eoan Not vulnerable
(2.1.0-3)
focal Not vulnerable
(2.1.0-3)
groovy Not vulnerable
(2.1.0-3)
hirsute Not vulnerable
(2.1.0-3)
impish Not vulnerable
(2.1.0-3)
jammy Not vulnerable
(2.1.0-3)
kinetic Not vulnerable
(2.1.0-3)
lucid Ignored
(end of life)
lunar Not vulnerable
(2.1.0-3)
mantic Not vulnerable
(2.1.0-3)
precise Ignored
(end of life)
trusty Does not exist
(trusty was not-affected [2.1.0-3])
upstream
Released (2.0.0-1)
utopic Ignored
(end of life)
vivid Ignored
(end of life)
wily Ignored
(end of life)
xenial Not vulnerable
(2.1.0-3)
yakkety Ignored
(end of life)
zesty Ignored
(end of life)
nvi
Launchpad, Ubuntu, Debian
artful Ignored
(end of life)
bionic Not vulnerable
(1.81.6-13)
cosmic Not vulnerable
(1.81.6-13)
disco Not vulnerable
(1.81.6-13)
eoan Not vulnerable
(1.81.6-13)
focal Not vulnerable
(1.81.6-13)
groovy Not vulnerable
(1.81.6-13)
hirsute Not vulnerable
(1.81.6-13)
impish Not vulnerable
(1.81.6-13)
jammy Not vulnerable
(1.81.6-13)
kinetic Not vulnerable
(1.81.6-13)
lucid Ignored
(end of life)
lunar Not vulnerable
(1.81.6-13)
mantic Not vulnerable
(1.81.6-13)
precise Ignored
(end of life)
trusty Does not exist
(trusty was needed)
upstream
Released (1.81.6-13)
utopic Ignored
(end of life)
vivid Ignored
(end of life)
wily Ignored
(end of life)
xenial Needed

yakkety Ignored
(end of life)
zesty Ignored
(end of life)
olsrd
Launchpad, Ubuntu, Debian
artful Not vulnerable
(code not built)
bionic Not vulnerable
(code not built)
cosmic Not vulnerable
(code not built)
disco Not vulnerable
(code not built)
eoan Not vulnerable
(code not built)
focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lucid Not vulnerable
(code not built)
lunar Does not exist

mantic Does not exist

precise Not vulnerable
(code not built)
trusty Does not exist
(trusty was not-affected [code not built])
upstream Needs triage

utopic Not vulnerable
(code not built)
vivid Not vulnerable
(code not built)
wily Not vulnerable
(code not built)
xenial Not vulnerable
(code not built)
yakkety Not vulnerable
(code not built)
zesty Not vulnerable
(code not built)
openrpt
Launchpad, Ubuntu, Debian
artful Ignored
(end of life)
bionic Needed

cosmic Ignored
(end of life)
disco Ignored
(end of life)
eoan Ignored
(end of life)
focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lucid Does not exist

lunar Does not exist

mantic Does not exist

precise Does not exist

trusty Does not exist
(trusty was needed)
upstream Needed

utopic Ignored
(end of life)
vivid Ignored
(end of life)
wily Ignored
(end of life)
xenial Needed

yakkety Ignored
(end of life)
zesty Ignored
(end of life)
php5
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lucid
Released (5.3.2-1ubuntu4.30)
lunar Does not exist

mantic Does not exist

precise
Released (5.3.10-1ubuntu3.18)
trusty
Released (5.5.9+dfsg-1ubuntu4.9)
upstream
Released (5.6.6+dfsg-1)
utopic
Released (5.5.12+dfsg-2ubuntu4.4)
vivid
Released (5.6.4+dfsg-4ubuntu4)
wily
Released (5.6.4+dfsg-4ubuntu4)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

Patches:

upstream: http://git.php.net/?p=php-src.git;a=commit;h=fb04dcf6dbb48aecd8d2dc986806cb58c8ae5282
ptlib
Launchpad, Ubuntu, Debian
artful Not vulnerable
(code not built)
bionic Not vulnerable
(code not built)
cosmic Not vulnerable
(code not built)
disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lucid Not vulnerable
(code not built)
lunar Does not exist

mantic Does not exist

precise Not vulnerable
(code not built)
trusty Does not exist
(trusty was not-affected [code not built])
upstream Needs triage

utopic Not vulnerable
(code not built)
vivid Not vulnerable
(code not built)
wily Not vulnerable
(code not built)
xenial Not vulnerable
(code not built)
yakkety Not vulnerable
(code not built)
zesty Not vulnerable
(code not built)
radare2
Launchpad, Ubuntu, Debian
artful Ignored
(end of life)
bionic Not vulnerable
(2.3.0+dfsg-2)
cosmic Not vulnerable
(2.3.0+dfsg-2)
disco Not vulnerable
(2.3.0+dfsg-2)
eoan Not vulnerable
(2.3.0+dfsg-2)
focal Not vulnerable
(2.3.0+dfsg-2)
groovy Not vulnerable
(2.3.0+dfsg-2)
hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lucid Does not exist

lunar Ignored
(end of life, was needs-triage)
mantic Not vulnerable
(5.5.0+dfsg-1ubuntu1)
precise Ignored
(end of life)
trusty Does not exist
(trusty was needed)
upstream
Released (1.1.0+dfsg-5)
utopic Ignored
(end of life)
vivid Ignored
(end of life)
wily Ignored
(end of life)
xenial Needed

yakkety Ignored
(end of life)
zesty Ignored
(end of life)
sma
Launchpad, Ubuntu, Debian
artful Not vulnerable
(code not built)
bionic Not vulnerable
(code not built)
cosmic Not vulnerable
(code not built)
disco Not vulnerable
(code not built)
eoan Not vulnerable
(code not built)
focal Not vulnerable
(code not built)
groovy Not vulnerable
(code not built)
hirsute Not vulnerable
(code not built)
impish Not vulnerable
(code not built)
jammy Not vulnerable
(code not built)
kinetic Not vulnerable
(code not built)
lucid Not vulnerable
(code not built)
lunar Not vulnerable
(code not built)
mantic Not vulnerable
(code not built)
precise Not vulnerable
(code not built)
trusty Does not exist
(trusty was not-affected [code not built])
upstream Needs triage

utopic Not vulnerable
(code not built)
vivid Not vulnerable
(code not built)
wily Not vulnerable
(code not built)
xenial Not vulnerable
(code not built)
yakkety Not vulnerable
(code not built)
zesty Not vulnerable
(code not built)
vigor
Launchpad, Ubuntu, Debian
artful Not vulnerable
(0.016-24)
bionic Not vulnerable
(0.016-24)
cosmic Not vulnerable
(0.016-24)
disco Not vulnerable
(0.016-24)
eoan Not vulnerable
(0.016-24)
focal Not vulnerable
(0.016-24)
groovy Not vulnerable
(0.016-24)
hirsute Not vulnerable
(0.016-24)
impish Not vulnerable
(0.016-24)
jammy Not vulnerable
(0.016-24)
kinetic Not vulnerable
(0.016-24)
lucid Ignored
(end of life)
lunar Not vulnerable
(0.016-24)
mantic Not vulnerable
(0.016-24)
precise Ignored
(end of life)
trusty
Released (0.016-24build0.14.04.1)
upstream
Released (0.016-24)
utopic Ignored
(end of life)
vivid Not vulnerable
(0.016-24)
wily Not vulnerable
(0.016-24)
xenial Not vulnerable
(0.016-24)
yakkety Not vulnerable
(0.016-24)
zesty Not vulnerable
(0.016-24)
vnc4
Launchpad, Ubuntu, Debian
artful Not vulnerable
(code not built)
bionic Not vulnerable
(code not built)
cosmic Not vulnerable
(code not built)
disco Not vulnerable
(code not built)
eoan Not vulnerable
(code not built)
focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lucid Not vulnerable
(code not built)
lunar Does not exist

mantic Does not exist

precise Not vulnerable
(code not built)
trusty Not vulnerable
(code not built)
upstream Needs triage

utopic Not vulnerable
(code not built)
vivid Not vulnerable
(code not built)
wily Not vulnerable
(code not built)
xenial Not vulnerable
(code not built)
yakkety Not vulnerable
(code not built)
zesty Not vulnerable
(code not built)
yap
Launchpad, Ubuntu, Debian
artful Not vulnerable
(6.2.2-3)
bionic Not vulnerable
(6.2.2-3)
cosmic Not vulnerable
(6.2.2-3)
disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lucid Ignored
(end of life)
lunar Does not exist

mantic Does not exist

precise Ignored
(end of life)
trusty Does not exist
(trusty was needed)
upstream
Released (6.2.2-3)
utopic Ignored
(end of life)
vivid Not vulnerable
(6.2.2-3)
wily Not vulnerable
(6.2.2-3)
xenial Not vulnerable
(6.2.2-3)
yakkety Not vulnerable
(6.2.2-3)
zesty Not vulnerable
(6.2.2-3)
z88dk
Launchpad, Ubuntu, Debian
artful Not vulnerable
(code not built)
bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lucid Not vulnerable
(code not built)
lunar Does not exist

mantic Does not exist

precise Not vulnerable
(code not built)
trusty Does not exist
(trusty was not-affected [code not built])
upstream Needs triage

utopic Not vulnerable
(code not built)
vivid Not vulnerable
(code not built)
wily Not vulnerable
(code not built)
xenial Not vulnerable
(code not built)
yakkety Not vulnerable
(code not built)
zesty Not vulnerable
(code not built)