CVE-2015-2305

Published: 30 March 2015

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.

From the Ubuntu security team

It was discovered that regcomp implementation has a buffer overflow that affects vigor. An attacker could use this vulnerability to cause a denial of service (crash).

Priority

Medium

Status

Package Release Status
haskell-regex-posix
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(code not built)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(code not built)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(code not built)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not built)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(code not built)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not built])
cups
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(code not built)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(code not built)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(code not built)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not built)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(code not built)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not built])
ptlib
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not built)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(code not built)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not built])
librcsb-core-wrapper
Launchpad, Ubuntu, Debian
Upstream
Released (1.005-3)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(1.005-3)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(1.005-3)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1.005-3)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1.005-3)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(1.005-3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
llvm-toolchain-3.5
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(1:3.5.2-2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

llvm-toolchain-3.4
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
llvm-toolchain-3.6
Launchpad, Ubuntu, Debian
Upstream
Released (1:3.6-1)
Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(1:3.6.2-3ubuntu2)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(1:3.6-2ubuntu1~trusty2)
newlib
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.0-1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(2.1.0-3)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(2.1.0-3)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2.1.0-3)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2.1.0-3)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(2.1.0-3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [2.1.0-3])
yap
Launchpad, Ubuntu, Debian
Upstream
Released (6.2.2-3)
Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(6.2.2-3)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(6.2.2-3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
z88dk
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(code not built)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not built])
efl
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(code not built)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(code not built)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(code not built)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not built)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(code not built)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

vnc4
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not built)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(code not built)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not built)
php5
Launchpad, Ubuntu, Debian
Upstream
Released (5.6.6+dfsg-1)
Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr)
Released (5.5.9+dfsg-1ubuntu4.9)
Patches:
Upstream: http://git.php.net/?p=php-src.git;a=commit;h=fb04dcf6dbb48aecd8d2dc986806cb58c8ae5282
sma
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(code not built)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(code not built)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(code not built)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not built)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(code not built)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not built])
vigor
Launchpad, Ubuntu, Debian
Upstream
Released (0.016-24)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(0.016-24)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(0.016-24)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(0.016-24)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(0.016-24)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(0.016-24)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [0.016-24build0.14.04.1])
clamav
Launchpad, Ubuntu, Debian
Upstream
Released (0.98.7)
Ubuntu 21.04 (Hirsute Hippo)
Released (0.98.7+dfsg-0ubuntu1)
Ubuntu 20.10 (Groovy Gorilla)
Released (0.98.7+dfsg-0ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (0.98.7+dfsg-0ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (0.98.7+dfsg-0ubuntu1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (0.98.7+dfsg-0ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (0.98.7+dfsg-0ubuntu0.14.04.1)
Patches:
Upstream: https://github.com/vrtadmin/clamav-devel/commit/0cc83247bcdac3b62da27d38490e3ec365d610ff
knews
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(code not built)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(code not built)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(code not built)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not built)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(code not built)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not built])
nvi
Launchpad, Ubuntu, Debian
Upstream
Released (1.81.6-13)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(1.81.6-13)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(1.81.6-13)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1.81.6-13)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1.81.6-13)
Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
alpine
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(code not built)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(code not built)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(code not built)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not built)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(code not built)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not built])
openrpt
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
olsrd
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not built)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(code not built)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not built])
llvm-toolchain-snapshot
Launchpad, Ubuntu, Debian
Upstream
Released (1:3.8~svn245286-1)
Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
radare2
Launchpad, Ubuntu, Debian
Upstream
Released (1.1.0+dfsg-5)
Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(2.3.0+dfsg-2)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2.3.0+dfsg-2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2.3.0+dfsg-2)
Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)