CVE-2015-8985

Priority
Description
The pop_fail_stack function in the GNU C Library (aka glibc or libc6)
allows context-dependent attackers to cause a denial of service (assertion
failure and application crash) via vectors related to extended regular
expression processing.
Notes
sbeattiePoC testcase in upstream bug report
fix commit possibly introduced regression addressed by
bc680b336971305cb39896b30d72dc7101b62242
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Source: glibc (LP Ubuntu Debian)
Upstream:released (2.28)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):not-affected (2.28-0ubuntu1)
Ubuntu 19.10 (Eoan Ermine):not-affected (2.28-0ubuntu1)
Ubuntu 20.04 (Focal Fossa):not-affected (2.28-0ubuntu1)
Patches:
Upstream:https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672
More Information

Updated: 2019-12-05 19:26:31 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)