Ubuntu Local Security Checks : Ubuntu USN-581-1 (pcre3)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.60452

Category: Ubuntu Local Security Checks

Title: Ubuntu USN-581-1 (pcre3)

Summary: Ubuntu USN-581-1 (pcre3)

Description:
The remote host is missing an update to pcre3
announced via advisory USN-581-1.

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

It was discovered that PCRE did not correctly handle very long strings
containing UTF8 sequences. In certain situations, an attacker could
exploit applications linked against PCRE by tricking a user or automated
system in processing a malicious regular expression leading to a denial
of service or possibly arbitrary code execution.

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libpcre3 7.4-0ubuntu0.6.06.2

Ubuntu 6.10:
libpcre3 7.4-0ubuntu0.6.10.2

Ubuntu 7.04:
libpcre3 7.4-0ubuntu0.7.04.2

Ubuntu 7.10:
libpcre3 7.4-0ubuntu0.7.10.2

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-581-1

Risk factor : High

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-0674
Bugtraq: 20080228 rPSA-2008-0086-1 pcre (Google Search)
http://www.securityfocus.com/archive/1/archive/1/488927/100/0/threaded
Bugtraq: 20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search)
http://www.securityfocus.com/archive/1/archive/1/492535/100/0/threaded
http://www.openwall.com/lists/oss-security/2008/05/02/2
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
Debian Security Information: DSA-1499 (Google Search)
http://www.debian.org/security/2008/dsa-1499
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00371.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00632.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html
http://security.gentoo.org/glsa/glsa-200803-24.xml
http://security.gentoo.org/glsa/glsa-200811-05.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:053
SuSE Security Announcement: SUSE-SR:2008:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html
http://www.ubuntulinux.org/support/documentation/usn/usn-581-1
Cert/CC Advisory: TA09-218A
http://www.us-cert.gov/cas/techalerts/TA09-218A.html
BugTraq ID: 27786
http://www.securityfocus.com/bid/27786
BugTraq ID: 29009
http://www.securityfocus.com/bid/29009
BugTraq ID: 31681
http://www.securityfocus.com/bid/31681
http://www.securitytracker.com/id?1022674
http://secunia.com/advisories/36096
http://secunia.com/advisories/32746
http://www.vupen.com/english/advisories/2008/0570
http://www.vupen.com/english/advisories/2008/0592
http://www.vupen.com/english/advisories/2008/1412
http://www.vupen.com/english/advisories/2008/2268
http://www.vupen.com/english/advisories/2008/2780
http://secunia.com/advisories/28923
http://secunia.com/advisories/28960
http://secunia.com/advisories/28985
http://secunia.com/advisories/28996
http://secunia.com/advisories/28957
http://secunia.com/advisories/29027
http://secunia.com/advisories/29048
http://secunia.com/advisories/29175
http://secunia.com/advisories/29267
http://secunia.com/advisories/29282
http://secunia.com/advisories/30048
http://secunia.com/advisories/30345
http://secunia.com/advisories/31326
http://secunia.com/advisories/32222
http://www.vupen.com/english/advisories/2009/2172
XForce ISS Database: pcre-characterclass-bo(40505)
http://xforce.iss.net/xforce/xfdb/40505

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.60452
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-581-1 (pcre3)
Summary:	Ubuntu USN-581-1 (pcre3)
Description:	The remote host is missing an update to pcre3 announced via advisory USN-581-1. A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. It was discovered that PCRE did not correctly handle very long strings containing UTF8 sequences. In certain situations, an attacker could exploit applications linked against PCRE by tricking a user or automated system in processing a malicious regular expression leading to a denial of service or possibly arbitrary code execution. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libpcre3 7.4-0ubuntu0.6.06.2 Ubuntu 6.10: libpcre3 7.4-0ubuntu0.6.10.2 Ubuntu 7.04: libpcre3 7.4-0ubuntu0.7.04.2 Ubuntu 7.10: libpcre3 7.4-0ubuntu0.7.10.2 After a standard system upgrade you need to reboot your computer to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-581-1 Risk factor : High
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0674 Bugtraq: 20080228 rPSA-2008-0086-1 pcre (Google Search) http://www.securityfocus.com/archive/1/archive/1/488927/100/0/threaded Bugtraq: 20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search) http://www.securityfocus.com/archive/1/archive/1/492535/100/0/threaded http://www.openwall.com/lists/oss-security/2008/05/02/2 http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html Debian Security Information: DSA-1499 (Google Search) http://www.debian.org/security/2008/dsa-1499 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00371.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00632.html https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html http://security.gentoo.org/glsa/glsa-200803-24.xml http://security.gentoo.org/glsa/glsa-200811-05.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:053 SuSE Security Announcement: SUSE-SR:2008:004 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html http://www.ubuntulinux.org/support/documentation/usn/usn-581-1 Cert/CC Advisory: TA09-218A http://www.us-cert.gov/cas/techalerts/TA09-218A.html BugTraq ID: 27786 http://www.securityfocus.com/bid/27786 BugTraq ID: 29009 http://www.securityfocus.com/bid/29009 BugTraq ID: 31681 http://www.securityfocus.com/bid/31681 http://www.securitytracker.com/id?1022674 http://secunia.com/advisories/36096 http://secunia.com/advisories/32746 http://www.vupen.com/english/advisories/2008/0570 http://www.vupen.com/english/advisories/2008/0592 http://www.vupen.com/english/advisories/2008/1412 http://www.vupen.com/english/advisories/2008/2268 http://www.vupen.com/english/advisories/2008/2780 http://secunia.com/advisories/28923 http://secunia.com/advisories/28960 http://secunia.com/advisories/28985 http://secunia.com/advisories/28996 http://secunia.com/advisories/28957 http://secunia.com/advisories/29027 http://secunia.com/advisories/29048 http://secunia.com/advisories/29175 http://secunia.com/advisories/29267 http://secunia.com/advisories/29282 http://secunia.com/advisories/30048 http://secunia.com/advisories/30345 http://secunia.com/advisories/31326 http://secunia.com/advisories/32222 http://www.vupen.com/english/advisories/2009/2172 XForce ISS Database: pcre-characterclass-bo(40505) http://xforce.iss.net/xforce/xfdb/40505
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com