English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 147413 CVE descriptions
and 71685 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: pcre security update
Advisory ID:       RHSA-2007:1068-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-1068.html
Issue date:        2007-11-29
Updated on:        2007-11-29
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-7225 CVE-2006-7226 CVE-2006-7228 
                   CVE-2006-7230 CVE-2007-1659 
- ---------------------------------------------------------------------

1. Summary:

Updated pcre packages that resolve several security issues are now
available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

PCRE is a Perl-compatible regular expression library.

Flaws were discovered in the way PCRE handles certain malformed regular
expressions. If an application linked against PCRE, such as Konqueror,
parses a malicious regular expression, it may have been possible to run
arbitrary code as the user running the application.
(CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659)

Users of PCRE are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.

Red Hat would like to thank Ludwig Nussel for reporting these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

315871 - CVE-2007-1659 pcre regular expression flaws
383371 - CVE-2006-7228 pcre integer overflow
384761 - CVE-2006-7225 pcre miscalculation of memory requirements for malformed Posix character class
384781 - CVE-2006-7226 pcre miscalculation of memory requirements for repeated subpattern containing a named recursion or subroutine reference
384801 - CVE-2006-7230 pcre miscalculation of memory requirements if options are changed during pattern compilation

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/pcre-4.5-4.el4_6.6.src.rpm
3fc0fdaf84b06cdf5788640cff0026f6  pcre-4.5-4.el4_6.6.src.rpm

i386:
2fc7dcfeab667b57d6cd72b3900e23e4  pcre-4.5-4.el4_6.6.i386.rpm
1792b64ed883f57a999ed859b9a9e554  pcre-debuginfo-4.5-4.el4_6.6.i386.rpm
9965f80d4d5ab3b571ab3c3cc9898990  pcre-devel-4.5-4.el4_6.6.i386.rpm

ia64:
2fc7dcfeab667b57d6cd72b3900e23e4  pcre-4.5-4.el4_6.6.i386.rpm
33f4eab971ef408facd1641eabaa467a  pcre-4.5-4.el4_6.6.ia64.rpm
1792b64ed883f57a999ed859b9a9e554  pcre-debuginfo-4.5-4.el4_6.6.i386.rpm
e5a27c2bddd2644641b1ad235508fbda  pcre-debuginfo-4.5-4.el4_6.6.ia64.rpm
6dfe274bd09371d8e0de10c5cc92bc26  pcre-devel-4.5-4.el4_6.6.ia64.rpm

ppc:
47acc99aadd1698c477beb54465e13f9  pcre-4.5-4.el4_6.6.ppc.rpm
c7bc58a2b1b45cba707f6e32f6b5182b  pcre-4.5-4.el4_6.6.ppc64.rpm
91d3d8000f09f9f3c8da971773718f24  pcre-debuginfo-4.5-4.el4_6.6.ppc.rpm
3efa974cd8f22041f71552ae295fc477  pcre-debuginfo-4.5-4.el4_6.6.ppc64.rpm
ffc58e305b91c427bab0f1d536bf8e3a  pcre-devel-4.5-4.el4_6.6.ppc.rpm

s390:
db4e05d53ed8fb12030d2f6684d9d869  pcre-4.5-4.el4_6.6.s390.rpm
4c60f3a6fa76de879ace31d7c635b68f  pcre-debuginfo-4.5-4.el4_6.6.s390.rpm
28d5cef76bf6ad728e777cd80e0e6628  pcre-devel-4.5-4.el4_6.6.s390.rpm

s390x:
db4e05d53ed8fb12030d2f6684d9d869  pcre-4.5-4.el4_6.6.s390.rpm
934cdcaa114cd70bf10f089fff41fea1  pcre-4.5-4.el4_6.6.s390x.rpm
4c60f3a6fa76de879ace31d7c635b68f  pcre-debuginfo-4.5-4.el4_6.6.s390.rpm
fc3a110b4cd548dc04590636f57c28ea  pcre-debuginfo-4.5-4.el4_6.6.s390x.rpm
f8589e25f1c60407ae174a941b3fa51f  pcre-devel-4.5-4.el4_6.6.s390x.rpm

x86_64:
2fc7dcfeab667b57d6cd72b3900e23e4  pcre-4.5-4.el4_6.6.i386.rpm
5ec42946ee8eea49029ff7b06ee58234  pcre-4.5-4.el4_6.6.x86_64.rpm
1792b64ed883f57a999ed859b9a9e554  pcre-debuginfo-4.5-4.el4_6.6.i386.rpm
d39e0bdc461577451e10a9d855e6fc73  pcre-debuginfo-4.5-4.el4_6.6.x86_64.rpm
d2464456a160a001ee8810a35235b3ae  pcre-devel-4.5-4.el4_6.6.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/pcre-4.5-4.el4_6.6.src.rpm
3fc0fdaf84b06cdf5788640cff0026f6  pcre-4.5-4.el4_6.6.src.rpm

i386:
2fc7dcfeab667b57d6cd72b3900e23e4  pcre-4.5-4.el4_6.6.i386.rpm
1792b64ed883f57a999ed859b9a9e554  pcre-debuginfo-4.5-4.el4_6.6.i386.rpm
9965f80d4d5ab3b571ab3c3cc9898990  pcre-devel-4.5-4.el4_6.6.i386.rpm

x86_64:
2fc7dcfeab667b57d6cd72b3900e23e4  pcre-4.5-4.el4_6.6.i386.rpm
5ec42946ee8eea49029ff7b06ee58234  pcre-4.5-4.el4_6.6.x86_64.rpm
1792b64ed883f57a999ed859b9a9e554  pcre-debuginfo-4.5-4.el4_6.6.i386.rpm
d39e0bdc461577451e10a9d855e6fc73  pcre-debuginfo-4.5-4.el4_6.6.x86_64.rpm
d2464456a160a001ee8810a35235b3ae  pcre-devel-4.5-4.el4_6.6.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/pcre-4.5-4.el4_6.6.src.rpm
3fc0fdaf84b06cdf5788640cff0026f6  pcre-4.5-4.el4_6.6.src.rpm

i386:
2fc7dcfeab667b57d6cd72b3900e23e4  pcre-4.5-4.el4_6.6.i386.rpm
1792b64ed883f57a999ed859b9a9e554  pcre-debuginfo-4.5-4.el4_6.6.i386.rpm
9965f80d4d5ab3b571ab3c3cc9898990  pcre-devel-4.5-4.el4_6.6.i386.rpm

ia64:
2fc7dcfeab667b57d6cd72b3900e23e4  pcre-4.5-4.el4_6.6.i386.rpm
33f4eab971ef408facd1641eabaa467a  pcre-4.5-4.el4_6.6.ia64.rpm
1792b64ed883f57a999ed859b9a9e554  pcre-debuginfo-4.5-4.el4_6.6.i386.rpm
e5a27c2bddd2644641b1ad235508fbda  pcre-debuginfo-4.5-4.el4_6.6.ia64.rpm
6dfe274bd09371d8e0de10c5cc92bc26  pcre-devel-4.5-4.el4_6.6.ia64.rpm

x86_64:
2fc7dcfeab667b57d6cd72b3900e23e4  pcre-4.5-4.el4_6.6.i386.rpm
5ec42946ee8eea49029ff7b06ee58234  pcre-4.5-4.el4_6.6.x86_64.rpm
1792b64ed883f57a999ed859b9a9e554  pcre-debuginfo-4.5-4.el4_6.6.i386.rpm
d39e0bdc461577451e10a9d855e6fc73  pcre-debuginfo-4.5-4.el4_6.6.x86_64.rpm
d2464456a160a001ee8810a35235b3ae  pcre-devel-4.5-4.el4_6.6.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/pcre-4.5-4.el4_6.6.src.rpm
3fc0fdaf84b06cdf5788640cff0026f6  pcre-4.5-4.el4_6.6.src.rpm

i386:
2fc7dcfeab667b57d6cd72b3900e23e4  pcre-4.5-4.el4_6.6.i386.rpm
1792b64ed883f57a999ed859b9a9e554  pcre-debuginfo-4.5-4.el4_6.6.i386.rpm
9965f80d4d5ab3b571ab3c3cc9898990  pcre-devel-4.5-4.el4_6.6.i386.rpm

ia64:
2fc7dcfeab667b57d6cd72b3900e23e4  pcre-4.5-4.el4_6.6.i386.rpm
33f4eab971ef408facd1641eabaa467a  pcre-4.5-4.el4_6.6.ia64.rpm
1792b64ed883f57a999ed859b9a9e554  pcre-debuginfo-4.5-4.el4_6.6.i386.rpm
e5a27c2bddd2644641b1ad235508fbda  pcre-debuginfo-4.5-4.el4_6.6.ia64.rpm
6dfe274bd09371d8e0de10c5cc92bc26  pcre-devel-4.5-4.el4_6.6.ia64.rpm

x86_64:
2fc7dcfeab667b57d6cd72b3900e23e4  pcre-4.5-4.el4_6.6.i386.rpm
5ec42946ee8eea49029ff7b06ee58234  pcre-4.5-4.el4_6.6.x86_64.rpm
1792b64ed883f57a999ed859b9a9e554  pcre-debuginfo-4.5-4.el4_6.6.i386.rpm
d39e0bdc461577451e10a9d855e6fc73  pcre-debuginfo-4.5-4.el4_6.6.x86_64.rpm
d2464456a160a001ee8810a35235b3ae  pcre-devel-4.5-4.el4_6.6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1659
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHTtY1XlSAg2UNWIIRAikxAJ9OELYnFxcI0Y1oBXxErFmXwA1qUQCguVY1
7EQaFgPnBgKIqdZL0S7M/Xo=
=JPO8
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.