Turbolinux Local Security Tests : Turbolinux TLSA-2005-92 (pcre)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 105790 CVE descriptions and 56160 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.55505

Category: Turbolinux Local Security Tests

Title: Turbolinux TLSA-2005-92 (pcre)

Summary: Turbolinux TLSA-2005-92 (pcre)

Description: Description:

The remote host is missing an update to pcre
announced via advisory TLSA-2005-92.

The PCRE library is a set of functions that implement regular expression
pattern matching using the same syntax and semantics as Perl 5, with just
a few differences. The current implementation corresponds to Perl 5.005,
with some additional features from later versions. This includes some
experimental, incomplete support for UTF-8 encoded strings.

The integer overflow vulnerabilities exist in pcre.

The pcre allows attackers to execute arbitrary code via quantifier values
in regular expressions, which leads to a heap-based buffer overflow.

Solution: Please use the turbopkg (zabom) tool to apply the update.
http://www.securityspace.com/smysecure/catid.html?in=TLSA-2005-92

Risk factor : High

CVSS Score:
7.5

Cross-Ref: BugTraq ID: 15647
BugTraq ID: 14620
Common Vulnerability Exposure (CVE) ID: CVE-2005-2491
http://docs.info.apple.com/article.html?artnum=302847
Debian Security Information: DSA-800 (Google Search)
http://www.debian.org/security/2005/dsa-800
Debian Security Information: DSA-817 (Google Search)
http://www.debian.org/security/2005/dsa-817
Debian Security Information: DSA-819 (Google Search)
http://www.debian.org/security/2005/dsa-819
Debian Security Information: DSA-821 (Google Search)
http://www.debian.org/security/2005/dsa-821
http://www.securityfocus.com/archive/1/archive/1/427046/100/0/threaded
http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml
http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml
http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml
http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml
http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml
HPdes Security Advisory: HPSBUX02074
http://www.securityfocus.com/archive/1/archive/1/428138/100/0/threaded
HPdes Security Advisory: SSRT051251
HPdes Security Advisory: HPSBMA02159
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
HPdes Security Advisory: SSRT061238
HPdes Security Advisory: HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: SSRT090208
http://www.redhat.com/support/errata/RHSA-2005-761.html
http://www.redhat.com/support/errata/RHSA-2006-0197.html
http://marc.info/?l=bugtraq&m=112606064317223&w=2
http://www.redhat.com/support/errata/RHSA-2005-358.html
SCO Security Bulletin: SCOSA-2006.10
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt
SGI Security Advisory: 20060401-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
SuSE Security Announcement: SUSE-SA:2005:051 (Google Search)
http://marc.info/?l=bugtraq&m=112605112027335&w=2
SuSE Security Announcement: SUSE-SA:2005:048 (Google Search)
http://www.novell.com/linux/security/advisories/2005_48_pcre.html
SuSE Security Announcement: SUSE-SA:2005:049 (Google Search)
http://www.novell.com/linux/security/advisories/2005_49_php.html
SuSE Security Announcement: SUSE-SA:2005:052 (Google Search)
http://www.novell.com/linux/security/advisories/2005_52_apache2.html
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
http://www.securityfocus.com/bid/14620
http://www.securityfocus.com/bid/15647
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11516
http://www.vupen.com/english/advisories/2005/1511
http://www.vupen.com/english/advisories/2005/2659
http://www.vupen.com/english/advisories/2006/0789
http://www.vupen.com/english/advisories/2006/4320
http://www.vupen.com/english/advisories/2006/4502
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:735
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1496
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1659
http://securitytracker.com/id?1014744
http://secunia.com/advisories/17813
http://secunia.com/advisories/16502
http://secunia.com/advisories/16679
http://secunia.com/advisories/19072
http://secunia.com/advisories/19193
http://secunia.com/advisories/17252
http://secunia.com/advisories/19532
http://secunia.com/advisories/21522
http://secunia.com/advisories/22691
http://secunia.com/advisories/22875
http://securityreason.com/securityalert/604

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 56160 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.55505
Category:	Turbolinux Local Security Tests
Title:	Turbolinux TLSA-2005-92 (pcre)
Summary:	Turbolinux TLSA-2005-92 (pcre)
Description:	Description: The remote host is missing an update to pcre announced via advisory TLSA-2005-92. The PCRE library is a set of functions that implement regular expression pattern matching using the same syntax and semantics as Perl 5, with just a few differences. The current implementation corresponds to Perl 5.005, with some additional features from later versions. This includes some experimental, incomplete support for UTF-8 encoded strings. The integer overflow vulnerabilities exist in pcre. The pcre allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. Solution: Please use the turbopkg (zabom) tool to apply the update. http://www.securityspace.com/smysecure/catid.html?in=TLSA-2005-92 Risk factor : High CVSS Score: 7.5
Cross-Ref:	BugTraq ID: 15647 BugTraq ID: 14620 Common Vulnerability Exposure (CVE) ID: CVE-2005-2491 http://docs.info.apple.com/article.html?artnum=302847 Debian Security Information: DSA-800 (Google Search) http://www.debian.org/security/2005/dsa-800 Debian Security Information: DSA-817 (Google Search) http://www.debian.org/security/2005/dsa-817 Debian Security Information: DSA-819 (Google Search) http://www.debian.org/security/2005/dsa-819 Debian Security Information: DSA-821 (Google Search) http://www.debian.org/security/2005/dsa-821 http://www.securityfocus.com/archive/1/archive/1/427046/100/0/threaded http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml HPdes Security Advisory: HPSBUX02074 http://www.securityfocus.com/archive/1/archive/1/428138/100/0/threaded HPdes Security Advisory: SSRT051251 HPdes Security Advisory: HPSBMA02159 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522 HPdes Security Advisory: SSRT061238 HPdes Security Advisory: HPSBOV02683 http://marc.info/?l=bugtraq&m=130497311408250&w=2 HPdes Security Advisory: SSRT090208 http://www.redhat.com/support/errata/RHSA-2005-761.html http://www.redhat.com/support/errata/RHSA-2006-0197.html http://marc.info/?l=bugtraq&m=112606064317223&w=2 http://www.redhat.com/support/errata/RHSA-2005-358.html SCO Security Bulletin: SCOSA-2006.10 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt SGI Security Advisory: 20060401-01-U ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 SuSE Security Announcement: SUSE-SA:2005:051 (Google Search) http://marc.info/?l=bugtraq&m=112605112027335&w=2 SuSE Security Announcement: SUSE-SA:2005:048 (Google Search) http://www.novell.com/linux/security/advisories/2005_48_pcre.html SuSE Security Announcement: SUSE-SA:2005:049 (Google Search) http://www.novell.com/linux/security/advisories/2005_49_php.html SuSE Security Announcement: SUSE-SA:2005:052 (Google Search) http://www.novell.com/linux/security/advisories/2005_52_apache2.html http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://www.securityfocus.com/bid/14620 http://www.securityfocus.com/bid/15647 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11516 http://www.vupen.com/english/advisories/2005/1511 http://www.vupen.com/english/advisories/2005/2659 http://www.vupen.com/english/advisories/2006/0789 http://www.vupen.com/english/advisories/2006/4320 http://www.vupen.com/english/advisories/2006/4502 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:735 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1496 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1659 http://securitytracker.com/id?1014744 http://secunia.com/advisories/17813 http://secunia.com/advisories/16502 http://secunia.com/advisories/16679 http://secunia.com/advisories/19072 http://secunia.com/advisories/19193 http://secunia.com/advisories/17252 http://secunia.com/advisories/19532 http://secunia.com/advisories/21522 http://secunia.com/advisories/22691 http://secunia.com/advisories/22875 http://securityreason.com/securityalert/604
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com