Red Hat Local Security Checks : RedHat Security Advisory RHSA-2007:0967

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.58969
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2007:0967
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2007:0967. PCRE is a Perl-compatible regular expression library. Multiple flaws were found in the way pcre handles certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it may be possible to run arbitrary code as the user running the application. (CVE-2007-1659, CVE-2007-1660) Users of pcre are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Red Hat would like to thank Tavis Ormandy and Will Drewry for properly disclosing these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0967.html http://www.redhat.com/security/updates/classification/#critical Risk factor : High CVSS Score: 6.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1659 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BugTraq ID: 26346 http://www.securityfocus.com/bid/26346 Bugtraq: 20071106 rPSA-2007-0231-1 pcre (Google Search) http://www.securityfocus.com/archive/1/483357/100/0/threaded Bugtraq: 20071112 FLEA-2007-0064-1 pcre (Google Search) http://www.securityfocus.com/archive/1/483579/100/0/threaded Cert/CC Advisory: TA07-352A http://www.us-cert.gov/cas/techalerts/TA07-352A.html Debian Security Information: DSA-1399 (Google Search) http://www.debian.org/security/2007/dsa-1399 Debian Security Information: DSA-1570 (Google Search) http://www.debian.org/security/2008/dsa-1570 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html http://security.gentoo.org/glsa/glsa-200711-30.xml http://security.gentoo.org/glsa/glsa-200801-02.xml http://security.gentoo.org/glsa/glsa-200801-18.xml http://security.gentoo.org/glsa/glsa-200801-19.xml http://security.gentoo.org/glsa/glsa-200805-11.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:211 http://www.mandriva.com/security/advisories?name=MDKSA-2007:212 http://www.mandriva.com/security/advisories?name=MDVSA-2008:030 http://bugs.gentoo.org/show_bug.cgi?id=198976 http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9725 http://www.redhat.com/support/errata/RHSA-2007-0967.html http://www.redhat.com/support/errata/RHSA-2007-1068.html http://securitytracker.com/id?1018895 http://secunia.com/advisories/27538 http://secunia.com/advisories/27543 http://secunia.com/advisories/27547 http://secunia.com/advisories/27554 http://secunia.com/advisories/27598 http://secunia.com/advisories/27697 http://secunia.com/advisories/27741 http://secunia.com/advisories/27773 http://secunia.com/advisories/27965 http://secunia.com/advisories/28041 http://secunia.com/advisories/28136 http://secunia.com/advisories/28406 http://secunia.com/advisories/28414 http://secunia.com/advisories/28658 http://secunia.com/advisories/28714 http://secunia.com/advisories/28720 http://secunia.com/advisories/29267 http://secunia.com/advisories/29420 http://secunia.com/advisories/30106 http://secunia.com/advisories/30155 http://secunia.com/advisories/30219 SuSE Security Announcement: SUSE-SA:2007:062 (Google Search) http://www.novell.com/linux/security/advisories/2007_62_pcre.html SuSE Security Announcement: SUSE-SA:2008:004 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html SuSE Security Announcement: SUSE-SR:2007:025 (Google Search) http://www.novell.com/linux/security/advisories/2007_25_sr.html https://usn.ubuntu.com/547-1/ http://www.vupen.com/english/advisories/2007/3725 http://www.vupen.com/english/advisories/2007/3790 http://www.vupen.com/english/advisories/2007/4238 http://www.vupen.com/english/advisories/2008/0924/references XForce ISS Database: pcre-regex-code-execution(38272) https://exchange.xforce.ibmcloud.com/vulnerabilities/38272 Common Vulnerability Exposure (CVE) ID: CVE-2007-1660 Bugtraq: 20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus (Google Search) http://www.securityfocus.com/archive/1/490917/100/0/threaded http://www.mandriva.com/security/advisories?name=MDKSA-2007:213 http://lists.vmware.com/pipermail/security-announce/2008/000014.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10562 http://www.redhat.com/support/errata/RHSA-2007-0968.html http://www.redhat.com/support/errata/RHSA-2007-1063.html http://www.redhat.com/support/errata/RHSA-2007-1065.html http://www.redhat.com/support/errata/RHSA-2008-0546.html http://secunia.com/advisories/27776 http://secunia.com/advisories/27862 http://secunia.com/advisories/29785 http://secunia.com/advisories/31124 http://www.vupen.com/english/advisories/2008/1234/references XForce ISS Database: pcre-character-class-dos(38273) https://exchange.xforce.ibmcloud.com/vulnerabilities/38273
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com