Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60550
Category:Fedora Local Security Checks
Title:Fedora Core 7 FEDORA-2008-1842 (pcre)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to pcre
announced via advisory FEDORA-2008-1842.

Update Information:

This update re-based pcre to version 7.3 as used in
Fedora 8 to address multiple security issues that cause
memory corruption, leading to application crash or
possible execution of arbitrary code.

This issue may affect usages of pcre, where regular
expressions from untrusted sources are compiled. Handling of
untrusted data using trusted regular expressions is not
affected by these problems.

ChangeLog:

* Tue Feb 12 2008 Tomas Hoger - 7.3-3
- Backport patch from upstream pcre 7.6 to address buffer overflow
caused by a character class containing a very large number of
characters with codepoints greater than 255 (in UTF-8 mode)
CVE-2008-0674, #431660
- Try re-enabling make check again.

References:

[ 1 ] Bug #315871 - CVE-2007-1659 pcre regular expression flaws
https://bugzilla.redhat.com/show_bug.cgi?id=315871
[ 2 ] Bug #392891 - CVE-2007-4766: pcre < 7.3 integer overflows
https://bugzilla.redhat.com/show_bug.cgi?id=392891
[ 3 ] Bug #392901 - CVE-2007-4767: pcre < 7.3 \p, \P, \P{x] length calculation issue
https://bugzilla.redhat.com/show_bug.cgi?id=392901
[ 4 ] Bug #392911 - CVE-2007-4768: pcre before 7.3 incorrect unicode in char class optimization
https://bugzilla.redhat.com/show_bug.cgi?id=392911
[ 5 ] Bug #392921 - CVE-2007-1662: pcre < 7.3 unmatched bracket/paren past EoS read issue
https://bugzilla.redhat.com/show_bug.cgi?id=392921
[ 6 ] Bug #392931 - CVE-2007-1661: pcre < 7.3 non-UTF-8 over-backtracking issue
https://bugzilla.redhat.com/show_bug.cgi?id=392931
[ 7 ] Bug #431660 - pcre: buffer overflow via large UTF-8 character class
https://bugzilla.redhat.com/show_bug.cgi?id=431660

Solution: Apply the appropriate updates.

This update can be installed with the yum update program. Use
su -c 'yum update pcre' at the command line.
For more information, refer to Managing Software with yum,
available at http://docs.fedoraproject.org/yum/.

http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2008-1842

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-1659
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
BugTraq ID: 26346
http://www.securityfocus.com/bid/26346
Bugtraq: 20071106 rPSA-2007-0231-1 pcre (Google Search)
http://www.securityfocus.com/archive/1/483357/100/0/threaded
Bugtraq: 20071112 FLEA-2007-0064-1 pcre (Google Search)
http://www.securityfocus.com/archive/1/483579/100/0/threaded
Cert/CC Advisory: TA07-352A
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
Debian Security Information: DSA-1399 (Google Search)
http://www.debian.org/security/2007/dsa-1399
Debian Security Information: DSA-1570 (Google Search)
http://www.debian.org/security/2008/dsa-1570
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html
http://security.gentoo.org/glsa/glsa-200711-30.xml
http://security.gentoo.org/glsa/glsa-200801-02.xml
http://security.gentoo.org/glsa/glsa-200801-18.xml
http://security.gentoo.org/glsa/glsa-200801-19.xml
http://security.gentoo.org/glsa/glsa-200805-11.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:211
http://www.mandriva.com/security/advisories?name=MDKSA-2007:212
http://www.mandriva.com/security/advisories?name=MDVSA-2008:030
http://bugs.gentoo.org/show_bug.cgi?id=198976
http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9725
http://www.redhat.com/support/errata/RHSA-2007-0967.html
http://www.redhat.com/support/errata/RHSA-2007-1068.html
http://securitytracker.com/id?1018895
http://secunia.com/advisories/27538
http://secunia.com/advisories/27543
http://secunia.com/advisories/27547
http://secunia.com/advisories/27554
http://secunia.com/advisories/27598
http://secunia.com/advisories/27697
http://secunia.com/advisories/27741
http://secunia.com/advisories/27773
http://secunia.com/advisories/27965
http://secunia.com/advisories/28041
http://secunia.com/advisories/28136
http://secunia.com/advisories/28406
http://secunia.com/advisories/28414
http://secunia.com/advisories/28658
http://secunia.com/advisories/28714
http://secunia.com/advisories/28720
http://secunia.com/advisories/29267
http://secunia.com/advisories/29420
http://secunia.com/advisories/30106
http://secunia.com/advisories/30155
http://secunia.com/advisories/30219
SuSE Security Announcement: SUSE-SA:2007:062 (Google Search)
http://www.novell.com/linux/security/advisories/2007_62_pcre.html
SuSE Security Announcement: SUSE-SA:2008:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
SuSE Security Announcement: SUSE-SR:2007:025 (Google Search)
http://www.novell.com/linux/security/advisories/2007_25_sr.html
https://usn.ubuntu.com/547-1/
http://www.vupen.com/english/advisories/2007/3725
http://www.vupen.com/english/advisories/2007/3790
http://www.vupen.com/english/advisories/2007/4238
http://www.vupen.com/english/advisories/2008/0924/references
XForce ISS Database: pcre-regex-code-execution(38272)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38272
Common Vulnerability Exposure (CVE) ID: CVE-2007-1661
XForce ISS Database: pcre-nonutf8-dos(38274)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38274
Common Vulnerability Exposure (CVE) ID: CVE-2007-1662
XForce ISS Database: pcre-unmatched-dos(38275)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38275
Common Vulnerability Exposure (CVE) ID: CVE-2007-4766
XForce ISS Database: pcre-escape-sequence-overflow(38276)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38276
Common Vulnerability Exposure (CVE) ID: CVE-2007-4767
XForce ISS Database: pcre-p-sequence-bo(38277)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38277
Common Vulnerability Exposure (CVE) ID: CVE-2007-4768
Cert/CC Advisory: TA07-355A
http://www.us-cert.gov/cas/techalerts/TA07-355A.html
http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9701
http://www.redhat.com/support/errata/RHSA-2007-1126.html
http://securitytracker.com/id?1019116
http://secunia.com/advisories/28157
http://secunia.com/advisories/28161
http://secunia.com/advisories/28213
http://secunia.com/advisories/28570
http://secunia.com/advisories/30507
http://secunia.com/advisories/30840
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1
SuSE Security Announcement: SUSE-SA:2007:069 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html
http://www.vupen.com/english/advisories/2007/4258
http://www.vupen.com/english/advisories/2008/1724/references
http://www.vupen.com/english/advisories/2008/1966/references
XForce ISS Database: pcre-class-unicode-bo(38278)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38278
Common Vulnerability Exposure (CVE) ID: CVE-2008-0674
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
BugTraq ID: 27786
http://www.securityfocus.com/bid/27786
BugTraq ID: 29009
http://www.securityfocus.com/bid/29009
BugTraq ID: 31681
http://www.securityfocus.com/bid/31681
Bugtraq: 20080228 rPSA-2008-0086-1 pcre (Google Search)
http://www.securityfocus.com/archive/1/488927/100/0/threaded
Bugtraq: 20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search)
http://www.securityfocus.com/archive/1/492535/100/0/threaded
Cert/CC Advisory: TA09-218A
http://www.us-cert.gov/cas/techalerts/TA09-218A.html
Debian Security Information: DSA-1499 (Google Search)
http://www.debian.org/security/2008/dsa-1499
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00371.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00632.html
http://security.gentoo.org/glsa/glsa-200803-24.xml
http://security.gentoo.org/glsa/glsa-200811-05.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:053
http://www.openwall.com/lists/oss-security/2008/05/02/2
http://www.securitytracker.com/id?1022674
http://secunia.com/advisories/28923
http://secunia.com/advisories/28957
http://secunia.com/advisories/28960
http://secunia.com/advisories/28985
http://secunia.com/advisories/28996
http://secunia.com/advisories/29027
http://secunia.com/advisories/29048
http://secunia.com/advisories/29175
http://secunia.com/advisories/29282
http://secunia.com/advisories/30048
http://secunia.com/advisories/30345
http://secunia.com/advisories/31326
http://secunia.com/advisories/32222
http://secunia.com/advisories/32746
http://secunia.com/advisories/36096
SuSE Security Announcement: SUSE-SR:2008:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html
https://usn.ubuntu.com/581-1/
http://www.vupen.com/english/advisories/2008/0570
http://www.vupen.com/english/advisories/2008/0592
http://www.vupen.com/english/advisories/2008/1412
http://www.vupen.com/english/advisories/2008/2268
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2009/2172
XForce ISS Database: pcre-characterclass-bo(40505)
https://exchange.xforce.ibmcloud.com/vulnerabilities/40505
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.