Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Fedora Local Security Checks
Title:Fedora Core 7 FEDORA-2008-1842 (pcre)

The remote host is missing an update to pcre
announced via advisory FEDORA-2008-1842.

Update Information:

This update re-based pcre to version 7.3 as used in
Fedora 8 to address multiple security issues that cause
memory corruption, leading to application crash or
possible execution of arbitrary code.

This issue may affect usages of pcre, where regular
expressions from untrusted sources are compiled. Handling of
untrusted data using trusted regular expressions is not
affected by these problems.


* Tue Feb 12 2008 Tomas Hoger - 7.3-3
- Backport patch from upstream pcre 7.6 to address buffer overflow
caused by a character class containing a very large number of
characters with codepoints greater than 255 (in UTF-8 mode)
CVE-2008-0674, #431660
- Try re-enabling make check again.


[ 1 ] Bug #315871 - CVE-2007-1659 pcre regular expression flaws
[ 2 ] Bug #392891 - CVE-2007-4766: pcre < 7.3 integer overflows
[ 3 ] Bug #392901 - CVE-2007-4767: pcre < 7.3 \p, \P, \P{x] length calculation issue
[ 4 ] Bug #392911 - CVE-2007-4768: pcre before 7.3 incorrect unicode in char class optimization
[ 5 ] Bug #392921 - CVE-2007-1662: pcre < 7.3 unmatched bracket/paren past EoS read issue
[ 6 ] Bug #392931 - CVE-2007-1661: pcre < 7.3 non-UTF-8 over-backtracking issue
[ 7 ] Bug #431660 - pcre: buffer overflow via large UTF-8 character class

Solution: Apply the appropriate updates.

This update can be installed with the yum update program. Use
su -c 'yum update pcre' at the command line.
For more information, refer to Managing Software with yum,
available at

Risk factor : High

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-1659
BugTraq ID: 26346
Bugtraq: 20071106 rPSA-2007-0231-1 pcre (Google Search)
Bugtraq: 20071112 FLEA-2007-0064-1 pcre (Google Search)
Cert/CC Advisory: TA07-352A
Debian Security Information: DSA-1399 (Google Search)
Debian Security Information: DSA-1570 (Google Search)
SuSE Security Announcement: SUSE-SA:2007:062 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:004 (Google Search)
SuSE Security Announcement: SUSE-SR:2007:025 (Google Search)
XForce ISS Database: pcre-regex-code-execution(38272)
Common Vulnerability Exposure (CVE) ID: CVE-2007-1661
XForce ISS Database: pcre-nonutf8-dos(38274)
Common Vulnerability Exposure (CVE) ID: CVE-2007-1662
XForce ISS Database: pcre-unmatched-dos(38275)
Common Vulnerability Exposure (CVE) ID: CVE-2007-4766
XForce ISS Database: pcre-escape-sequence-overflow(38276)
Common Vulnerability Exposure (CVE) ID: CVE-2007-4767
XForce ISS Database: pcre-p-sequence-bo(38277)
Common Vulnerability Exposure (CVE) ID: CVE-2007-4768
Cert/CC Advisory: TA07-355A
SuSE Security Announcement: SUSE-SA:2007:069 (Google Search)
XForce ISS Database: pcre-class-unicode-bo(38278)
Common Vulnerability Exposure (CVE) ID: CVE-2008-0674
BugTraq ID: 27786
BugTraq ID: 29009
BugTraq ID: 31681
Bugtraq: 20080228 rPSA-2008-0086-1 pcre (Google Search)
Bugtraq: 20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search)
Cert/CC Advisory: TA09-218A
Debian Security Information: DSA-1499 (Google Search)
SuSE Security Announcement: SUSE-SR:2008:004 (Google Search)
XForce ISS Database: pcre-characterclass-bo(40505)
CopyrightCopyright (c) 2008 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.