Network Security Audits / Vulnerability Assessments by SecuritySpace

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2005-92
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 03 Oct 2005
Last revised: 03 Oct 2005

Package: pcre

Summary: Integer overflow

More information:
    The PCRE library is a set of functions that implement regular expression
    pattern matching using the same syntax and semantics as Perl 5, with just
    a few differences. The current implementation corresponds to Perl 5.005,
    with some additional features from later versions. This includes some
    experimental, incomplete support for UTF-8 encoded strings.

    The integer overflow vulnerabilities exist in pcre.

Impact:
    The pcre allows attackers to execute arbitrary code via quantifier values
    in regular expressions, which leads to a heap-based buffer overflow.

Affected Products:
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux Multimedia
    - Turbolinux Personal
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

Solution:
    Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F...,
  Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal]
# turbopkg
or
# zabom -u pcre pcre-devel

[other]
# turbopkg
or
# zabom update pcre pcre-devel
---------------------------------------------

<Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/pcre-3.9-5.src.rpm
       267745 e49f9a8236dbe1b02351c99ff8d891e0

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/pcre-3.9-5.i586.rpm
        54424 c8fe2edca010ac6bf725a3064cfead09
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/pcre-devel-3.9-5.i586.rpm
       115185 659d533637cb0c0fd7f2b994f8495d8a

<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/pcre-3.9-5.src.rpm
       267745 53871b28102833438f706955a4b10422

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/pcre-3.9-5.i586.rpm
        54777 532fca14de87378799ed3f38ec1f1ea1
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/pcre-debug-3.9-5.i586.rpm
       100005 30a816ed2dc0c7872cff70479fd77008
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/pcre-devel-3.9-5.i586.rpm
       115050 5962d8c0179a35a5f6eb82c80a864768

<Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/pcre-3.7-3.src.rpm
       266532 0ee3f55b6e04fbd61be42a91dded5345

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/pcre-3.7-3.i586.rpm
        55287 096c0a19969ec70f4e0c2bec1ca37dd7
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/pcre-devel-3.7-3.i586.rpm
       113994 92e2804f84bf68faae752173ca81ddfd

<Turbolinux 8 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/pcre-3.7-3.src.rpm
       266532 92b41682920496958d0454f75ab68371

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/pcre-3.7-3.i586.rpm
        55117 576fef608b7f46c04e45599abec3821f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/pcre-devel-3.7-3.i586.rpm
       114191 44ae89bd38bbffad6c269af88a65fd6c

<Turbolinux 7 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/pcre-3.4-2.src.rpm
       232837 f03b49fbd13ecc6e24411b3d2a1dbc0f

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/pcre-3.4-2.i586.rpm
        43336 82997c66aecdeebd8387466c3204ff80
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/pcre-devel-3.4-2.i586.rpm
        98324 26f9a76135391db43d90e86c76cccdce

<Turbolinux 7 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/pcre-3.4-2.src.rpm
       232837 318f184eda5bc3c94ff6b617c7a8fb20

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/pcre-3.4-2.i586.rpm
        43367 98bc9fa95a45e8667309cb05dbf35c1a
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/pcre-devel-3.4-2.i586.rpm
        98384 6bae1ac56b6caf7411d0a6ea845bb1ca

References:

CVE
   [CAN-2005-2491]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491

--------------------------------------------------------------------------
Revision History
    03 Oct 2005 Initial release
--------------------------------------------------------------------------

Copyright(C) 2005 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDQOy0K0LzjOqIJMwRAvbdAKCE3skJkq6sY+yQ8Bq1y5mZCCgyDgCgux6E
XR8XlE2npTwtTyV7KgbOwI0=
=N2SH
-----END PGP SIGNATURE-----