MDKSA-2005:151 - Updated pcre packages fix integer overflow vulnerability
Posted on: 08/26/2005 05:29 AM

The Mandriva Security Team has published a new security update: MDKSA-2005:151 - Updated pcre packages fix integer overflow vulnerability for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: pcre
Advisory ID: MDKSA-2005:151
Date: August 25th, 2005

Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1,
Multi Network Firewall 2.0
______________________________________________________________________

Problem Description:

Integer overflow in pcre_compile.c in Perl Compatible Regular
Expressions (PCRE) before 6.2, as used in multiple products, allows
attackers to execute arbitrary code via quantifier values in regular
expressions, which leads to a heap-based buffer overflow.

The updated packages have been patched to correct this problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?nameƊN-2005-2491
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
309b57502a08710bc746463e40564c2e 10.0/RPMS/libpcre0-4.5-3.1.100mdk.i586.rpm
a7f390ea8291db6a913db92434ab4fd1 10.0/RPMS/libpcre0-devel-4.5-3.1.100mdk.i586.rpm
e7ad5f3caae546bc9f76d90c53d98131 10.0/RPMS/pcre-4.5-3.1.100mdk.i586.rpm
e832acf199d237eb25869d3e1dd1f3a5 10.0/SRPMS/pcre-4.5-3.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
5ec78978882ae59e235036f463caf728 amd64/10.0/RPMS/lib64pcre0-4.5-3.1.100mdk.amd64.rpm
c1ea77b8c96a64de277200642c0f39c4 amd64/10.0/RPMS/lib64pcre0-devel-4.5-3.1.100mdk.amd64.rpm
459960f18b926090eccfbae6faa0c84f amd64/10.0/RPMS/pcre-4.5-3.1.100mdk.amd64.rpm
e832acf199d237eb25869d3e1dd1f3a5 amd64/10.0/SRPMS/pcre-4.5-3.1.100mdk.src.rpm

Mandrakelinux 10.1:
5fb1ddf8ac2ed8bb2268bf3e18b64529 10.1/RPMS/libpcre0-4.5-5.1.101mdk.i586.rpm
819b1b79f017971f145b8c12b78cc593 10.1/RPMS/libpcre0-devel-4.5-5.1.101mdk.i586.rpm
acb97853ce1673ad72027ff5057428c0 10.1/RPMS/pcre-4.5-5.1.101mdk.i586.rpm
f4a2d968098de33876cc7ad022f4e751 10.1/SRPMS/pcre-4.5-5.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
03249093a10cb990ec3cc5a362924841 x86_64/10.1/RPMS/lib64pcre0-4.5-5.1.101mdk.x86_64.rpm
f74eadbea48228c62d1093622c6e9bb9 x86_64/10.1/RPMS/lib64pcre0-devel-4.5-5.1.101mdk.x86_64.rpm
1a0c903d0391d7f935786a84d2fa66eb x86_64/10.1/RPMS/pcre-4.5-5.1.101mdk.x86_64.rpm
f4a2d968098de33876cc7ad022f4e751 x86_64/10.1/SRPMS/pcre-4.5-5.1.101mdk.src.rpm

Mandrakelinux 10.2:
4b3dcaf88712905c07eb9d1eea48f426 10.2/RPMS/libpcre0-5.0-2.1.102mdk.i586.rpm
93f5253396e53c95b5aebb79a290957c 10.2/RPMS/libpcre0-devel-5.0-2.1.102mdk.i586.rpm
c42b2c321aacd8fc36aaed195aaed054 10.2/RPMS/pcre-5.0-2.1.102mdk.i586.rpm
c9bd1f6fd2816a6ff02c08533faa700a 10.2/SRPMS/pcre-5.0-2.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
9c16f12aec35bc1d32932ecf478e0672 x86_64/10.2/RPMS/lib64pcre0-5.0-2.1.102mdk.x86_64.rpm
93ff357fa977d8a26ac5a4a0ef2b6400 x86_64/10.2/RPMS/lib64pcre0-devel-5.0-2.1.102mdk.x86_64.rpm
a2ceb2799814de8984ca6707b497fce5 x86_64/10.2/RPMS/pcre-5.0-2.1.102mdk.x86_64.rpm
c9bd1f6fd2816a6ff02c08533faa700a x86_64/10.2/SRPMS/pcre-5.0-2.1.102mdk.src.rpm

Multi Network Firewall 2.0:
39a7d2f6d40af5ca22b7a78607b3217f mnf/2.0/RPMS/libpcre0-4.5-3.1.M20mdk.i586.rpm
de30c5803f323b1b124234c21f125b25 mnf/2.0/RPMS/pcre-4.5-3.1.M20mdk.i586.rpm
6c8e57198db4380e69017f8299ff40e5 mnf/2.0/SRPMS/pcre-4.5-3.1.M20mdk.src.rpm

Corporate Server 2.1:
de01932f1bb779c78999762bb5057653 corporate/2.1/RPMS/libpcre0-3.9-5.1.C21mdk.i586.rpm
2a7c71195755079fe3eee0fda834a7d9 corporate/2.1/RPMS/libpcre0-devel-3.9-5.1.C21mdk.i586.rpm
aae9df225a2bdafa9f60feeb397f5796 corporate/2.1/RPMS/pcre-3.9-5.1.C21mdk.i586.rpm
16ff4bcf36bba60143ac847e0ce91cb0 corporate/2.1/SRPMS/pcre-3.9-5.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
d310322b1038159b0270ae62140e8b4c x86_64/corporate/2.1/RPMS/libpcre0-3.9-5.1.C21mdk.x86_64.rpm
7977cc9ab34756f1653e96e996abdfb4 x86_64/corporate/2.1/RPMS/libpcre0-devel-3.9-5.1.C21mdk.x86_64.rpm
aad833aca80deac98d7157de58a9ef68 x86_64/corporate/2.1/RPMS/pcre-3.9-5.1.C21mdk.x86_64.rpm
16ff4bcf36bba60143ac847e0ce91cb0 x86_64/corporate/2.1/SRPMS/pcre-3.9-5.1.C21mdk.src.rpm

Corporate 3.0:
18dd263d0c809022c870a29899eeb8b3 corporate/3.0/RPMS/libpcre0-4.5-3.2.C30mdk.i586.rpm
674b5bba9b87dc2ed6e6fafe9c53abfc corporate/3.0/RPMS/libpcre0-devel-4.5-3.2.C30mdk.i586.rpm
d5df129d1e9d7800e1b9a97cccb96217 corporate/3.0/RPMS/pcre-4.5-3.2.C30mdk.i586.rpm
e9f3f1d4a19b0396481871aa0c398c16 corporate/3.0/SRPMS/pcre-4.5-3.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
a5a97684dac58a4bce9748039c961278 x86_64/corporate/3.0/RPMS/lib64pcre0-4.5-3.2.C30mdk.x86_64.rpm
d1dcd3f60940c3165d42b79c631b558d x86_64/corporate/3.0/RPMS/lib64pcre0-devel-4.5-3.2.C30mdk.x86_64.rpm
bc0dae706980d75df70c6080cb1968a4 x86_64/corporate/3.0/RPMS/pcre-4.5-3.2.C30mdk.x86_64.rpm
e9f3f1d4a19b0396481871aa0c398c16 x86_64/corporate/3.0/SRPMS/pcre-4.5-3.2.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDDkpnmqjQ0CJFipgRAu+AAJ4rpwF57tztJVaEmZcskC8xc1QhoQCfaFCK
Co3E1meGMO7bWPtcuVYDSi4=
=JArc
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/_mdksa_2005151__updated_pcre_packages_fix__integer_overflow_vulnerability.html)