RHSA-2007:1052-02 Important: pcre security update
Posted on: 11/15/2007 02:35 PM

A new update is available for Red Hat Enterprise Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: pcre security update
Advisory ID: RHSA-2007:1052-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1052.html
Issue date: 2007-11-09
Updated on: 2007-11-15
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-4872 CVE-2006-7227
- ---------------------------------------------------------------------

1. Summary:

Updated pcre packages that correct security issues are now available for
Red Hat Enterprise Linux 4 and 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

[Updated 15 November 2007]
Further analysis of these flaws in PCRE has led to the single CVE
identifier CVE-2006-7224 being split into three separate identifiers and a
re-analysis of the risk of each of the flaws. We are therefore updating
the text of this advisory to use the correct CVE names for the two flaws
fixed by these erratum packages, and downgrading the security impact of
this advisory from critical to important. No changes have been made to the
packages themselves.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

PCRE is a Perl-compatible regular expression library.

Flaws were found in the way PCRE handles certain malformed regular
expressions. If an application linked against PCRE, such as Konqueror,
parses a malicious regular expression, it may be possible to run arbitrary
code as the user running the application. (CVE-2005-4872, CVE-2006-7227)

Users of PCRE are advised to upgrade to these updated packages, which
contain a backported patch to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

383341 - CVE-2006-7227 pcre integer overflow
383361 - CVE-2005-4872 pcre incorrect memory requirement computation

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/pcre-4.5-4.el4_5.4.src.rpm
49236e545db29026eea3109c3fdba5ae pcre-4.5-4.el4_5.4.src.rpm

i386:
6c4d5d457bdcd8d9d03b1e825077f55e pcre-4.5-4.el4_5.4.i386.rpm
f10161895acc6659bb081a51400f6c79 pcre-debuginfo-4.5-4.el4_5.4.i386.rpm
db9170f905d681c7b6a0ca283043da41 pcre-devel-4.5-4.el4_5.4.i386.rpm

ia64:
6c4d5d457bdcd8d9d03b1e825077f55e pcre-4.5-4.el4_5.4.i386.rpm
a9f0e8482a18d5c51a736ddb1c2344b5 pcre-4.5-4.el4_5.4.ia64.rpm
f10161895acc6659bb081a51400f6c79 pcre-debuginfo-4.5-4.el4_5.4.i386.rpm
732379892973afb39c50a375849021cc pcre-debuginfo-4.5-4.el4_5.4.ia64.rpm
2027d9e67ac017b59da16034cc89177c pcre-devel-4.5-4.el4_5.4.ia64.rpm

ppc:
f551684382e6beee3c585a13dd2bf652 pcre-4.5-4.el4_5.4.ppc.rpm
ecb064a62fa97b7b29d73dde82e4f7f4 pcre-4.5-4.el4_5.4.ppc64.rpm
158ecbc3d5e51d0fe2c64651200481b2 pcre-debuginfo-4.5-4.el4_5.4.ppc.rpm
3239b9b56d0ee1892635fd6223a4e99a pcre-debuginfo-4.5-4.el4_5.4.ppc64.rpm
c24ca5e4617e57414335b82d77867906 pcre-devel-4.5-4.el4_5.4.ppc.rpm

s390:
06e9196587cd01b1ff6fb6dc10247f47 pcre-4.5-4.el4_5.4.s390.rpm
bc79fe3e2811bf0bf47cc8a36b358cce pcre-debuginfo-4.5-4.el4_5.4.s390.rpm
ea0f4ca567fdddd5ef765ea13eefa98f pcre-devel-4.5-4.el4_5.4.s390.rpm

s390x:
06e9196587cd01b1ff6fb6dc10247f47 pcre-4.5-4.el4_5.4.s390.rpm
0bc4bab9367aef27216d568059340d43 pcre-4.5-4.el4_5.4.s390x.rpm
bc79fe3e2811bf0bf47cc8a36b358cce pcre-debuginfo-4.5-4.el4_5.4.s390.rpm
5cad83935892bb7a0f9b92df7cd6e8e4 pcre-debuginfo-4.5-4.el4_5.4.s390x.rpm
22218623a862c125c4be76ce819d9705 pcre-devel-4.5-4.el4_5.4.s390x.rpm

x86_64:
6c4d5d457bdcd8d9d03b1e825077f55e pcre-4.5-4.el4_5.4.i386.rpm
1c9d0bb0a1c176950e0469d92d48748a pcre-4.5-4.el4_5.4.x86_64.rpm
f10161895acc6659bb081a51400f6c79 pcre-debuginfo-4.5-4.el4_5.4.i386.rpm
c383e03fb1d6a1f561751b03030e6cde pcre-debuginfo-4.5-4.el4_5.4.x86_64.rpm
cb6ac02502f662374d4de938aa2e19c4 pcre-devel-4.5-4.el4_5.4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/pcre-4.5-4.el4_5.4.src.rpm
49236e545db29026eea3109c3fdba5ae pcre-4.5-4.el4_5.4.src.rpm

i386:
6c4d5d457bdcd8d9d03b1e825077f55e pcre-4.5-4.el4_5.4.i386.rpm
f10161895acc6659bb081a51400f6c79 pcre-debuginfo-4.5-4.el4_5.4.i386.rpm
db9170f905d681c7b6a0ca283043da41 pcre-devel-4.5-4.el4_5.4.i386.rpm

x86_64:
6c4d5d457bdcd8d9d03b1e825077f55e pcre-4.5-4.el4_5.4.i386.rpm
1c9d0bb0a1c176950e0469d92d48748a pcre-4.5-4.el4_5.4.x86_64.rpm
f10161895acc6659bb081a51400f6c79 pcre-debuginfo-4.5-4.el4_5.4.i386.rpm
c383e03fb1d6a1f561751b03030e6cde pcre-debuginfo-4.5-4.el4_5.4.x86_64.rpm
cb6ac02502f662374d4de938aa2e19c4 pcre-devel-4.5-4.el4_5.4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/pcre-4.5-4.el4_5.4.src.rpm
49236e545db29026eea3109c3fdba5ae pcre-4.5-4.el4_5.4.src.rpm

i386:
6c4d5d457bdcd8d9d03b1e825077f55e pcre-4.5-4.el4_5.4.i386.rpm
f10161895acc6659bb081a51400f6c79 pcre-debuginfo-4.5-4.el4_5.4.i386.rpm
db9170f905d681c7b6a0ca283043da41 pcre-devel-4.5-4.el4_5.4.i386.rpm

ia64:
6c4d5d457bdcd8d9d03b1e825077f55e pcre-4.5-4.el4_5.4.i386.rpm
a9f0e8482a18d5c51a736ddb1c2344b5 pcre-4.5-4.el4_5.4.ia64.rpm
f10161895acc6659bb081a51400f6c79 pcre-debuginfo-4.5-4.el4_5.4.i386.rpm
732379892973afb39c50a375849021cc pcre-debuginfo-4.5-4.el4_5.4.ia64.rpm
2027d9e67ac017b59da16034cc89177c pcre-devel-4.5-4.el4_5.4.ia64.rpm

x86_64:
6c4d5d457bdcd8d9d03b1e825077f55e pcre-4.5-4.el4_5.4.i386.rpm
1c9d0bb0a1c176950e0469d92d48748a pcre-4.5-4.el4_5.4.x86_64.rpm
f10161895acc6659bb081a51400f6c79 pcre-debuginfo-4.5-4.el4_5.4.i386.rpm
c383e03fb1d6a1f561751b03030e6cde pcre-debuginfo-4.5-4.el4_5.4.x86_64.rpm
cb6ac02502f662374d4de938aa2e19c4 pcre-devel-4.5-4.el4_5.4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/pcre-4.5-4.el4_5.4.src.rpm
49236e545db29026eea3109c3fdba5ae pcre-4.5-4.el4_5.4.src.rpm

i386:
6c4d5d457bdcd8d9d03b1e825077f55e pcre-4.5-4.el4_5.4.i386.rpm
f10161895acc6659bb081a51400f6c79 pcre-debuginfo-4.5-4.el4_5.4.i386.rpm
db9170f905d681c7b6a0ca283043da41 pcre-devel-4.5-4.el4_5.4.i386.rpm

ia64:
6c4d5d457bdcd8d9d03b1e825077f55e pcre-4.5-4.el4_5.4.i386.rpm
a9f0e8482a18d5c51a736ddb1c2344b5 pcre-4.5-4.el4_5.4.ia64.rpm
f10161895acc6659bb081a51400f6c79 pcre-debuginfo-4.5-4.el4_5.4.i386.rpm
732379892973afb39c50a375849021cc pcre-debuginfo-4.5-4.el4_5.4.ia64.rpm
2027d9e67ac017b59da16034cc89177c pcre-devel-4.5-4.el4_5.4.ia64.rpm

x86_64:
6c4d5d457bdcd8d9d03b1e825077f55e pcre-4.5-4.el4_5.4.i386.rpm
1c9d0bb0a1c176950e0469d92d48748a pcre-4.5-4.el4_5.4.x86_64.rpm
f10161895acc6659bb081a51400f6c79 pcre-debuginfo-4.5-4.el4_5.4.i386.rpm
c383e03fb1d6a1f561751b03030e6cde pcre-debuginfo-4.5-4.el4_5.4.x86_64.rpm
cb6ac02502f662374d4de938aa2e19c4 pcre-devel-4.5-4.el4_5.4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pcre-6.6-2.el5_1.1.src.rpm
230040f3f36e5664ce5a6671334f6ddb pcre-6.6-2.el5_1.1.src.rpm

i386:
0bedc083211d95e89d11fbbddc07e968 pcre-6.6-2.el5_1.1.i386.rpm
57892457eef33e35b1fc5528a42bcd94 pcre-debuginfo-6.6-2.el5_1.1.i386.rpm

x86_64:
0bedc083211d95e89d11fbbddc07e968 pcre-6.6-2.el5_1.1.i386.rpm
6ce8eee6c331ca63a39e0fe03c7fb985 pcre-6.6-2.el5_1.1.x86_64.rpm
57892457eef33e35b1fc5528a42bcd94 pcre-debuginfo-6.6-2.el5_1.1.i386.rpm
1cac5a613d8b28267e8db6f7cb2afd46 pcre-debuginfo-6.6-2.el5_1.1.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pcre-6.6-2.el5_1.1.src.rpm
230040f3f36e5664ce5a6671334f6ddb pcre-6.6-2.el5_1.1.src.rpm

i386:
57892457eef33e35b1fc5528a42bcd94 pcre-debuginfo-6.6-2.el5_1.1.i386.rpm
c53d0803d49bf739b59539eb5782f43f pcre-devel-6.6-2.el5_1.1.i386.rpm

x86_64:
57892457eef33e35b1fc5528a42bcd94 pcre-debuginfo-6.6-2.el5_1.1.i386.rpm
1cac5a613d8b28267e8db6f7cb2afd46 pcre-debuginfo-6.6-2.el5_1.1.x86_64.rpm
c53d0803d49bf739b59539eb5782f43f pcre-devel-6.6-2.el5_1.1.i386.rpm
cc64b53c0d0b0d4fac6429baad17fba2 pcre-devel-6.6-2.el5_1.1.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/pcre-6.6-2.el5_1.1.src.rpm
230040f3f36e5664ce5a6671334f6ddb pcre-6.6-2.el5_1.1.src.rpm

i386:
0bedc083211d95e89d11fbbddc07e968 pcre-6.6-2.el5_1.1.i386.rpm
57892457eef33e35b1fc5528a42bcd94 pcre-debuginfo-6.6-2.el5_1.1.i386.rpm
c53d0803d49bf739b59539eb5782f43f pcre-devel-6.6-2.el5_1.1.i386.rpm

ia64:
b7ef7d4d91f0425011c348e81140a5f3 pcre-6.6-2.el5_1.1.ia64.rpm
888ea998576acca5a6a8529c2da64f87 pcre-debuginfo-6.6-2.el5_1.1.ia64.rpm
a424e60ea30261a2650124df2fe0b914 pcre-devel-6.6-2.el5_1.1.ia64.rpm

ppc:
8f903834f10271879e1a08d87987cad1 pcre-6.6-2.el5_1.1.ppc.rpm
cea8361d9d14c7fae8a57274ea02b33b pcre-6.6-2.el5_1.1.ppc64.rpm
ffec123b0c84c123042501d9511030b5 pcre-debuginfo-6.6-2.el5_1.1.ppc.rpm
30e0adc7d5a7798dec12dbb04cd15e31 pcre-debuginfo-6.6-2.el5_1.1.ppc64.rpm
3423c3eb767d485eb26e6808b2204cf1 pcre-devel-6.6-2.el5_1.1.ppc.rpm
d7b38446e64240c6d8e442552e9f5dbb pcre-devel-6.6-2.el5_1.1.ppc64.rpm

s390x:
b06798c560af2b94f7e7b6448cdeefac pcre-6.6-2.el5_1.1.s390.rpm
bf9ec28737e79e899638a08b74f3fbf5 pcre-6.6-2.el5_1.1.s390x.rpm
3e4d44a6ed3dea1629280c91000ff5a5 pcre-debuginfo-6.6-2.el5_1.1.s390.rpm
5e3fef773f0a841bf5c4b2c448a52327 pcre-debuginfo-6.6-2.el5_1.1.s390x.rpm
ca23b3b464e301f25229e9d5fd654909 pcre-devel-6.6-2.el5_1.1.s390.rpm
bb72d6e9246bbe645dcb9eecef9d6fe6 pcre-devel-6.6-2.el5_1.1.s390x.rpm

x86_64:
0bedc083211d95e89d11fbbddc07e968 pcre-6.6-2.el5_1.1.i386.rpm
6ce8eee6c331ca63a39e0fe03c7fb985 pcre-6.6-2.el5_1.1.x86_64.rpm
57892457eef33e35b1fc5528a42bcd94 pcre-debuginfo-6.6-2.el5_1.1.i386.rpm
1cac5a613d8b28267e8db6f7cb2afd46 pcre-debuginfo-6.6-2.el5_1.1.x86_64.rpm
c53d0803d49bf739b59539eb5782f43f pcre-devel-6.6-2.el5_1.1.i386.rpm
cc64b53c0d0b0d4fac6429baad17fba2 pcre-devel-6.6-2.el5_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7227
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHPDvxXlSAg2UNWIIRAj+NAJ9iOc/bFA1fLE9qVSsUoZwCjYFFrwCeMGCz
IC/iCahfVY63CDvyFzO+6Fw=
=nQWq
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_20071052_02_important_pcre_security_update.html)