- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Critical: pcre security update
Advisory ID:       RHSA-2007:0968-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2007:0968.html
Issue date:        2007-11-05
Updated on:        2007-11-05
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-1660 
- ---------------------------------------------------------------------1. Summary:

Updated pcre packages that correct two security flaws are now available for
Red Hat Enterprise Linux 4.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

PCRE is a Perl-compatible regular expression library.

Multiple flaws were found in the way pcre handles certain malformed regular
expressions. If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it may be possible to run arbitrary
code as the user running the application. (CVE-2007-1660)

Users of pcre are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

Red Hat would like to thank Tavis Ormandy and Will Drewry for properly
disclosing these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at

5. Bug IDs fixed (http://bugzilla.redhat.com/):

315881 - CVE-2007-1660 pcre regular expression flaws

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
d2bf1a695fbb25449e583dcdf1c2adc3  pcre-4.5-4.el4_5.1.src.rpm

i386:
170f0f43d5605415c654ccbec4272b76  pcre-4.5-4.el4_5.1.i386.rpm
32650c48544f61597d23051c343419a9  pcre-debuginfo-4.5-4.el4_5.1.i386.rpm
25e5f95b21f055328b7f223b82682c18  pcre-devel-4.5-4.el4_5.1.i386.rpm

ia64:
170f0f43d5605415c654ccbec4272b76  pcre-4.5-4.el4_5.1.i386.rpm
09735dc1d899a27490fbaefbf801e453  pcre-4.5-4.el4_5.1.ia64.rpm
32650c48544f61597d23051c343419a9  pcre-debuginfo-4.5-4.el4_5.1.i386.rpm
b9fd1bfce2d9c0761b0610ddde2c1607  pcre-debuginfo-4.5-4.el4_5.1.ia64.rpm
3e3c83e3a8c1b28b1d5d5a3e2efbf8f0  pcre-devel-4.5-4.el4_5.1.ia64.rpm

ppc:
39ceb7698118cfb31004434f6ce39e2f  pcre-4.5-4.el4_5.1.ppc.rpm
7a66762a3067ff36eb141d50e2f178c2  pcre-4.5-4.el4_5.1.ppc64.rpm
9db9c301f7ec374a635ec959b4446510  pcre-debuginfo-4.5-4.el4_5.1.ppc.rpm
1ddcaf1d63b2ad06ba199867e910c3f6  pcre-debuginfo-4.5-4.el4_5.1.ppc64.rpm
27c02138dc61651befd584d7564e87c1  pcre-devel-4.5-4.el4_5.1.ppc.rpm

s390:
d29fff61e69fc677350e8dce17f6dc2d  pcre-4.5-4.el4_5.1.s390.rpm
6e4505ff2cab4ef9623efba1301bb291  pcre-debuginfo-4.5-4.el4_5.1.s390.rpm
f17dc61991ff18330387a01022878cd1  pcre-devel-4.5-4.el4_5.1.s390.rpm

s390x:
d29fff61e69fc677350e8dce17f6dc2d  pcre-4.5-4.el4_5.1.s390.rpm
233bf6ee5aab5c1394589b35e0a240ac  pcre-4.5-4.el4_5.1.s390x.rpm
6e4505ff2cab4ef9623efba1301bb291  pcre-debuginfo-4.5-4.el4_5.1.s390.rpm
4b712a174827d3aa67cfaf73ab583114  pcre-debuginfo-4.5-4.el4_5.1.s390x.rpm
43b1cdaf5aba84efc34b6219a411e1c8  pcre-devel-4.5-4.el4_5.1.s390x.rpm

x86_64:
170f0f43d5605415c654ccbec4272b76  pcre-4.5-4.el4_5.1.i386.rpm
96c23c6f94616735252c926308bd5037  pcre-4.5-4.el4_5.1.x86_64.rpm
32650c48544f61597d23051c343419a9  pcre-debuginfo-4.5-4.el4_5.1.i386.rpm
8495cf879c626cb9e9d661cc472ebb0a  pcre-debuginfo-4.5-4.el4_5.1.x86_64.rpm
91ace1c63dd58660bd06673252f992d7  pcre-devel-4.5-4.el4_5.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
d2bf1a695fbb25449e583dcdf1c2adc3  pcre-4.5-4.el4_5.1.src.rpm

i386:
170f0f43d5605415c654ccbec4272b76  pcre-4.5-4.el4_5.1.i386.rpm
32650c48544f61597d23051c343419a9  pcre-debuginfo-4.5-4.el4_5.1.i386.rpm
25e5f95b21f055328b7f223b82682c18  pcre-devel-4.5-4.el4_5.1.i386.rpm

x86_64:
170f0f43d5605415c654ccbec4272b76  pcre-4.5-4.el4_5.1.i386.rpm
96c23c6f94616735252c926308bd5037  pcre-4.5-4.el4_5.1.x86_64.rpm
32650c48544f61597d23051c343419a9  pcre-debuginfo-4.5-4.el4_5.1.i386.rpm
8495cf879c626cb9e9d661cc472ebb0a  pcre-debuginfo-4.5-4.el4_5.1.x86_64.rpm
91ace1c63dd58660bd06673252f992d7  pcre-devel-4.5-4.el4_5.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
d2bf1a695fbb25449e583dcdf1c2adc3  pcre-4.5-4.el4_5.1.src.rpm

i386:
170f0f43d5605415c654ccbec4272b76  pcre-4.5-4.el4_5.1.i386.rpm
32650c48544f61597d23051c343419a9  pcre-debuginfo-4.5-4.el4_5.1.i386.rpm
25e5f95b21f055328b7f223b82682c18  pcre-devel-4.5-4.el4_5.1.i386.rpm

ia64:
170f0f43d5605415c654ccbec4272b76  pcre-4.5-4.el4_5.1.i386.rpm
09735dc1d899a27490fbaefbf801e453  pcre-4.5-4.el4_5.1.ia64.rpm
32650c48544f61597d23051c343419a9  pcre-debuginfo-4.5-4.el4_5.1.i386.rpm
b9fd1bfce2d9c0761b0610ddde2c1607  pcre-debuginfo-4.5-4.el4_5.1.ia64.rpm
3e3c83e3a8c1b28b1d5d5a3e2efbf8f0  pcre-devel-4.5-4.el4_5.1.ia64.rpm

x86_64:
170f0f43d5605415c654ccbec4272b76  pcre-4.5-4.el4_5.1.i386.rpm
96c23c6f94616735252c926308bd5037  pcre-4.5-4.el4_5.1.x86_64.rpm
32650c48544f61597d23051c343419a9  pcre-debuginfo-4.5-4.el4_5.1.i386.rpm
8495cf879c626cb9e9d661cc472ebb0a  pcre-debuginfo-4.5-4.el4_5.1.x86_64.rpm
91ace1c63dd58660bd06673252f992d7  pcre-devel-4.5-4.el4_5.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
d2bf1a695fbb25449e583dcdf1c2adc3  pcre-4.5-4.el4_5.1.src.rpm

i386:
170f0f43d5605415c654ccbec4272b76  pcre-4.5-4.el4_5.1.i386.rpm
32650c48544f61597d23051c343419a9  pcre-debuginfo-4.5-4.el4_5.1.i386.rpm
25e5f95b21f055328b7f223b82682c18  pcre-devel-4.5-4.el4_5.1.i386.rpm

ia64:
170f0f43d5605415c654ccbec4272b76  pcre-4.5-4.el4_5.1.i386.rpm
09735dc1d899a27490fbaefbf801e453  pcre-4.5-4.el4_5.1.ia64.rpm
32650c48544f61597d23051c343419a9  pcre-debuginfo-4.5-4.el4_5.1.i386.rpm
b9fd1bfce2d9c0761b0610ddde2c1607  pcre-debuginfo-4.5-4.el4_5.1.ia64.rpm
3e3c83e3a8c1b28b1d5d5a3e2efbf8f0  pcre-devel-4.5-4.el4_5.1.ia64.rpm

x86_64:
170f0f43d5605415c654ccbec4272b76  pcre-4.5-4.el4_5.1.i386.rpm
96c23c6f94616735252c926308bd5037  pcre-4.5-4.el4_5.1.x86_64.rpm
32650c48544f61597d23051c343419a9  pcre-debuginfo-4.5-4.el4_5.1.i386.rpm
8495cf879c626cb9e9d661cc472ebb0a  pcre-debuginfo-4.5-4.el4_5.1.x86_64.rpm
91ace1c63dd58660bd06673252f992d7  pcre-devel-4.5-4.el4_5.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1660
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.

RedHat: Critical: pcre security update

Updated pcre packages that correct two security flaws are now available for Red Hat Enterprise Linux 4

Summary



Summary

PCRE is a Perl-compatible regular expression library. Multiple flaws were found in the way pcre handles certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it may be possible to run arbitrary code as the user running the application. (CVE-2007-1660) Users of pcre are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Red Hat would like to thank Tavis Ormandy and Will Drewry for properly disclosing these issues.


Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at
5. Bug IDs fixed (http://bugzilla.redhat.com/):
315881 - CVE-2007-1660 pcre regular expression flaws
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS: d2bf1a695fbb25449e583dcdf1c2adc3 pcre-4.5-4.el4_5.1.src.rpm
i386: 170f0f43d5605415c654ccbec4272b76 pcre-4.5-4.el4_5.1.i386.rpm 32650c48544f61597d23051c343419a9 pcre-debuginfo-4.5-4.el4_5.1.i386.rpm 25e5f95b21f055328b7f223b82682c18 pcre-devel-4.5-4.el4_5.1.i386.rpm
ia64: 170f0f43d5605415c654ccbec4272b76 pcre-4.5-4.el4_5.1.i386.rpm 09735dc1d899a27490fbaefbf801e453 pcre-4.5-4.el4_5.1.ia64.rpm 32650c48544f61597d23051c343419a9 pcre-debuginfo-4.5-4.el4_5.1.i386.rpm b9fd1bfce2d9c0761b0610ddde2c1607 pcre-debuginfo-4.5-4.el4_5.1.ia64.rpm 3e3c83e3a8c1b28b1d5d5a3e2efbf8f0 pcre-devel-4.5-4.el4_5.1.ia64.rpm
ppc: 39ceb7698118cfb31004434f6ce39e2f pcre-4.5-4.el4_5.1.ppc.rpm 7a66762a3067ff36eb141d50e2f178c2 pcre-4.5-4.el4_5.1.ppc64.rpm 9db9c301f7ec374a635ec959b4446510 pcre-debuginfo-4.5-4.el4_5.1.ppc.rpm 1ddcaf1d63b2ad06ba199867e910c3f6 pcre-debuginfo-4.5-4.el4_5.1.ppc64.rpm 27c02138dc61651befd584d7564e87c1 pcre-devel-4.5-4.el4_5.1.ppc.rpm
s390: d29fff61e69fc677350e8dce17f6dc2d pcre-4.5-4.el4_5.1.s390.rpm 6e4505ff2cab4ef9623efba1301bb291 pcre-debuginfo-4.5-4.el4_5.1.s390.rpm f17dc61991ff18330387a01022878cd1 pcre-devel-4.5-4.el4_5.1.s390.rpm
s390x: d29fff61e69fc677350e8dce17f6dc2d pcre-4.5-4.el4_5.1.s390.rpm 233bf6ee5aab5c1394589b35e0a240ac pcre-4.5-4.el4_5.1.s390x.rpm 6e4505ff2cab4ef9623efba1301bb291 pcre-debuginfo-4.5-4.el4_5.1.s390.rpm 4b712a174827d3aa67cfaf73ab583114 pcre-debuginfo-4.5-4.el4_5.1.s390x.rpm 43b1cdaf5aba84efc34b6219a411e1c8 pcre-devel-4.5-4.el4_5.1.s390x.rpm
x86_64: 170f0f43d5605415c654ccbec4272b76 pcre-4.5-4.el4_5.1.i386.rpm 96c23c6f94616735252c926308bd5037 pcre-4.5-4.el4_5.1.x86_64.rpm 32650c48544f61597d23051c343419a9 pcre-debuginfo-4.5-4.el4_5.1.i386.rpm 8495cf879c626cb9e9d661cc472ebb0a pcre-debuginfo-4.5-4.el4_5.1.x86_64.rpm 91ace1c63dd58660bd06673252f992d7 pcre-devel-4.5-4.el4_5.1.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: d2bf1a695fbb25449e583dcdf1c2adc3 pcre-4.5-4.el4_5.1.src.rpm
i386: 170f0f43d5605415c654ccbec4272b76 pcre-4.5-4.el4_5.1.i386.rpm 32650c48544f61597d23051c343419a9 pcre-debuginfo-4.5-4.el4_5.1.i386.rpm 25e5f95b21f055328b7f223b82682c18 pcre-devel-4.5-4.el4_5.1.i386.rpm
x86_64: 170f0f43d5605415c654ccbec4272b76 pcre-4.5-4.el4_5.1.i386.rpm 96c23c6f94616735252c926308bd5037 pcre-4.5-4.el4_5.1.x86_64.rpm 32650c48544f61597d23051c343419a9 pcre-debuginfo-4.5-4.el4_5.1.i386.rpm 8495cf879c626cb9e9d661cc472ebb0a pcre-debuginfo-4.5-4.el4_5.1.x86_64.rpm 91ace1c63dd58660bd06673252f992d7 pcre-devel-4.5-4.el4_5.1.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: d2bf1a695fbb25449e583dcdf1c2adc3 pcre-4.5-4.el4_5.1.src.rpm
i386: 170f0f43d5605415c654ccbec4272b76 pcre-4.5-4.el4_5.1.i386.rpm 32650c48544f61597d23051c343419a9 pcre-debuginfo-4.5-4.el4_5.1.i386.rpm 25e5f95b21f055328b7f223b82682c18 pcre-devel-4.5-4.el4_5.1.i386.rpm
ia64: 170f0f43d5605415c654ccbec4272b76 pcre-4.5-4.el4_5.1.i386.rpm 09735dc1d899a27490fbaefbf801e453 pcre-4.5-4.el4_5.1.ia64.rpm 32650c48544f61597d23051c343419a9 pcre-debuginfo-4.5-4.el4_5.1.i386.rpm b9fd1bfce2d9c0761b0610ddde2c1607 pcre-debuginfo-4.5-4.el4_5.1.ia64.rpm 3e3c83e3a8c1b28b1d5d5a3e2efbf8f0 pcre-devel-4.5-4.el4_5.1.ia64.rpm
x86_64: 170f0f43d5605415c654ccbec4272b76 pcre-4.5-4.el4_5.1.i386.rpm 96c23c6f94616735252c926308bd5037 pcre-4.5-4.el4_5.1.x86_64.rpm 32650c48544f61597d23051c343419a9 pcre-debuginfo-4.5-4.el4_5.1.i386.rpm 8495cf879c626cb9e9d661cc472ebb0a pcre-debuginfo-4.5-4.el4_5.1.x86_64.rpm 91ace1c63dd58660bd06673252f992d7 pcre-devel-4.5-4.el4_5.1.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: d2bf1a695fbb25449e583dcdf1c2adc3 pcre-4.5-4.el4_5.1.src.rpm
i386: 170f0f43d5605415c654ccbec4272b76 pcre-4.5-4.el4_5.1.i386.rpm 32650c48544f61597d23051c343419a9 pcre-debuginfo-4.5-4.el4_5.1.i386.rpm 25e5f95b21f055328b7f223b82682c18 pcre-devel-4.5-4.el4_5.1.i386.rpm
ia64: 170f0f43d5605415c654ccbec4272b76 pcre-4.5-4.el4_5.1.i386.rpm 09735dc1d899a27490fbaefbf801e453 pcre-4.5-4.el4_5.1.ia64.rpm 32650c48544f61597d23051c343419a9 pcre-debuginfo-4.5-4.el4_5.1.i386.rpm b9fd1bfce2d9c0761b0610ddde2c1607 pcre-debuginfo-4.5-4.el4_5.1.ia64.rpm 3e3c83e3a8c1b28b1d5d5a3e2efbf8f0 pcre-devel-4.5-4.el4_5.1.ia64.rpm
x86_64: 170f0f43d5605415c654ccbec4272b76 pcre-4.5-4.el4_5.1.i386.rpm 96c23c6f94616735252c926308bd5037 pcre-4.5-4.el4_5.1.x86_64.rpm 32650c48544f61597d23051c343419a9 pcre-debuginfo-4.5-4.el4_5.1.i386.rpm 8495cf879c626cb9e9d661cc472ebb0a pcre-debuginfo-4.5-4.el4_5.1.x86_64.rpm 91ace1c63dd58660bd06673252f992d7 pcre-devel-4.5-4.el4_5.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1660 http://www.redhat.com/security/updates/classification/#critical

Package List


Severity
Advisory ID: RHSA-2007:0968-01
Advisory URL: https://access.redhat.com/errata/RHSA-2007:0968.html
Issued Date: : 2007-11-05
Updated on: 2007-11-05
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-1660 Updated pcre packages that correct two security flaws are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Topic


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64


Bugs Fixed


Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved