LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 19th, 2014
Linux Advisory Watch: December 12th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated pcre packages fix vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Tavis Ormandy of the Google Security Team discovered a heap-based buffer overflow when compiling certain regular expression patterns. This could be used by a malicious attacker by sending a specially crafted regular expression to an application using the PCRE library, resulting in the possible execution of arbitrary code or a denial of service (CVE-2008-2371). The updated packages have been patched to correct this issue.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:147
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : pcre
 Date    : July 15, 2008
 Affected: 2007.1, 2008.0, 2008.1
 _______________________________________________________________________
 
 Problem Description:
 
 Tavis Ormandy of the Google Security Team discovered a heap-based
 buffer overflow when compiling certain regular expression patterns.
 This could be used by a malicious attacker by sending a specially
 crafted regular expression to an application using the PCRE library,
 resulting in the possible execution of arbitrary code or a denial of
 service (CVE-2008-2371).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2371
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.1:
 a3e3934cb41d04b4a15a3e50d884abbc  2007.1/i586/libpcre0-7.3-0.3mdv2007.1.i586.rpm
 fca86a5adfb2c972f4adb2b99990f3a8  2007.1/i586/libpcre-devel-7.3-0.3mdv2007.1.i586.rpm
 7d81a63b51aea4b3d3385ac5d03f9d69  2007.1/i586/pcre-7.3-0.3mdv2007.1.i586.rpm 
 c258d42150bf39a9f4175b9d17a336cd  2007.1/SRPMS/pcre-7.3-0.3mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 af61b2559878c624ec2c8f293e221fd8  2007.1/x86_64/lib64pcre0-7.3-0.3mdv2007.1.x86_64.rpm
 8be415d8476a87a8994e84db6188395d  2007.1/x86_64/lib64pcre-devel-7.3-0.3mdv2007.1.x86_64.rpm
 4d9fd3c6fbbda0e7e2c6bac3c865ec8d  2007.1/x86_64/pcre-7.3-0.3mdv2007.1.x86_64.rpm 
 c258d42150bf39a9f4175b9d17a336cd  2007.1/SRPMS/pcre-7.3-0.3mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 1c21e71318e14c7362eb673f3d4d4a7e  2008.0/i586/libpcre0-7.3-1.2mdv2008.0.i586.rpm
 d36505e192f28cfd9f4242df50c0e1d1  2008.0/i586/libpcre-devel-7.3-1.2mdv2008.0.i586.rpm
 9ae42fd97fa6dbb0834eae3fe80186fc  2008.0/i586/pcre-7.3-1.2mdv2008.0.i586.rpm 
 3aed84571823dcc78347c5578de8c3ab  2008.0/SRPMS/pcre-7.3-1.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 622f55bf529e5c2a657d871a7e1b45d6  2008.0/x86_64/lib64pcre0-7.3-1.2mdv2008.0.x86_64.rpm
 115746711305143d1be0025478bfccfe  2008.0/x86_64/lib64pcre-devel-7.3-1.2mdv2008.0.x86_64.rpm
 c5eced7185fa66c92753d0e54078fa3a  2008.0/x86_64/pcre-7.3-1.2mdv2008.0.x86_64.rpm 
 3aed84571823dcc78347c5578de8c3ab  2008.0/SRPMS/pcre-7.3-1.2mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 45e7f158494fe2f9cd2b3be3dc4f9c30  2008.1/i586/libpcre0-7.6-2.1mdv2008.1.i586.rpm
 64a7ebd228c824f0eeabfc1de2f3af8f  2008.1/i586/libpcre-devel-7.6-2.1mdv2008.1.i586.rpm
 0637ebeb63a52ff1c6675e6a185aed54  2008.1/i586/pcre-7.6-2.1mdv2008.1.i586.rpm 
 aa16262a74bf569d8184328334bb480c  2008.1/SRPMS/pcre-7.6-2.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 4180d16683a363b7d912bd9af780e4fc  2008.1/x86_64/lib64pcre0-7.6-2.1mdv2008.1.x86_64.rpm
 5cc4e7a0297942f840c000d52b44e93a  2008.1/x86_64/lib64pcre-devel-7.6-2.1mdv2008.1.x86_64.rpm
 70251c4bcaf5847c0c4ff6e534bc30cf  2008.1/x86_64/pcre-7.6-2.1mdv2008.1.x86_64.rpm 
 aa16262a74bf569d8184328334bb480c  2008.1/SRPMS/pcre-7.6-2.1mdv2008.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.