RedHat: Critical: pcre security update
Posted by Benjamin D. Thomas   
RedHat Linux Updated pcre packages that correct security issues are now available for Red Hat Enterprise Linux 4 and 5. Flaws were found in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parses a malicious regular expression, it may be possible to run arbitrary code as the user running the application. This update has been rated as having critical security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Critical: pcre security update
Advisory ID:       RHSA-2007:1052-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-1052.html
Issue date:        2007-11-09
Updated on:        2007-11-09
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-7224 
- ---------------------------------------------------------------------

1. Summary:

Updated pcre packages that correct security issues are now available for
Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

PCRE is a Perl-compatible regular expression library.

Flaws were found in the way PCRE handles certain malformed regular
expressions. If an application linked against PCRE, such as Konqueror,
parses a malicious regular expression, it may be possible to run arbitrary
code as the user running the application. (CVE-2006-7224)

Users of PCRE are advised to upgrade to these updated packages, which
contain a backported patch to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

373021 - CVE-2006-7224 pcre multiple integer overflows

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/pcre-4.5-4.el4_5.4.src.rpm
49236e545db29026eea3109c3fdba5ae  pcre-4.5-4.el4_5.4.src.rpm

i386:
6c4d5d457bdcd8d9d03b1e825077f55e  pcre-4.5-4.el4_5.4.i386.rpm
f10161895acc6659bb081a51400f6c79  pcre-debuginfo-4.5-4.el4_5.4.i386.rpm
db9170f905d681c7b6a0ca283043da41  pcre-devel-4.5-4.el4_5.4.i386.rpm

ia64:
6c4d5d457bdcd8d9d03b1e825077f55e  pcre-4.5-4.el4_5.4.i386.rpm
a9f0e8482a18d5c51a736ddb1c2344b5  pcre-4.5-4.el4_5.4.ia64.rpm
f10161895acc6659bb081a51400f6c79  pcre-debuginfo-4.5-4.el4_5.4.i386.rpm
732379892973afb39c50a375849021cc  pcre-debuginfo-4.5-4.el4_5.4.ia64.rpm
2027d9e67ac017b59da16034cc89177c  pcre-devel-4.5-4.el4_5.4.ia64.rpm

ppc:
f551684382e6beee3c585a13dd2bf652  pcre-4.5-4.el4_5.4.ppc.rpm
ecb064a62fa97b7b29d73dde82e4f7f4  pcre-4.5-4.el4_5.4.ppc64.rpm
158ecbc3d5e51d0fe2c64651200481b2  pcre-debuginfo-4.5-4.el4_5.4.ppc.rpm
3239b9b56d0ee1892635fd6223a4e99a  pcre-debuginfo-4.5-4.el4_5.4.ppc64.rpm
c24ca5e4617e57414335b82d77867906  pcre-devel-4.5-4.el4_5.4.ppc.rpm

s390:
06e9196587cd01b1ff6fb6dc10247f47  pcre-4.5-4.el4_5.4.s390.rpm
bc79fe3e2811bf0bf47cc8a36b358cce  pcre-debuginfo-4.5-4.el4_5.4.s390.rpm
ea0f4ca567fdddd5ef765ea13eefa98f  pcre-devel-4.5-4.el4_5.4.s390.rpm

s390x:
06e9196587cd01b1ff6fb6dc10247f47  pcre-4.5-4.el4_5.4.s390.rpm
0bc4bab9367aef27216d568059340d43  pcre-4.5-4.el4_5.4.s390x.rpm
bc79fe3e2811bf0bf47cc8a36b358cce  pcre-debuginfo-4.5-4.el4_5.4.s390.rpm
5cad83935892bb7a0f9b92df7cd6e8e4  pcre-debuginfo-4.5-4.el4_5.4.s390x.rpm
22218623a862c125c4be76ce819d9705  pcre-devel-4.5-4.el4_5.4.s390x.rpm

x86_64:
6c4d5d457bdcd8d9d03b1e825077f55e  pcre-4.5-4.el4_5.4.i386.rpm
1c9d0bb0a1c176950e0469d92d48748a  pcre-4.5-4.el4_5.4.x86_64.rpm
f10161895acc6659bb081a51400f6c79  pcre-debuginfo-4.5-4.el4_5.4.i386.rpm
c383e03fb1d6a1f561751b03030e6cde  pcre-debuginfo-4.5-4.el4_5.4.x86_64.rpm
cb6ac02502f662374d4de938aa2e19c4  pcre-devel-4.5-4.el4_5.4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/pcre-4.5-4.el4_5.4.src.rpm
49236e545db29026eea3109c3fdba5ae  pcre-4.5-4.el4_5.4.src.rpm

i386:
6c4d5d457bdcd8d9d03b1e825077f55e  pcre-4.5-4.el4_5.4.i386.rpm
f10161895acc6659bb081a51400f6c79  pcre-debuginfo-4.5-4.el4_5.4.i386.rpm
db9170f905d681c7b6a0ca283043da41  pcre-devel-4.5-4.el4_5.4.i386.rpm

x86_64:
6c4d5d457bdcd8d9d03b1e825077f55e  pcre-4.5-4.el4_5.4.i386.rpm
1c9d0bb0a1c176950e0469d92d48748a  pcre-4.5-4.el4_5.4.x86_64.rpm
f10161895acc6659bb081a51400f6c79  pcre-debuginfo-4.5-4.el4_5.4.i386.rpm
c383e03fb1d6a1f561751b03030e6cde  pcre-debuginfo-4.5-4.el4_5.4.x86_64.rpm
cb6ac02502f662374d4de938aa2e19c4  pcre-devel-4.5-4.el4_5.4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/pcre-4.5-4.el4_5.4.src.rpm
49236e545db29026eea3109c3fdba5ae  pcre-4.5-4.el4_5.4.src.rpm

i386:
6c4d5d457bdcd8d9d03b1e825077f55e  pcre-4.5-4.el4_5.4.i386.rpm
f10161895acc6659bb081a51400f6c79  pcre-debuginfo-4.5-4.el4_5.4.i386.rpm
db9170f905d681c7b6a0ca283043da41  pcre-devel-4.5-4.el4_5.4.i386.rpm

ia64:
6c4d5d457bdcd8d9d03b1e825077f55e  pcre-4.5-4.el4_5.4.i386.rpm
a9f0e8482a18d5c51a736ddb1c2344b5  pcre-4.5-4.el4_5.4.ia64.rpm
f10161895acc6659bb081a51400f6c79  pcre-debuginfo-4.5-4.el4_5.4.i386.rpm
732379892973afb39c50a375849021cc  pcre-debuginfo-4.5-4.el4_5.4.ia64.rpm
2027d9e67ac017b59da16034cc89177c  pcre-devel-4.5-4.el4_5.4.ia64.rpm

x86_64:
6c4d5d457bdcd8d9d03b1e825077f55e  pcre-4.5-4.el4_5.4.i386.rpm
1c9d0bb0a1c176950e0469d92d48748a  pcre-4.5-4.el4_5.4.x86_64.rpm
f10161895acc6659bb081a51400f6c79  pcre-debuginfo-4.5-4.el4_5.4.i386.rpm
c383e03fb1d6a1f561751b03030e6cde  pcre-debuginfo-4.5-4.el4_5.4.x86_64.rpm
cb6ac02502f662374d4de938aa2e19c4  pcre-devel-4.5-4.el4_5.4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/pcre-4.5-4.el4_5.4.src.rpm
49236e545db29026eea3109c3fdba5ae  pcre-4.5-4.el4_5.4.src.rpm

i386:
6c4d5d457bdcd8d9d03b1e825077f55e  pcre-4.5-4.el4_5.4.i386.rpm
f10161895acc6659bb081a51400f6c79  pcre-debuginfo-4.5-4.el4_5.4.i386.rpm
db9170f905d681c7b6a0ca283043da41  pcre-devel-4.5-4.el4_5.4.i386.rpm

ia64:
6c4d5d457bdcd8d9d03b1e825077f55e  pcre-4.5-4.el4_5.4.i386.rpm
a9f0e8482a18d5c51a736ddb1c2344b5  pcre-4.5-4.el4_5.4.ia64.rpm
f10161895acc6659bb081a51400f6c79  pcre-debuginfo-4.5-4.el4_5.4.i386.rpm
732379892973afb39c50a375849021cc  pcre-debuginfo-4.5-4.el4_5.4.ia64.rpm
2027d9e67ac017b59da16034cc89177c  pcre-devel-4.5-4.el4_5.4.ia64.rpm

x86_64:
6c4d5d457bdcd8d9d03b1e825077f55e  pcre-4.5-4.el4_5.4.i386.rpm
1c9d0bb0a1c176950e0469d92d48748a  pcre-4.5-4.el4_5.4.x86_64.rpm
f10161895acc6659bb081a51400f6c79  pcre-debuginfo-4.5-4.el4_5.4.i386.rpm
c383e03fb1d6a1f561751b03030e6cde  pcre-debuginfo-4.5-4.el4_5.4.x86_64.rpm
cb6ac02502f662374d4de938aa2e19c4  pcre-devel-4.5-4.el4_5.4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pcre-6.6-2.el5_1.1.src.rpm
230040f3f36e5664ce5a6671334f6ddb  pcre-6.6-2.el5_1.1.src.rpm

i386:
0bedc083211d95e89d11fbbddc07e968  pcre-6.6-2.el5_1.1.i386.rpm
57892457eef33e35b1fc5528a42bcd94  pcre-debuginfo-6.6-2.el5_1.1.i386.rpm

x86_64:
0bedc083211d95e89d11fbbddc07e968  pcre-6.6-2.el5_1.1.i386.rpm
6ce8eee6c331ca63a39e0fe03c7fb985  pcre-6.6-2.el5_1.1.x86_64.rpm
57892457eef33e35b1fc5528a42bcd94  pcre-debuginfo-6.6-2.el5_1.1.i386.rpm
1cac5a613d8b28267e8db6f7cb2afd46  pcre-debuginfo-6.6-2.el5_1.1.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pcre-6.6-2.el5_1.1.src.rpm
230040f3f36e5664ce5a6671334f6ddb  pcre-6.6-2.el5_1.1.src.rpm

i386:
57892457eef33e35b1fc5528a42bcd94  pcre-debuginfo-6.6-2.el5_1.1.i386.rpm
c53d0803d49bf739b59539eb5782f43f  pcre-devel-6.6-2.el5_1.1.i386.rpm

x86_64:
57892457eef33e35b1fc5528a42bcd94  pcre-debuginfo-6.6-2.el5_1.1.i386.rpm
1cac5a613d8b28267e8db6f7cb2afd46  pcre-debuginfo-6.6-2.el5_1.1.x86_64.rpm
c53d0803d49bf739b59539eb5782f43f  pcre-devel-6.6-2.el5_1.1.i386.rpm
cc64b53c0d0b0d4fac6429baad17fba2  pcre-devel-6.6-2.el5_1.1.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/pcre-6.6-2.el5_1.1.src.rpm
230040f3f36e5664ce5a6671334f6ddb  pcre-6.6-2.el5_1.1.src.rpm

i386:
0bedc083211d95e89d11fbbddc07e968  pcre-6.6-2.el5_1.1.i386.rpm
57892457eef33e35b1fc5528a42bcd94  pcre-debuginfo-6.6-2.el5_1.1.i386.rpm
c53d0803d49bf739b59539eb5782f43f  pcre-devel-6.6-2.el5_1.1.i386.rpm

ia64:
b7ef7d4d91f0425011c348e81140a5f3  pcre-6.6-2.el5_1.1.ia64.rpm
888ea998576acca5a6a8529c2da64f87  pcre-debuginfo-6.6-2.el5_1.1.ia64.rpm
a424e60ea30261a2650124df2fe0b914  pcre-devel-6.6-2.el5_1.1.ia64.rpm

ppc:
8f903834f10271879e1a08d87987cad1  pcre-6.6-2.el5_1.1.ppc.rpm
cea8361d9d14c7fae8a57274ea02b33b  pcre-6.6-2.el5_1.1.ppc64.rpm
ffec123b0c84c123042501d9511030b5  pcre-debuginfo-6.6-2.el5_1.1.ppc.rpm
30e0adc7d5a7798dec12dbb04cd15e31  pcre-debuginfo-6.6-2.el5_1.1.ppc64.rpm
3423c3eb767d485eb26e6808b2204cf1  pcre-devel-6.6-2.el5_1.1.ppc.rpm
d7b38446e64240c6d8e442552e9f5dbb  pcre-devel-6.6-2.el5_1.1.ppc64.rpm

s390x:
b06798c560af2b94f7e7b6448cdeefac  pcre-6.6-2.el5_1.1.s390.rpm
bf9ec28737e79e899638a08b74f3fbf5  pcre-6.6-2.el5_1.1.s390x.rpm
3e4d44a6ed3dea1629280c91000ff5a5  pcre-debuginfo-6.6-2.el5_1.1.s390.rpm
5e3fef773f0a841bf5c4b2c448a52327  pcre-debuginfo-6.6-2.el5_1.1.s390x.rpm
ca23b3b464e301f25229e9d5fd654909  pcre-devel-6.6-2.el5_1.1.s390.rpm
bb72d6e9246bbe645dcb9eecef9d6fe6  pcre-devel-6.6-2.el5_1.1.s390x.rpm

x86_64:
0bedc083211d95e89d11fbbddc07e968  pcre-6.6-2.el5_1.1.i386.rpm
6ce8eee6c331ca63a39e0fe03c7fb985  pcre-6.6-2.el5_1.1.x86_64.rpm
57892457eef33e35b1fc5528a42bcd94  pcre-debuginfo-6.6-2.el5_1.1.i386.rpm
1cac5a613d8b28267e8db6f7cb2afd46  pcre-debuginfo-6.6-2.el5_1.1.x86_64.rpm
c53d0803d49bf739b59539eb5782f43f  pcre-devel-6.6-2.el5_1.1.i386.rpm
cc64b53c0d0b0d4fac6429baad17fba2  pcre-devel-6.6-2.el5_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7224
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.