Skip to navigation

Security Advisory pcre security update

Advisory: RHSA-2005:761-5
Type: Security Advisory
Severity: Moderate
Issued on: 2005-09-08
Last updated on: 2005-09-08
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2005-2491

Details

Updated pcre packages are now available to correct a security issue.

This update has been rated as having moderate security impact by the
Red Hat Security Response Team

PCRE is a Perl-compatible regular expression library.

An integer overflow flaw was found in PCRE, triggered by a maliciously
crafted regular expression. On systems that accept arbitrary regular
expressions from untrusted users, this could be exploited to execute
arbitrary code with the privileges of the application using the library.
The Common Vulnerabilities and Exposures project assigned the name
CAN-2005-2491 to this issue.

The security impact of this issue varies depending on the way that
applications make use of PCRE. For example, the Apache web server uses the
system PCRE library in order to parse regular expressions, but this flaw
would only allow a user who already has the ability to write .htaccess
files to gain 'apache' privileges. For applications supplied with Red Hat
Enterprise Linux, a maximum security impact of moderate has been assigned.

Users should update to these erratum packages that contain a backported
patch to correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

After updating you will need to restart all services that use the system
PCRE library. This can be done manually or by rebooting your system.

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
pcre-3.9-10.2.src.rpm
File outdated by:  RHSA-2007:1063
    MD5: 587ab1e44061fafb3a4a29d4533d6c0a
 
IA-32:
pcre-3.9-10.2.i386.rpm
File outdated by:  RHSA-2007:1063
    MD5: 4c02dbc359435be8b00ebbce44031675
pcre-devel-3.9-10.2.i386.rpm
File outdated by:  RHSA-2007:1063
    MD5: 769958cd03a22d82e79008f292b3fdb3
 
x86_64:
pcre-3.9-10.2.i386.rpm
File outdated by:  RHSA-2007:1063
    MD5: 4c02dbc359435be8b00ebbce44031675
pcre-3.9-10.2.x86_64.rpm
File outdated by:  RHSA-2007:1063
    MD5: 635232acaa561ea9a5c649ef98ea209b
pcre-devel-3.9-10.2.x86_64.rpm
File outdated by:  RHSA-2007:1063
    MD5: eda6e9d9752e1224cb31f645d34fd938
 
Red Hat Desktop (v. 4)

SRPMS:
pcre-4.5-3.2.RHEL4.src.rpm
File outdated by:  RHSA-2007:1068
    MD5: e3f1d831c654c609a1152cc40fcbd61b
 
IA-32:
pcre-4.5-3.2.RHEL4.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 7f0b9db34077e394a3c185d965311d98
pcre-devel-4.5-3.2.RHEL4.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 48c6ab5365b9b18b7de7715870ab33a0
 
x86_64:
pcre-4.5-3.2.RHEL4.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 7f0b9db34077e394a3c185d965311d98
pcre-4.5-3.2.RHEL4.x86_64.rpm
File outdated by:  RHSA-2007:1068
    MD5: 36eca0a2d4ef427e414997c60f569929
pcre-devel-4.5-3.2.RHEL4.x86_64.rpm
File outdated by:  RHSA-2007:1068
    MD5: 7b63529fa847ae87ede25d1ef9880743
 
Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
pcre-3.4-2.2.src.rpm
File outdated by:  RHSA-2007:1065
    MD5: 2fe96f7440e58dd2bf4a55ee451f3d39
 
IA-32:
pcre-3.4-2.2.i386.rpm
File outdated by:  RHSA-2007:1065
    MD5: 12129fa5f54f8f5916ede338b189aa0a
pcre-devel-3.4-2.2.i386.rpm
File outdated by:  RHSA-2007:1065
    MD5: d07c334a30b6d2294b3976f49e593e03
 
IA-64:
pcre-3.4-2.2.ia64.rpm
File outdated by:  RHSA-2007:1065
    MD5: ea95b853cc42dd45b659010847effd65
pcre-devel-3.4-2.2.ia64.rpm
File outdated by:  RHSA-2007:1065
    MD5: 1fd6f118be4f11bf61246d81a071a9bb
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
pcre-3.9-10.2.src.rpm
File outdated by:  RHSA-2007:1063
    MD5: 587ab1e44061fafb3a4a29d4533d6c0a
 
IA-32:
pcre-3.9-10.2.i386.rpm
File outdated by:  RHSA-2007:1063
    MD5: 4c02dbc359435be8b00ebbce44031675
pcre-devel-3.9-10.2.i386.rpm
File outdated by:  RHSA-2007:1063
    MD5: 769958cd03a22d82e79008f292b3fdb3
 
IA-64:
pcre-3.9-10.2.i386.rpm
File outdated by:  RHSA-2007:1063
    MD5: 4c02dbc359435be8b00ebbce44031675
pcre-3.9-10.2.ia64.rpm
File outdated by:  RHSA-2007:1063
    MD5: 0c974951ac22c79bd637af7248529a0f
pcre-devel-3.9-10.2.ia64.rpm
File outdated by:  RHSA-2007:1063
    MD5: 7a42e3ae5f7881a5217542c8d440e17b
 
PPC:
pcre-3.9-10.2.ppc.rpm
File outdated by:  RHSA-2007:1063
    MD5: 7eaf9c1a30bbbf85e96e1d5046dfd12a
pcre-3.9-10.2.ppc64.rpm
File outdated by:  RHSA-2007:1063
    MD5: d154acf6a5e613905022b273395784e1
pcre-devel-3.9-10.2.ppc.rpm
File outdated by:  RHSA-2007:1063
    MD5: 542c1342632c67fc040f42ba8cd0a9d6
 
s390:
pcre-3.9-10.2.s390.rpm
File outdated by:  RHSA-2007:1063
    MD5: 6708bc5e0b5965151c2e5c6b92c3c184
pcre-devel-3.9-10.2.s390.rpm
File outdated by:  RHSA-2007:1063
    MD5: f3f58299cd1652392a2ba82d5cf9e1c9
 
s390x:
pcre-3.9-10.2.s390.rpm
File outdated by:  RHSA-2007:1063
    MD5: 6708bc5e0b5965151c2e5c6b92c3c184
pcre-3.9-10.2.s390x.rpm
File outdated by:  RHSA-2007:1063
    MD5: 84626e37f2d5a1015f9c81d4cb908cd9
pcre-devel-3.9-10.2.s390x.rpm
File outdated by:  RHSA-2007:1063
    MD5: 9a31dd113f2aa99d979881881cb1fc82
 
x86_64:
pcre-3.9-10.2.i386.rpm
File outdated by:  RHSA-2007:1063
    MD5: 4c02dbc359435be8b00ebbce44031675
pcre-3.9-10.2.x86_64.rpm
File outdated by:  RHSA-2007:1063
    MD5: 635232acaa561ea9a5c649ef98ea209b
pcre-devel-3.9-10.2.x86_64.rpm
File outdated by:  RHSA-2007:1063
    MD5: eda6e9d9752e1224cb31f645d34fd938
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
pcre-4.5-3.2.RHEL4.src.rpm
File outdated by:  RHSA-2007:1068
    MD5: e3f1d831c654c609a1152cc40fcbd61b
 
IA-32:
pcre-4.5-3.2.RHEL4.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 7f0b9db34077e394a3c185d965311d98
pcre-devel-4.5-3.2.RHEL4.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 48c6ab5365b9b18b7de7715870ab33a0
 
IA-64:
pcre-4.5-3.2.RHEL4.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 7f0b9db34077e394a3c185d965311d98
pcre-4.5-3.2.RHEL4.ia64.rpm
File outdated by:  RHSA-2007:1068
    MD5: a30a41d023dd1ef8352ce192aeb06789
pcre-devel-4.5-3.2.RHEL4.ia64.rpm
File outdated by:  RHSA-2007:1068
    MD5: eb0d0b13edae2486a16062f28538f5b2
 
PPC:
pcre-4.5-3.2.RHEL4.ppc.rpm
File outdated by:  RHSA-2007:1068
    MD5: 896951b63b6db04f6a18c7959ed3f3fe
pcre-4.5-3.2.RHEL4.ppc64.rpm
File outdated by:  RHSA-2007:1068
    MD5: 64279f3c3032512a532ecd7305ea9c42
pcre-devel-4.5-3.2.RHEL4.ppc.rpm
File outdated by:  RHSA-2007:1068
    MD5: a860dc1420d25e2b8456162456fcedca
 
s390:
pcre-4.5-3.2.RHEL4.s390.rpm
File outdated by:  RHSA-2007:1068
    MD5: c1042264456245cfac1d3c4d74adee8c
pcre-devel-4.5-3.2.RHEL4.s390.rpm
File outdated by:  RHSA-2007:1068
    MD5: e6751b4459b644bd5d5a8716e6fdccca
 
s390x:
pcre-4.5-3.2.RHEL4.s390.rpm
File outdated by:  RHSA-2007:1068
    MD5: c1042264456245cfac1d3c4d74adee8c
pcre-4.5-3.2.RHEL4.s390x.rpm
File outdated by:  RHSA-2007:1068
    MD5: 22ed73d94c926516b399015c9d558b8e
pcre-devel-4.5-3.2.RHEL4.s390x.rpm
File outdated by:  RHSA-2007:1068
    MD5: dec668e2b159953d3203edea4422da7f
 
x86_64:
pcre-4.5-3.2.RHEL4.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 7f0b9db34077e394a3c185d965311d98
pcre-4.5-3.2.RHEL4.x86_64.rpm
File outdated by:  RHSA-2007:1068
    MD5: 36eca0a2d4ef427e414997c60f569929
pcre-devel-4.5-3.2.RHEL4.x86_64.rpm
File outdated by:  RHSA-2007:1068
    MD5: 7b63529fa847ae87ede25d1ef9880743
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
pcre-3.4-2.2.src.rpm
File outdated by:  RHSA-2007:1065
    MD5: 2fe96f7440e58dd2bf4a55ee451f3d39
 
IA-32:
pcre-3.4-2.2.i386.rpm
File outdated by:  RHSA-2007:1065
    MD5: 12129fa5f54f8f5916ede338b189aa0a
pcre-devel-3.4-2.2.i386.rpm
File outdated by:  RHSA-2007:1065
    MD5: d07c334a30b6d2294b3976f49e593e03
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
pcre-3.9-10.2.src.rpm
File outdated by:  RHSA-2007:1063
    MD5: 587ab1e44061fafb3a4a29d4533d6c0a
 
IA-32:
pcre-3.9-10.2.i386.rpm
File outdated by:  RHSA-2007:1063
    MD5: 4c02dbc359435be8b00ebbce44031675
pcre-devel-3.9-10.2.i386.rpm
File outdated by:  RHSA-2007:1063
    MD5: 769958cd03a22d82e79008f292b3fdb3
 
IA-64:
pcre-3.9-10.2.i386.rpm
File outdated by:  RHSA-2007:1063
    MD5: 4c02dbc359435be8b00ebbce44031675
pcre-3.9-10.2.ia64.rpm
File outdated by:  RHSA-2007:1063
    MD5: 0c974951ac22c79bd637af7248529a0f
pcre-devel-3.9-10.2.ia64.rpm
File outdated by:  RHSA-2007:1063
    MD5: 7a42e3ae5f7881a5217542c8d440e17b
 
x86_64:
pcre-3.9-10.2.i386.rpm
File outdated by:  RHSA-2007:1063
    MD5: 4c02dbc359435be8b00ebbce44031675
pcre-3.9-10.2.x86_64.rpm
File outdated by:  RHSA-2007:1063
    MD5: 635232acaa561ea9a5c649ef98ea209b
pcre-devel-3.9-10.2.x86_64.rpm
File outdated by:  RHSA-2007:1063
    MD5: eda6e9d9752e1224cb31f645d34fd938
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
pcre-4.5-3.2.RHEL4.src.rpm
File outdated by:  RHSA-2007:1068
    MD5: e3f1d831c654c609a1152cc40fcbd61b
 
IA-32:
pcre-4.5-3.2.RHEL4.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 7f0b9db34077e394a3c185d965311d98
pcre-devel-4.5-3.2.RHEL4.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 48c6ab5365b9b18b7de7715870ab33a0
 
IA-64:
pcre-4.5-3.2.RHEL4.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 7f0b9db34077e394a3c185d965311d98
pcre-4.5-3.2.RHEL4.ia64.rpm
File outdated by:  RHSA-2007:1068
    MD5: a30a41d023dd1ef8352ce192aeb06789
pcre-devel-4.5-3.2.RHEL4.ia64.rpm
File outdated by:  RHSA-2007:1068
    MD5: eb0d0b13edae2486a16062f28538f5b2
 
x86_64:
pcre-4.5-3.2.RHEL4.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 7f0b9db34077e394a3c185d965311d98
pcre-4.5-3.2.RHEL4.x86_64.rpm
File outdated by:  RHSA-2007:1068
    MD5: 36eca0a2d4ef427e414997c60f569929
pcre-devel-4.5-3.2.RHEL4.x86_64.rpm
File outdated by:  RHSA-2007:1068
    MD5: 7b63529fa847ae87ede25d1ef9880743
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
pcre-3.4-2.2.src.rpm
File outdated by:  RHSA-2007:1065
    MD5: 2fe96f7440e58dd2bf4a55ee451f3d39
 
IA-32:
pcre-3.4-2.2.i386.rpm
File outdated by:  RHSA-2007:1065
    MD5: 12129fa5f54f8f5916ede338b189aa0a
pcre-devel-3.4-2.2.i386.rpm
File outdated by:  RHSA-2007:1065
    MD5: d07c334a30b6d2294b3976f49e593e03
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
pcre-3.9-10.2.src.rpm
File outdated by:  RHSA-2007:1063
    MD5: 587ab1e44061fafb3a4a29d4533d6c0a
 
IA-32:
pcre-3.9-10.2.i386.rpm
File outdated by:  RHSA-2007:1063
    MD5: 4c02dbc359435be8b00ebbce44031675
pcre-devel-3.9-10.2.i386.rpm
File outdated by:  RHSA-2007:1063
    MD5: 769958cd03a22d82e79008f292b3fdb3
 
IA-64:
pcre-3.9-10.2.i386.rpm
File outdated by:  RHSA-2007:1063
    MD5: 4c02dbc359435be8b00ebbce44031675
pcre-3.9-10.2.ia64.rpm
File outdated by:  RHSA-2007:1063
    MD5: 0c974951ac22c79bd637af7248529a0f
pcre-devel-3.9-10.2.ia64.rpm
File outdated by:  RHSA-2007:1063
    MD5: 7a42e3ae5f7881a5217542c8d440e17b
 
x86_64:
pcre-3.9-10.2.i386.rpm
File outdated by:  RHSA-2007:1063
    MD5: 4c02dbc359435be8b00ebbce44031675
pcre-3.9-10.2.x86_64.rpm
File outdated by:  RHSA-2007:1063
    MD5: 635232acaa561ea9a5c649ef98ea209b
pcre-devel-3.9-10.2.x86_64.rpm
File outdated by:  RHSA-2007:1063
    MD5: eda6e9d9752e1224cb31f645d34fd938
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
pcre-4.5-3.2.RHEL4.src.rpm
File outdated by:  RHSA-2007:1068
    MD5: e3f1d831c654c609a1152cc40fcbd61b
 
IA-32:
pcre-4.5-3.2.RHEL4.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 7f0b9db34077e394a3c185d965311d98
pcre-devel-4.5-3.2.RHEL4.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 48c6ab5365b9b18b7de7715870ab33a0
 
IA-64:
pcre-4.5-3.2.RHEL4.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 7f0b9db34077e394a3c185d965311d98
pcre-4.5-3.2.RHEL4.ia64.rpm
File outdated by:  RHSA-2007:1068
    MD5: a30a41d023dd1ef8352ce192aeb06789
pcre-devel-4.5-3.2.RHEL4.ia64.rpm
File outdated by:  RHSA-2007:1068
    MD5: eb0d0b13edae2486a16062f28538f5b2
 
x86_64:
pcre-4.5-3.2.RHEL4.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 7f0b9db34077e394a3c185d965311d98
pcre-4.5-3.2.RHEL4.x86_64.rpm
File outdated by:  RHSA-2007:1068
    MD5: 36eca0a2d4ef427e414997c60f569929
pcre-devel-4.5-3.2.RHEL4.x86_64.rpm
File outdated by:  RHSA-2007:1068
    MD5: 7b63529fa847ae87ede25d1ef9880743
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
pcre-3.4-2.2.src.rpm
File outdated by:  RHSA-2007:1065
    MD5: 2fe96f7440e58dd2bf4a55ee451f3d39
 
IA-64:
pcre-3.4-2.2.ia64.rpm
File outdated by:  RHSA-2007:1065
    MD5: ea95b853cc42dd45b659010847effd65
pcre-devel-3.4-2.2.ia64.rpm
File outdated by:  RHSA-2007:1065
    MD5: 1fd6f118be4f11bf61246d81a071a9bb
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

166330 - CAN-2005-2491 PCRE heap overflow


References


Keywords

regexp


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/