Security Advisory Important: pcre security update

Advisory: RHSA-2007:1052-5
Type: Security Advisory
Severity: Important
Issued on: 2007-11-09
Last updated on: 2007-11-15
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux EUS (v. 5.1.z server)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20071052.xml
CVEs (cve.mitre.org): CVE-2005-4872
CVE-2006-7227

Details

Updated pcre packages that correct security issues are now available for
Red Hat Enterprise Linux 4 and 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

[Updated 15 November 2007]
Further analysis of these flaws in PCRE has led to the single CVE
identifier CVE-2006-7224 being split into three separate identifiers and a
re-analysis of the risk of each of the flaws. We are therefore updating
the text of this advisory to use the correct CVE names for the two flaws
fixed by these erratum packages, and downgrading the security impact of
this advisory from critical to important. No changes have been made to the
packages themselves.

PCRE is a Perl-compatible regular expression library.

Flaws were found in the way PCRE handles certain malformed regular
expressions. If an application linked against PCRE, such as Konqueror,
parses a malicious regular expression, it may be possible to run arbitrary
code as the user running the application. (CVE-2005-4872, CVE-2006-7227)

Users of PCRE are advised to upgrade to these updated packages, which
contain a backported patch to correct these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
pcre-6.6-2.el5_1.1.src.rpm
File outdated by:  RHSA-2007:1059		     230040f3f36e5664ce5a6671334f6ddb
 
IA-32:
pcre-devel-6.6-2.el5_1.1.i386.rpm
File outdated by:  RHSA-2007:1059		     c53d0803d49bf739b59539eb5782f43f
 
x86_64:
pcre-devel-6.6-2.el5_1.1.i386.rpm
File outdated by:  RHSA-2007:1059		     c53d0803d49bf739b59539eb5782f43f
pcre-devel-6.6-2.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2007:1059		     cc64b53c0d0b0d4fac6429baad17fba2
 
Red Hat Desktop (v. 4)
SRPMS:
pcre-4.5-4.el4_5.4.src.rpm
File outdated by:  RHSA-2007:1068		     49236e545db29026eea3109c3fdba5ae
 
IA-32:
pcre-4.5-4.el4_5.4.i386.rpm
File outdated by:  RHSA-2007:1068		     6c4d5d457bdcd8d9d03b1e825077f55e
pcre-devel-4.5-4.el4_5.4.i386.rpm
File outdated by:  RHSA-2007:1068		     db9170f905d681c7b6a0ca283043da41
 
x86_64:
pcre-4.5-4.el4_5.4.i386.rpm
File outdated by:  RHSA-2007:1068		     6c4d5d457bdcd8d9d03b1e825077f55e
pcre-4.5-4.el4_5.4.x86_64.rpm
File outdated by:  RHSA-2007:1068		     1c9d0bb0a1c176950e0469d92d48748a
pcre-devel-4.5-4.el4_5.4.x86_64.rpm
File outdated by:  RHSA-2007:1068		     cb6ac02502f662374d4de938aa2e19c4
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
pcre-6.6-2.el5_1.1.src.rpm
File outdated by:  RHSA-2007:1059		     230040f3f36e5664ce5a6671334f6ddb
 
IA-32:
pcre-6.6-2.el5_1.1.i386.rpm
File outdated by:  RHSA-2007:1059		     0bedc083211d95e89d11fbbddc07e968
pcre-devel-6.6-2.el5_1.1.i386.rpm
File outdated by:  RHSA-2007:1059		     c53d0803d49bf739b59539eb5782f43f
 
IA-64:
pcre-6.6-2.el5_1.1.ia64.rpm
File outdated by:  RHSA-2007:1059		     b7ef7d4d91f0425011c348e81140a5f3
pcre-devel-6.6-2.el5_1.1.ia64.rpm
File outdated by:  RHSA-2007:1059		     a424e60ea30261a2650124df2fe0b914
 
PPC:
pcre-6.6-2.el5_1.1.ppc.rpm
File outdated by:  RHSA-2007:1059		     8f903834f10271879e1a08d87987cad1
pcre-6.6-2.el5_1.1.ppc64.rpm
File outdated by:  RHSA-2007:1059		     cea8361d9d14c7fae8a57274ea02b33b
pcre-devel-6.6-2.el5_1.1.ppc.rpm
File outdated by:  RHSA-2007:1059		     3423c3eb767d485eb26e6808b2204cf1
pcre-devel-6.6-2.el5_1.1.ppc64.rpm
File outdated by:  RHSA-2007:1059		     d7b38446e64240c6d8e442552e9f5dbb
 
s390x:
pcre-6.6-2.el5_1.1.s390.rpm
File outdated by:  RHSA-2007:1059		     b06798c560af2b94f7e7b6448cdeefac
pcre-6.6-2.el5_1.1.s390x.rpm
File outdated by:  RHSA-2007:1059		     bf9ec28737e79e899638a08b74f3fbf5
pcre-devel-6.6-2.el5_1.1.s390.rpm
File outdated by:  RHSA-2007:1059		     ca23b3b464e301f25229e9d5fd654909
pcre-devel-6.6-2.el5_1.1.s390x.rpm
File outdated by:  RHSA-2007:1059		     bb72d6e9246bbe645dcb9eecef9d6fe6
 
x86_64:
pcre-6.6-2.el5_1.1.i386.rpm
File outdated by:  RHSA-2007:1059		     0bedc083211d95e89d11fbbddc07e968
pcre-6.6-2.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2007:1059		     6ce8eee6c331ca63a39e0fe03c7fb985
pcre-devel-6.6-2.el5_1.1.i386.rpm
File outdated by:  RHSA-2007:1059		     c53d0803d49bf739b59539eb5782f43f
pcre-devel-6.6-2.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2007:1059		     cc64b53c0d0b0d4fac6429baad17fba2
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
pcre-4.5-4.el4_5.4.src.rpm
File outdated by:  RHSA-2007:1068		     49236e545db29026eea3109c3fdba5ae
 
IA-32:
pcre-4.5-4.el4_5.4.i386.rpm
File outdated by:  RHSA-2007:1068		     6c4d5d457bdcd8d9d03b1e825077f55e
pcre-devel-4.5-4.el4_5.4.i386.rpm
File outdated by:  RHSA-2007:1068		     db9170f905d681c7b6a0ca283043da41
 
IA-64:
pcre-4.5-4.el4_5.4.i386.rpm
File outdated by:  RHSA-2007:1068		     6c4d5d457bdcd8d9d03b1e825077f55e
pcre-4.5-4.el4_5.4.ia64.rpm
File outdated by:  RHSA-2007:1068		     a9f0e8482a18d5c51a736ddb1c2344b5
pcre-devel-4.5-4.el4_5.4.ia64.rpm
File outdated by:  RHSA-2007:1068		     2027d9e67ac017b59da16034cc89177c
 
PPC:
pcre-4.5-4.el4_5.4.ppc.rpm
File outdated by:  RHSA-2007:1068		     f551684382e6beee3c585a13dd2bf652
pcre-4.5-4.el4_5.4.ppc64.rpm
File outdated by:  RHSA-2007:1068		     ecb064a62fa97b7b29d73dde82e4f7f4
pcre-devel-4.5-4.el4_5.4.ppc.rpm
File outdated by:  RHSA-2007:1068		     c24ca5e4617e57414335b82d77867906
 
s390:
pcre-4.5-4.el4_5.4.s390.rpm
File outdated by:  RHSA-2007:1068		     06e9196587cd01b1ff6fb6dc10247f47
pcre-devel-4.5-4.el4_5.4.s390.rpm
File outdated by:  RHSA-2007:1068		     ea0f4ca567fdddd5ef765ea13eefa98f
 
s390x:
pcre-4.5-4.el4_5.4.s390.rpm
File outdated by:  RHSA-2007:1068		     06e9196587cd01b1ff6fb6dc10247f47
pcre-4.5-4.el4_5.4.s390x.rpm
File outdated by:  RHSA-2007:1068		     0bc4bab9367aef27216d568059340d43
pcre-devel-4.5-4.el4_5.4.s390x.rpm
File outdated by:  RHSA-2007:1068		     22218623a862c125c4be76ce819d9705
 
x86_64:
pcre-4.5-4.el4_5.4.i386.rpm
File outdated by:  RHSA-2007:1068		     6c4d5d457bdcd8d9d03b1e825077f55e
pcre-4.5-4.el4_5.4.x86_64.rpm
File outdated by:  RHSA-2007:1068		     1c9d0bb0a1c176950e0469d92d48748a
pcre-devel-4.5-4.el4_5.4.x86_64.rpm
File outdated by:  RHSA-2007:1068		     cb6ac02502f662374d4de938aa2e19c4
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
pcre-6.6-2.el5_1.1.src.rpm
File outdated by:  RHSA-2007:1059		     230040f3f36e5664ce5a6671334f6ddb
 
IA-32:
pcre-6.6-2.el5_1.1.i386.rpm
File outdated by:  RHSA-2007:1059		     0bedc083211d95e89d11fbbddc07e968
 
x86_64:
pcre-6.6-2.el5_1.1.i386.rpm
File outdated by:  RHSA-2007:1059		     0bedc083211d95e89d11fbbddc07e968
pcre-6.6-2.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2007:1059		     6ce8eee6c331ca63a39e0fe03c7fb985
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
pcre-4.5-4.el4_5.4.src.rpm
File outdated by:  RHSA-2007:1068		     49236e545db29026eea3109c3fdba5ae
 
IA-32:
pcre-4.5-4.el4_5.4.i386.rpm
File outdated by:  RHSA-2007:1068		     6c4d5d457bdcd8d9d03b1e825077f55e
pcre-devel-4.5-4.el4_5.4.i386.rpm
File outdated by:  RHSA-2007:1068		     db9170f905d681c7b6a0ca283043da41
 
IA-64:
pcre-4.5-4.el4_5.4.i386.rpm
File outdated by:  RHSA-2007:1068		     6c4d5d457bdcd8d9d03b1e825077f55e
pcre-4.5-4.el4_5.4.ia64.rpm
File outdated by:  RHSA-2007:1068		     a9f0e8482a18d5c51a736ddb1c2344b5
pcre-devel-4.5-4.el4_5.4.ia64.rpm
File outdated by:  RHSA-2007:1068		     2027d9e67ac017b59da16034cc89177c
 
x86_64:
pcre-4.5-4.el4_5.4.i386.rpm
File outdated by:  RHSA-2007:1068		     6c4d5d457bdcd8d9d03b1e825077f55e
pcre-4.5-4.el4_5.4.x86_64.rpm
File outdated by:  RHSA-2007:1068		     1c9d0bb0a1c176950e0469d92d48748a
pcre-devel-4.5-4.el4_5.4.x86_64.rpm
File outdated by:  RHSA-2007:1068		     cb6ac02502f662374d4de938aa2e19c4
 
Red Hat Enterprise Linux EUS (v. 5.1.z server)
SRPMS:
pcre-6.6-2.el5_1.1.src.rpm
File outdated by:  RHSA-2007:1059		     230040f3f36e5664ce5a6671334f6ddb
 
IA-32:
pcre-6.6-2.el5_1.1.i386.rpm
File outdated by:  RHSA-2007:1059		     0bedc083211d95e89d11fbbddc07e968
pcre-devel-6.6-2.el5_1.1.i386.rpm
File outdated by:  RHSA-2007:1059		     c53d0803d49bf739b59539eb5782f43f
 
IA-64:
pcre-6.6-2.el5_1.1.ia64.rpm
File outdated by:  RHSA-2007:1059		     b7ef7d4d91f0425011c348e81140a5f3
pcre-devel-6.6-2.el5_1.1.ia64.rpm
File outdated by:  RHSA-2007:1059		     a424e60ea30261a2650124df2fe0b914
 
PPC:
pcre-6.6-2.el5_1.1.ppc.rpm
File outdated by:  RHSA-2007:1059		     8f903834f10271879e1a08d87987cad1
pcre-6.6-2.el5_1.1.ppc64.rpm
File outdated by:  RHSA-2007:1059		     cea8361d9d14c7fae8a57274ea02b33b
pcre-devel-6.6-2.el5_1.1.ppc.rpm
File outdated by:  RHSA-2007:1059		     3423c3eb767d485eb26e6808b2204cf1
pcre-devel-6.6-2.el5_1.1.ppc64.rpm
File outdated by:  RHSA-2007:1059		     d7b38446e64240c6d8e442552e9f5dbb
 
s390x:
pcre-6.6-2.el5_1.1.s390.rpm
File outdated by:  RHSA-2007:1059		     b06798c560af2b94f7e7b6448cdeefac
pcre-6.6-2.el5_1.1.s390x.rpm
File outdated by:  RHSA-2007:1059		     bf9ec28737e79e899638a08b74f3fbf5
pcre-devel-6.6-2.el5_1.1.s390.rpm
File outdated by:  RHSA-2007:1059		     ca23b3b464e301f25229e9d5fd654909
pcre-devel-6.6-2.el5_1.1.s390x.rpm
File outdated by:  RHSA-2007:1059		     bb72d6e9246bbe645dcb9eecef9d6fe6
 
x86_64:
pcre-6.6-2.el5_1.1.i386.rpm
File outdated by:  RHSA-2007:1059		     0bedc083211d95e89d11fbbddc07e968
pcre-6.6-2.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2007:1059		     6ce8eee6c331ca63a39e0fe03c7fb985
pcre-devel-6.6-2.el5_1.1.i386.rpm
File outdated by:  RHSA-2007:1059		     c53d0803d49bf739b59539eb5782f43f
pcre-devel-6.6-2.el5_1.1.x86_64.rpm
File outdated by:  RHSA-2007:1059		     cc64b53c0d0b0d4fac6429baad17fba2
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
pcre-4.5-4.el4_5.4.src.rpm
File outdated by:  RHSA-2007:1068		     49236e545db29026eea3109c3fdba5ae
 
IA-32:
pcre-4.5-4.el4_5.4.i386.rpm
File outdated by:  RHSA-2007:1068		     6c4d5d457bdcd8d9d03b1e825077f55e
pcre-devel-4.5-4.el4_5.4.i386.rpm
File outdated by:  RHSA-2007:1068		     db9170f905d681c7b6a0ca283043da41
 
IA-64:
pcre-4.5-4.el4_5.4.i386.rpm
File outdated by:  RHSA-2007:1068		     6c4d5d457bdcd8d9d03b1e825077f55e
pcre-4.5-4.el4_5.4.ia64.rpm
File outdated by:  RHSA-2007:1068		     a9f0e8482a18d5c51a736ddb1c2344b5
pcre-devel-4.5-4.el4_5.4.ia64.rpm
File outdated by:  RHSA-2007:1068		     2027d9e67ac017b59da16034cc89177c
 
x86_64:
pcre-4.5-4.el4_5.4.i386.rpm
File outdated by:  RHSA-2007:1068		     6c4d5d457bdcd8d9d03b1e825077f55e
pcre-4.5-4.el4_5.4.x86_64.rpm
File outdated by:  RHSA-2007:1068		     1c9d0bb0a1c176950e0469d92d48748a
pcre-devel-4.5-4.el4_5.4.x86_64.rpm
File outdated by:  RHSA-2007:1068		     cb6ac02502f662374d4de938aa2e19c4
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

383341 - CVE-2006-7227 pcre integer overflow
383361 - CVE-2005-4872 pcre incorrect memory requirement computation


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7227
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/