Skip to navigation

Security Advisory Critical: pcre security update

Advisory: RHSA-2007:0967-2
Type: Security Advisory
Severity: Critical
Issued on: 2007-11-05
Last updated on: 2007-11-05
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2007-1659
CVE-2007-1660

Details

Updated pcre packages that correct two security flaws are now available for
Red Hat Enterprise Linux 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

PCRE is a Perl-compatible regular expression library.

Multiple flaws were found in the way pcre handles certain malformed regular
expressions. If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it may be possible to run arbitrary
code as the user running the application. (CVE-2007-1659, CVE-2007-1660)

Users of pcre are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

Red Hat would like to thank Tavis Ormandy and Will Drewry for properly
disclosing these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
pcre-6.6-2.el5_0.1.src.rpm
File outdated by:  RHBA-2013:1298
    MD5: 37b0c60c16fb136bd5f47082c42a399f
 
IA-32:
pcre-devel-6.6-2.el5_0.1.i386.rpm
File outdated by:  RHBA-2013:1298
    MD5: 55180d96fa4e1b20fcdd580b13c94e76
 
x86_64:
pcre-devel-6.6-2.el5_0.1.i386.rpm
File outdated by:  RHBA-2013:1298
    MD5: 55180d96fa4e1b20fcdd580b13c94e76
pcre-devel-6.6-2.el5_0.1.x86_64.rpm
File outdated by:  RHBA-2013:1298
    MD5: f60b3e0576aeee879d13906ab55519da
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
pcre-6.6-2.el5_0.1.src.rpm
File outdated by:  RHBA-2013:1298
    MD5: 37b0c60c16fb136bd5f47082c42a399f
 
IA-32:
pcre-6.6-2.el5_0.1.i386.rpm
File outdated by:  RHBA-2013:1298
    MD5: 1e0fe12062836b8838d902f6f13005c4
pcre-devel-6.6-2.el5_0.1.i386.rpm
File outdated by:  RHBA-2013:1298
    MD5: 55180d96fa4e1b20fcdd580b13c94e76
 
IA-64:
pcre-6.6-2.el5_0.1.ia64.rpm
File outdated by:  RHBA-2013:1298
    MD5: ef36cfa42ba674ffe2c7201dfb112b59
pcre-devel-6.6-2.el5_0.1.ia64.rpm
File outdated by:  RHBA-2013:1298
    MD5: f0a778987dd0c57bcfe3e763b6395ea7
 
PPC:
pcre-6.6-2.el5_0.1.ppc.rpm
File outdated by:  RHBA-2013:1298
    MD5: a25c490d1f71d860ad5eb772046dbed0
pcre-6.6-2.el5_0.1.ppc64.rpm
File outdated by:  RHBA-2013:1298
    MD5: ed682d10ccf7b2482c7039d14f0df04b
pcre-devel-6.6-2.el5_0.1.ppc.rpm
File outdated by:  RHBA-2013:1298
    MD5: 967f41898c49b310dcf607729dafff69
pcre-devel-6.6-2.el5_0.1.ppc64.rpm
File outdated by:  RHBA-2013:1298
    MD5: 822c7a5c264314d84e70e41353dec898
 
s390x:
pcre-6.6-2.el5_0.1.s390.rpm
File outdated by:  RHBA-2013:1298
    MD5: 6190ac263d58d9160457be33764c0bc4
pcre-6.6-2.el5_0.1.s390x.rpm
File outdated by:  RHBA-2013:1298
    MD5: a41b40a90da5af04c9ed0a713c7b0ee1
pcre-devel-6.6-2.el5_0.1.s390.rpm
File outdated by:  RHBA-2013:1298
    MD5: f39f311df66ee2a124b7d1ccc482ad08
pcre-devel-6.6-2.el5_0.1.s390x.rpm
File outdated by:  RHBA-2013:1298
    MD5: 600e150dfa622a3ca5737223cfbe3eed
 
x86_64:
pcre-6.6-2.el5_0.1.i386.rpm
File outdated by:  RHBA-2013:1298
    MD5: 1e0fe12062836b8838d902f6f13005c4
pcre-6.6-2.el5_0.1.x86_64.rpm
File outdated by:  RHBA-2013:1298
    MD5: 73869b659e16a5c0c4738780b8dbf54a
pcre-devel-6.6-2.el5_0.1.i386.rpm
File outdated by:  RHBA-2013:1298
    MD5: 55180d96fa4e1b20fcdd580b13c94e76
pcre-devel-6.6-2.el5_0.1.x86_64.rpm
File outdated by:  RHBA-2013:1298
    MD5: f60b3e0576aeee879d13906ab55519da
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
pcre-6.6-2.el5_0.1.src.rpm
File outdated by:  RHBA-2013:1298
    MD5: 37b0c60c16fb136bd5f47082c42a399f
 
IA-32:
pcre-6.6-2.el5_0.1.i386.rpm
File outdated by:  RHBA-2013:1298
    MD5: 1e0fe12062836b8838d902f6f13005c4
 
x86_64:
pcre-6.6-2.el5_0.1.i386.rpm
File outdated by:  RHBA-2013:1298
    MD5: 1e0fe12062836b8838d902f6f13005c4
pcre-6.6-2.el5_0.1.x86_64.rpm
File outdated by:  RHBA-2013:1298
    MD5: 73869b659e16a5c0c4738780b8dbf54a
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

315871 - CVE-2007-1659 pcre regular expression flaws
315881 - CVE-2007-1660 pcre regular expression flaws


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/