Skip to navigation

Security Advisory Critical: pcre security update

Advisory: RHSA-2007:0968-2
Type: Security Advisory
Severity: Critical
Issued on: 2007-11-05
Last updated on: 2007-11-05
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.5.z)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.5.z)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2007-1660

Details

Updated pcre packages that correct two security flaws are now available for
Red Hat Enterprise Linux 4.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

PCRE is a Perl-compatible regular expression library.

Multiple flaws were found in the way pcre handles certain malformed regular
expressions. If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it may be possible to run arbitrary
code as the user running the application. (CVE-2007-1660)

Users of pcre are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

Red Hat would like to thank Tavis Ormandy and Will Drewry for properly
disclosing these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
pcre-4.5-4.el4_5.1.src.rpm
File outdated by:  RHSA-2007:1068
    MD5: d2bf1a695fbb25449e583dcdf1c2adc3
 
IA-32:
pcre-4.5-4.el4_5.1.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 170f0f43d5605415c654ccbec4272b76
pcre-devel-4.5-4.el4_5.1.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 25e5f95b21f055328b7f223b82682c18
 
x86_64:
pcre-4.5-4.el4_5.1.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 170f0f43d5605415c654ccbec4272b76
pcre-4.5-4.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2007:1068
    MD5: 96c23c6f94616735252c926308bd5037
pcre-devel-4.5-4.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2007:1068
    MD5: 91ace1c63dd58660bd06673252f992d7
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
pcre-4.5-4.el4_5.1.src.rpm
File outdated by:  RHSA-2007:1068
    MD5: d2bf1a695fbb25449e583dcdf1c2adc3
 
IA-32:
pcre-4.5-4.el4_5.1.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 170f0f43d5605415c654ccbec4272b76
pcre-devel-4.5-4.el4_5.1.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 25e5f95b21f055328b7f223b82682c18
 
IA-64:
pcre-4.5-4.el4_5.1.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 170f0f43d5605415c654ccbec4272b76
pcre-4.5-4.el4_5.1.ia64.rpm
File outdated by:  RHSA-2007:1068
    MD5: 09735dc1d899a27490fbaefbf801e453
pcre-devel-4.5-4.el4_5.1.ia64.rpm
File outdated by:  RHSA-2007:1068
    MD5: 3e3c83e3a8c1b28b1d5d5a3e2efbf8f0
 
PPC:
pcre-4.5-4.el4_5.1.ppc.rpm
File outdated by:  RHSA-2007:1068
    MD5: 39ceb7698118cfb31004434f6ce39e2f
pcre-4.5-4.el4_5.1.ppc64.rpm
File outdated by:  RHSA-2007:1068
    MD5: 7a66762a3067ff36eb141d50e2f178c2
pcre-devel-4.5-4.el4_5.1.ppc.rpm
File outdated by:  RHSA-2007:1068
    MD5: 27c02138dc61651befd584d7564e87c1
 
s390:
pcre-4.5-4.el4_5.1.s390.rpm
File outdated by:  RHSA-2007:1068
    MD5: d29fff61e69fc677350e8dce17f6dc2d
pcre-devel-4.5-4.el4_5.1.s390.rpm
File outdated by:  RHSA-2007:1068
    MD5: f17dc61991ff18330387a01022878cd1
 
s390x:
pcre-4.5-4.el4_5.1.s390.rpm
File outdated by:  RHSA-2007:1068
    MD5: d29fff61e69fc677350e8dce17f6dc2d
pcre-4.5-4.el4_5.1.s390x.rpm
File outdated by:  RHSA-2007:1068
    MD5: 233bf6ee5aab5c1394589b35e0a240ac
pcre-devel-4.5-4.el4_5.1.s390x.rpm
File outdated by:  RHSA-2007:1068
    MD5: 43b1cdaf5aba84efc34b6219a411e1c8
 
x86_64:
pcre-4.5-4.el4_5.1.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 170f0f43d5605415c654ccbec4272b76
pcre-4.5-4.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2007:1068
    MD5: 96c23c6f94616735252c926308bd5037
pcre-devel-4.5-4.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2007:1068
    MD5: 91ace1c63dd58660bd06673252f992d7
 
Red Hat Enterprise Linux AS (v. 4.5.z)

SRPMS:
pcre-4.5-4.el4_5.1.src.rpm
File outdated by:  RHSA-2007:1068
    MD5: d2bf1a695fbb25449e583dcdf1c2adc3
 
IA-32:
pcre-4.5-4.el4_5.1.i386.rpm     MD5: 170f0f43d5605415c654ccbec4272b76
pcre-devel-4.5-4.el4_5.1.i386.rpm     MD5: 25e5f95b21f055328b7f223b82682c18
 
IA-64:
pcre-4.5-4.el4_5.1.i386.rpm     MD5: 170f0f43d5605415c654ccbec4272b76
pcre-4.5-4.el4_5.1.ia64.rpm     MD5: 09735dc1d899a27490fbaefbf801e453
pcre-devel-4.5-4.el4_5.1.ia64.rpm     MD5: 3e3c83e3a8c1b28b1d5d5a3e2efbf8f0
 
PPC:
pcre-4.5-4.el4_5.1.ppc.rpm     MD5: 39ceb7698118cfb31004434f6ce39e2f
pcre-4.5-4.el4_5.1.ppc64.rpm     MD5: 7a66762a3067ff36eb141d50e2f178c2
pcre-devel-4.5-4.el4_5.1.ppc.rpm     MD5: 27c02138dc61651befd584d7564e87c1
 
s390:
pcre-4.5-4.el4_5.1.s390.rpm     MD5: d29fff61e69fc677350e8dce17f6dc2d
pcre-devel-4.5-4.el4_5.1.s390.rpm     MD5: f17dc61991ff18330387a01022878cd1
 
s390x:
pcre-4.5-4.el4_5.1.s390.rpm     MD5: d29fff61e69fc677350e8dce17f6dc2d
pcre-4.5-4.el4_5.1.s390x.rpm     MD5: 233bf6ee5aab5c1394589b35e0a240ac
pcre-devel-4.5-4.el4_5.1.s390x.rpm     MD5: 43b1cdaf5aba84efc34b6219a411e1c8
 
x86_64:
pcre-4.5-4.el4_5.1.i386.rpm     MD5: 170f0f43d5605415c654ccbec4272b76
pcre-4.5-4.el4_5.1.x86_64.rpm     MD5: 96c23c6f94616735252c926308bd5037
pcre-devel-4.5-4.el4_5.1.x86_64.rpm     MD5: 91ace1c63dd58660bd06673252f992d7
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
pcre-4.5-4.el4_5.1.src.rpm
File outdated by:  RHSA-2007:1068
    MD5: d2bf1a695fbb25449e583dcdf1c2adc3
 
IA-32:
pcre-4.5-4.el4_5.1.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 170f0f43d5605415c654ccbec4272b76
pcre-devel-4.5-4.el4_5.1.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 25e5f95b21f055328b7f223b82682c18
 
IA-64:
pcre-4.5-4.el4_5.1.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 170f0f43d5605415c654ccbec4272b76
pcre-4.5-4.el4_5.1.ia64.rpm
File outdated by:  RHSA-2007:1068
    MD5: 09735dc1d899a27490fbaefbf801e453
pcre-devel-4.5-4.el4_5.1.ia64.rpm
File outdated by:  RHSA-2007:1068
    MD5: 3e3c83e3a8c1b28b1d5d5a3e2efbf8f0
 
x86_64:
pcre-4.5-4.el4_5.1.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 170f0f43d5605415c654ccbec4272b76
pcre-4.5-4.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2007:1068
    MD5: 96c23c6f94616735252c926308bd5037
pcre-devel-4.5-4.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2007:1068
    MD5: 91ace1c63dd58660bd06673252f992d7
 
Red Hat Enterprise Linux ES (v. 4.5.z)

SRPMS:
pcre-4.5-4.el4_5.1.src.rpm
File outdated by:  RHSA-2007:1068
    MD5: d2bf1a695fbb25449e583dcdf1c2adc3
 
IA-32:
pcre-4.5-4.el4_5.1.i386.rpm     MD5: 170f0f43d5605415c654ccbec4272b76
pcre-devel-4.5-4.el4_5.1.i386.rpm     MD5: 25e5f95b21f055328b7f223b82682c18
 
IA-64:
pcre-4.5-4.el4_5.1.i386.rpm     MD5: 170f0f43d5605415c654ccbec4272b76
pcre-4.5-4.el4_5.1.ia64.rpm     MD5: 09735dc1d899a27490fbaefbf801e453
pcre-devel-4.5-4.el4_5.1.ia64.rpm     MD5: 3e3c83e3a8c1b28b1d5d5a3e2efbf8f0
 
x86_64:
pcre-4.5-4.el4_5.1.i386.rpm     MD5: 170f0f43d5605415c654ccbec4272b76
pcre-4.5-4.el4_5.1.x86_64.rpm     MD5: 96c23c6f94616735252c926308bd5037
pcre-devel-4.5-4.el4_5.1.x86_64.rpm     MD5: 91ace1c63dd58660bd06673252f992d7
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
pcre-4.5-4.el4_5.1.src.rpm
File outdated by:  RHSA-2007:1068
    MD5: d2bf1a695fbb25449e583dcdf1c2adc3
 
IA-32:
pcre-4.5-4.el4_5.1.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 170f0f43d5605415c654ccbec4272b76
pcre-devel-4.5-4.el4_5.1.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 25e5f95b21f055328b7f223b82682c18
 
IA-64:
pcre-4.5-4.el4_5.1.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 170f0f43d5605415c654ccbec4272b76
pcre-4.5-4.el4_5.1.ia64.rpm
File outdated by:  RHSA-2007:1068
    MD5: 09735dc1d899a27490fbaefbf801e453
pcre-devel-4.5-4.el4_5.1.ia64.rpm
File outdated by:  RHSA-2007:1068
    MD5: 3e3c83e3a8c1b28b1d5d5a3e2efbf8f0
 
x86_64:
pcre-4.5-4.el4_5.1.i386.rpm
File outdated by:  RHSA-2007:1068
    MD5: 170f0f43d5605415c654ccbec4272b76
pcre-4.5-4.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2007:1068
    MD5: 96c23c6f94616735252c926308bd5037
pcre-devel-4.5-4.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2007:1068
    MD5: 91ace1c63dd58660bd06673252f992d7
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

315881 - CVE-2007-1660 pcre regular expression flaws


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/