Skip to navigation

Security Advisory Important: pcre security update

Advisory: RHSA-2007:1068-3
Type: Security Advisory
Severity: Important
Issued on: 2007-11-29
Last updated on: 2007-11-29
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.6.z)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.6.z)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2006-7225
CVE-2006-7226
CVE-2006-7228
CVE-2006-7230
CVE-2007-1659

Details

Updated pcre packages that resolve several security issues are now
available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

PCRE is a Perl-compatible regular expression library.

Flaws were discovered in the way PCRE handles certain malformed regular
expressions. If an application linked against PCRE, such as Konqueror,
parses a malicious regular expression, it may have been possible to run
arbitrary code as the user running the application.
(CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659)

Users of PCRE are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.

Red Hat would like to thank Ludwig Nussel for reporting these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
pcre-4.5-4.el4_6.6.src.rpm     MD5: 3fc0fdaf84b06cdf5788640cff0026f6
 
IA-32:
pcre-4.5-4.el4_6.6.i386.rpm     MD5: 2fc7dcfeab667b57d6cd72b3900e23e4
pcre-devel-4.5-4.el4_6.6.i386.rpm     MD5: 9965f80d4d5ab3b571ab3c3cc9898990
 
x86_64:
pcre-4.5-4.el4_6.6.i386.rpm     MD5: 2fc7dcfeab667b57d6cd72b3900e23e4
pcre-4.5-4.el4_6.6.x86_64.rpm     MD5: 5ec42946ee8eea49029ff7b06ee58234
pcre-devel-4.5-4.el4_6.6.x86_64.rpm     MD5: d2464456a160a001ee8810a35235b3ae
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
pcre-4.5-4.el4_6.6.src.rpm     MD5: 3fc0fdaf84b06cdf5788640cff0026f6
 
IA-32:
pcre-4.5-4.el4_6.6.i386.rpm     MD5: 2fc7dcfeab667b57d6cd72b3900e23e4
pcre-devel-4.5-4.el4_6.6.i386.rpm     MD5: 9965f80d4d5ab3b571ab3c3cc9898990
 
IA-64:
pcre-4.5-4.el4_6.6.i386.rpm     MD5: 2fc7dcfeab667b57d6cd72b3900e23e4
pcre-4.5-4.el4_6.6.ia64.rpm     MD5: 33f4eab971ef408facd1641eabaa467a
pcre-devel-4.5-4.el4_6.6.ia64.rpm     MD5: 6dfe274bd09371d8e0de10c5cc92bc26
 
PPC:
pcre-4.5-4.el4_6.6.ppc.rpm     MD5: 47acc99aadd1698c477beb54465e13f9
pcre-4.5-4.el4_6.6.ppc64.rpm     MD5: c7bc58a2b1b45cba707f6e32f6b5182b
pcre-devel-4.5-4.el4_6.6.ppc.rpm     MD5: ffc58e305b91c427bab0f1d536bf8e3a
 
s390:
pcre-4.5-4.el4_6.6.s390.rpm     MD5: db4e05d53ed8fb12030d2f6684d9d869
pcre-devel-4.5-4.el4_6.6.s390.rpm     MD5: 28d5cef76bf6ad728e777cd80e0e6628
 
s390x:
pcre-4.5-4.el4_6.6.s390.rpm     MD5: db4e05d53ed8fb12030d2f6684d9d869
pcre-4.5-4.el4_6.6.s390x.rpm     MD5: 934cdcaa114cd70bf10f089fff41fea1
pcre-devel-4.5-4.el4_6.6.s390x.rpm     MD5: f8589e25f1c60407ae174a941b3fa51f
 
x86_64:
pcre-4.5-4.el4_6.6.i386.rpm     MD5: 2fc7dcfeab667b57d6cd72b3900e23e4
pcre-4.5-4.el4_6.6.x86_64.rpm     MD5: 5ec42946ee8eea49029ff7b06ee58234
pcre-devel-4.5-4.el4_6.6.x86_64.rpm     MD5: d2464456a160a001ee8810a35235b3ae
 
Red Hat Enterprise Linux AS (v. 4.6.z)

SRPMS:
pcre-4.5-4.el4_6.6.src.rpm     MD5: 3fc0fdaf84b06cdf5788640cff0026f6
 
IA-32:
pcre-4.5-4.el4_6.6.i386.rpm     MD5: 2fc7dcfeab667b57d6cd72b3900e23e4
pcre-devel-4.5-4.el4_6.6.i386.rpm     MD5: 9965f80d4d5ab3b571ab3c3cc9898990
 
IA-64:
pcre-4.5-4.el4_6.6.i386.rpm     MD5: 2fc7dcfeab667b57d6cd72b3900e23e4
pcre-4.5-4.el4_6.6.ia64.rpm     MD5: 33f4eab971ef408facd1641eabaa467a
pcre-devel-4.5-4.el4_6.6.ia64.rpm     MD5: 6dfe274bd09371d8e0de10c5cc92bc26
 
PPC:
pcre-4.5-4.el4_6.6.ppc.rpm     MD5: 47acc99aadd1698c477beb54465e13f9
pcre-4.5-4.el4_6.6.ppc64.rpm     MD5: c7bc58a2b1b45cba707f6e32f6b5182b
pcre-devel-4.5-4.el4_6.6.ppc.rpm     MD5: ffc58e305b91c427bab0f1d536bf8e3a
 
s390:
pcre-4.5-4.el4_6.6.s390.rpm     MD5: db4e05d53ed8fb12030d2f6684d9d869
pcre-devel-4.5-4.el4_6.6.s390.rpm     MD5: 28d5cef76bf6ad728e777cd80e0e6628
 
s390x:
pcre-4.5-4.el4_6.6.s390.rpm     MD5: db4e05d53ed8fb12030d2f6684d9d869
pcre-4.5-4.el4_6.6.s390x.rpm     MD5: 934cdcaa114cd70bf10f089fff41fea1
pcre-devel-4.5-4.el4_6.6.s390x.rpm     MD5: f8589e25f1c60407ae174a941b3fa51f
 
x86_64:
pcre-4.5-4.el4_6.6.i386.rpm     MD5: 2fc7dcfeab667b57d6cd72b3900e23e4
pcre-4.5-4.el4_6.6.x86_64.rpm     MD5: 5ec42946ee8eea49029ff7b06ee58234
pcre-devel-4.5-4.el4_6.6.x86_64.rpm     MD5: d2464456a160a001ee8810a35235b3ae
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
pcre-4.5-4.el4_6.6.src.rpm     MD5: 3fc0fdaf84b06cdf5788640cff0026f6
 
IA-32:
pcre-4.5-4.el4_6.6.i386.rpm     MD5: 2fc7dcfeab667b57d6cd72b3900e23e4
pcre-devel-4.5-4.el4_6.6.i386.rpm     MD5: 9965f80d4d5ab3b571ab3c3cc9898990
 
IA-64:
pcre-4.5-4.el4_6.6.i386.rpm     MD5: 2fc7dcfeab667b57d6cd72b3900e23e4
pcre-4.5-4.el4_6.6.ia64.rpm     MD5: 33f4eab971ef408facd1641eabaa467a
pcre-devel-4.5-4.el4_6.6.ia64.rpm     MD5: 6dfe274bd09371d8e0de10c5cc92bc26
 
x86_64:
pcre-4.5-4.el4_6.6.i386.rpm     MD5: 2fc7dcfeab667b57d6cd72b3900e23e4
pcre-4.5-4.el4_6.6.x86_64.rpm     MD5: 5ec42946ee8eea49029ff7b06ee58234
pcre-devel-4.5-4.el4_6.6.x86_64.rpm     MD5: d2464456a160a001ee8810a35235b3ae
 
Red Hat Enterprise Linux ES (v. 4.6.z)

SRPMS:
pcre-4.5-4.el4_6.6.src.rpm     MD5: 3fc0fdaf84b06cdf5788640cff0026f6
 
IA-32:
pcre-4.5-4.el4_6.6.i386.rpm     MD5: 2fc7dcfeab667b57d6cd72b3900e23e4
pcre-devel-4.5-4.el4_6.6.i386.rpm     MD5: 9965f80d4d5ab3b571ab3c3cc9898990
 
IA-64:
pcre-4.5-4.el4_6.6.i386.rpm     MD5: 2fc7dcfeab667b57d6cd72b3900e23e4
pcre-4.5-4.el4_6.6.ia64.rpm     MD5: 33f4eab971ef408facd1641eabaa467a
pcre-devel-4.5-4.el4_6.6.ia64.rpm     MD5: 6dfe274bd09371d8e0de10c5cc92bc26
 
x86_64:
pcre-4.5-4.el4_6.6.i386.rpm     MD5: 2fc7dcfeab667b57d6cd72b3900e23e4
pcre-4.5-4.el4_6.6.x86_64.rpm     MD5: 5ec42946ee8eea49029ff7b06ee58234
pcre-devel-4.5-4.el4_6.6.x86_64.rpm     MD5: d2464456a160a001ee8810a35235b3ae
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
pcre-4.5-4.el4_6.6.src.rpm     MD5: 3fc0fdaf84b06cdf5788640cff0026f6
 
IA-32:
pcre-4.5-4.el4_6.6.i386.rpm     MD5: 2fc7dcfeab667b57d6cd72b3900e23e4
pcre-devel-4.5-4.el4_6.6.i386.rpm     MD5: 9965f80d4d5ab3b571ab3c3cc9898990
 
IA-64:
pcre-4.5-4.el4_6.6.i386.rpm     MD5: 2fc7dcfeab667b57d6cd72b3900e23e4
pcre-4.5-4.el4_6.6.ia64.rpm     MD5: 33f4eab971ef408facd1641eabaa467a
pcre-devel-4.5-4.el4_6.6.ia64.rpm     MD5: 6dfe274bd09371d8e0de10c5cc92bc26
 
x86_64:
pcre-4.5-4.el4_6.6.i386.rpm     MD5: 2fc7dcfeab667b57d6cd72b3900e23e4
pcre-4.5-4.el4_6.6.x86_64.rpm     MD5: 5ec42946ee8eea49029ff7b06ee58234
pcre-devel-4.5-4.el4_6.6.x86_64.rpm     MD5: d2464456a160a001ee8810a35235b3ae
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

315871 - CVE-2007-1659 pcre regular expression flaws
383371 - CVE-2006-7228 pcre integer overflow
384761 - CVE-2006-7225 pcre miscalculation of memory requirements for malformed Posix character class
384781 - CVE-2006-7226 pcre miscalculation of memory requirements for repeated subpattern containing a named recursion or subroutine reference
384801 - CVE-2006-7230 pcre miscalculation of memory requirements if options are changed during pattern compilation


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/