Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2008:147 ] - Updated pcre packages fix vulnerability
From: security () mandriva com
Date: Wed, 16 Jul 2008 00:57:00 -0600


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:147
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : pcre
 Date    : July 15, 2008
 Affected: 2007.1, 2008.0, 2008.1
 _______________________________________________________________________
 
 Problem Description:
 
 Tavis Ormandy of the Google Security Team discovered a heap-based
 buffer overflow when compiling certain regular expression patterns.
 This could be used by a malicious attacker by sending a specially
 crafted regular expression to an application using the PCRE library,
 resulting in the possible execution of arbitrary code or a denial of
 service (CVE-2008-2371).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2371
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.1:
 a3e3934cb41d04b4a15a3e50d884abbc  2007.1/i586/libpcre0-7.3-0.3mdv2007.1.i586.rpm
 fca86a5adfb2c972f4adb2b99990f3a8  2007.1/i586/libpcre-devel-7.3-0.3mdv2007.1.i586.rpm
 7d81a63b51aea4b3d3385ac5d03f9d69  2007.1/i586/pcre-7.3-0.3mdv2007.1.i586.rpm 
 c258d42150bf39a9f4175b9d17a336cd  2007.1/SRPMS/pcre-7.3-0.3mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 af61b2559878c624ec2c8f293e221fd8  2007.1/x86_64/lib64pcre0-7.3-0.3mdv2007.1.x86_64.rpm
 8be415d8476a87a8994e84db6188395d  2007.1/x86_64/lib64pcre-devel-7.3-0.3mdv2007.1.x86_64.rpm
 4d9fd3c6fbbda0e7e2c6bac3c865ec8d  2007.1/x86_64/pcre-7.3-0.3mdv2007.1.x86_64.rpm 
 c258d42150bf39a9f4175b9d17a336cd  2007.1/SRPMS/pcre-7.3-0.3mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 1c21e71318e14c7362eb673f3d4d4a7e  2008.0/i586/libpcre0-7.3-1.2mdv2008.0.i586.rpm
 d36505e192f28cfd9f4242df50c0e1d1  2008.0/i586/libpcre-devel-7.3-1.2mdv2008.0.i586.rpm
 9ae42fd97fa6dbb0834eae3fe80186fc  2008.0/i586/pcre-7.3-1.2mdv2008.0.i586.rpm 
 3aed84571823dcc78347c5578de8c3ab  2008.0/SRPMS/pcre-7.3-1.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 622f55bf529e5c2a657d871a7e1b45d6  2008.0/x86_64/lib64pcre0-7.3-1.2mdv2008.0.x86_64.rpm
 115746711305143d1be0025478bfccfe  2008.0/x86_64/lib64pcre-devel-7.3-1.2mdv2008.0.x86_64.rpm
 c5eced7185fa66c92753d0e54078fa3a  2008.0/x86_64/pcre-7.3-1.2mdv2008.0.x86_64.rpm 
 3aed84571823dcc78347c5578de8c3ab  2008.0/SRPMS/pcre-7.3-1.2mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 45e7f158494fe2f9cd2b3be3dc4f9c30  2008.1/i586/libpcre0-7.6-2.1mdv2008.1.i586.rpm
 64a7ebd228c824f0eeabfc1de2f3af8f  2008.1/i586/libpcre-devel-7.6-2.1mdv2008.1.i586.rpm
 0637ebeb63a52ff1c6675e6a185aed54  2008.1/i586/pcre-7.6-2.1mdv2008.1.i586.rpm 
 aa16262a74bf569d8184328334bb480c  2008.1/SRPMS/pcre-7.6-2.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 4180d16683a363b7d912bd9af780e4fc  2008.1/x86_64/lib64pcre0-7.6-2.1mdv2008.1.x86_64.rpm
 5cc4e7a0297942f840c000d52b44e93a  2008.1/x86_64/lib64pcre-devel-7.6-2.1mdv2008.1.x86_64.rpm
 70251c4bcaf5847c0c4ff6e534bc30cf  2008.1/x86_64/pcre-7.6-2.1mdv2008.1.x86_64.rpm 
 aa16262a74bf569d8184328334bb480c  2008.1/SRPMS/pcre-7.6-2.1mdv2008.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIfXGJmqjQ0CJFipgRAs2wAKCXtpSXuT5R1ykcw2vssAlx4yqroACg50Cj
dkdyyca6+h6yUMN/1/J4f4Q=
=lc00
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2008:147 ] - Updated pcre packages fix vulnerability security (Jul 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]