-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- --------------------------------------------------------------------- Red Hat Security Advisory
Synopsis: Moderate: pcre security update Advisory ID: RHSA-2005:761-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-761.html Issue date: 2005-09-08 Updated on: 2005-09-08 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2491 - ---------------------------------------------------------------------
1. Summary:
Updated pcre packages are now available to correct a security issue.
This update has been rated as having moderate security impact by the Red Hat Security Response Team
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
PCRE is a Perl-compatible regular expression library.
An integer overflow flaw was found in PCRE, triggered by a maliciously crafted regular expression. On systems that accept arbitrary regular expressions from untrusted users, this could be exploited to execute arbitrary code with the privileges of the application using the library. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2491 to this issue.
The security impact of this issue varies depending on the way that applications make use of PCRE. For example, the Apache web server uses the system PCRE library in order to parse regular expressions, but this flaw would only allow a user who already has the ability to write .htaccess files to gain 'apache' privileges. For applications supplied with Red Hat Enterprise Linux, a maximum security impact of moderate has been assigned.
Users should update to these erratum packages that contain a backported patch to correct this issue.
4. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.
After updating you will need to restart all services that use the system PCRE library. This can be done manually or by rebooting your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
166330 - CAN-2005-2491 PCRE heap overflow
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/pcre-3.4-2.2.src.rpm 2fe96f7440e58dd2bf4a55ee451f3d39 pcre-3.4-2.2.src.rpm
i386: 12129fa5f54f8f5916ede338b189aa0a pcre-3.4-2.2.i386.rpm d07c334a30b6d2294b3976f49e593e03 pcre-devel-3.4-2.2.i386.rpm
ia64: ea95b853cc42dd45b659010847effd65 pcre-3.4-2.2.ia64.rpm 1fd6f118be4f11bf61246d81a071a9bb pcre-devel-3.4-2.2.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/pcre-3.4-2.2.src.rpm 2fe96f7440e58dd2bf4a55ee451f3d39 pcre-3.4-2.2.src.rpm
ia64: ea95b853cc42dd45b659010847effd65 pcre-3.4-2.2.ia64.rpm 1fd6f118be4f11bf61246d81a071a9bb pcre-devel-3.4-2.2.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/pcre-3.4-2.2.src.rpm 2fe96f7440e58dd2bf4a55ee451f3d39 pcre-3.4-2.2.src.rpm
i386: 12129fa5f54f8f5916ede338b189aa0a pcre-3.4-2.2.i386.rpm d07c334a30b6d2294b3976f49e593e03 pcre-devel-3.4-2.2.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/pcre-3.4-2.2.src.rpm 2fe96f7440e58dd2bf4a55ee451f3d39 pcre-3.4-2.2.src.rpm
i386: 12129fa5f54f8f5916ede338b189aa0a pcre-3.4-2.2.i386.rpm d07c334a30b6d2294b3976f49e593e03 pcre-devel-3.4-2.2.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/pcre-3.9-10.2.src.rpm 587ab1e44061fafb3a4a29d4533d6c0a pcre-3.9-10.2.src.rpm
i386: 4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm 769958cd03a22d82e79008f292b3fdb3 pcre-devel-3.9-10.2.i386.rpm
ia64: 4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm 0c974951ac22c79bd637af7248529a0f pcre-3.9-10.2.ia64.rpm 7a42e3ae5f7881a5217542c8d440e17b pcre-devel-3.9-10.2.ia64.rpm
ppc: 7eaf9c1a30bbbf85e96e1d5046dfd12a pcre-3.9-10.2.ppc.rpm d154acf6a5e613905022b273395784e1 pcre-3.9-10.2.ppc64.rpm 542c1342632c67fc040f42ba8cd0a9d6 pcre-devel-3.9-10.2.ppc.rpm
s390: 6708bc5e0b5965151c2e5c6b92c3c184 pcre-3.9-10.2.s390.rpm f3f58299cd1652392a2ba82d5cf9e1c9 pcre-devel-3.9-10.2.s390.rpm
s390x: 6708bc5e0b5965151c2e5c6b92c3c184 pcre-3.9-10.2.s390.rpm 84626e37f2d5a1015f9c81d4cb908cd9 pcre-3.9-10.2.s390x.rpm 9a31dd113f2aa99d979881881cb1fc82 pcre-devel-3.9-10.2.s390x.rpm
x86_64: 4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm 635232acaa561ea9a5c649ef98ea209b pcre-3.9-10.2.x86_64.rpm eda6e9d9752e1224cb31f645d34fd938 pcre-devel-3.9-10.2.x86_64.rpm
Red Hat Desktop version 3:
SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/pcre-3.9-10.2.src.rpm 587ab1e44061fafb3a4a29d4533d6c0a pcre-3.9-10.2.src.rpm
i386: 4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm 769958cd03a22d82e79008f292b3fdb3 pcre-devel-3.9-10.2.i386.rpm
x86_64: 4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm 635232acaa561ea9a5c649ef98ea209b pcre-3.9-10.2.x86_64.rpm eda6e9d9752e1224cb31f645d34fd938 pcre-devel-3.9-10.2.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/pcre-3.9-10.2.src.rpm 587ab1e44061fafb3a4a29d4533d6c0a pcre-3.9-10.2.src.rpm
i386: 4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm 769958cd03a22d82e79008f292b3fdb3 pcre-devel-3.9-10.2.i386.rpm
ia64: 4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm 0c974951ac22c79bd637af7248529a0f pcre-3.9-10.2.ia64.rpm 7a42e3ae5f7881a5217542c8d440e17b pcre-devel-3.9-10.2.ia64.rpm
x86_64: 4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm 635232acaa561ea9a5c649ef98ea209b pcre-3.9-10.2.x86_64.rpm eda6e9d9752e1224cb31f645d34fd938 pcre-devel-3.9-10.2.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/pcre-3.9-10.2.src.rpm 587ab1e44061fafb3a4a29d4533d6c0a pcre-3.9-10.2.src.rpm
i386: 4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm 769958cd03a22d82e79008f292b3fdb3 pcre-devel-3.9-10.2.i386.rpm
ia64: 4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm 0c974951ac22c79bd637af7248529a0f pcre-3.9-10.2.ia64.rpm 7a42e3ae5f7881a5217542c8d440e17b pcre-devel-3.9-10.2.ia64.rpm
x86_64: 4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm 635232acaa561ea9a5c649ef98ea209b pcre-3.9-10.2.x86_64.rpm eda6e9d9752e1224cb31f645d34fd938 pcre-devel-3.9-10.2.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/pcre-4.5-3.2.RHEL4.src.rpm e3f1d831c654c609a1152cc40fcbd61b pcre-4.5-3.2.RHEL4.src.rpm
i386: 7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm 48c6ab5365b9b18b7de7715870ab33a0 pcre-devel-4.5-3.2.RHEL4.i386.rpm
ia64: 7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm a30a41d023dd1ef8352ce192aeb06789 pcre-4.5-3.2.RHEL4.ia64.rpm eb0d0b13edae2486a16062f28538f5b2 pcre-devel-4.5-3.2.RHEL4.ia64.rpm
ppc: 896951b63b6db04f6a18c7959ed3f3fe pcre-4.5-3.2.RHEL4.ppc.rpm 64279f3c3032512a532ecd7305ea9c42 pcre-4.5-3.2.RHEL4.ppc64.rpm a860dc1420d25e2b8456162456fcedca pcre-devel-4.5-3.2.RHEL4.ppc.rpm
s390: c1042264456245cfac1d3c4d74adee8c pcre-4.5-3.2.RHEL4.s390.rpm e6751b4459b644bd5d5a8716e6fdccca pcre-devel-4.5-3.2.RHEL4.s390.rpm
s390x: c1042264456245cfac1d3c4d74adee8c pcre-4.5-3.2.RHEL4.s390.rpm 22ed73d94c926516b399015c9d558b8e pcre-4.5-3.2.RHEL4.s390x.rpm dec668e2b159953d3203edea4422da7f pcre-devel-4.5-3.2.RHEL4.s390x.rpm
x86_64: 7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm 36eca0a2d4ef427e414997c60f569929 pcre-4.5-3.2.RHEL4.x86_64.rpm 7b63529fa847ae87ede25d1ef9880743 pcre-devel-4.5-3.2.RHEL4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: pcre-4.5-3.2.RHEL4.src.rpm e3f1d831c654c609a1152cc40fcbd61b pcre-4.5-3.2.RHEL4.src.rpm
i386: 7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm 48c6ab5365b9b18b7de7715870ab33a0 pcre-devel-4.5-3.2.RHEL4.i386.rpm
x86_64: 7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm 36eca0a2d4ef427e414997c60f569929 pcre-4.5-3.2.RHEL4.x86_64.rpm 7b63529fa847ae87ede25d1ef9880743 pcre-devel-4.5-3.2.RHEL4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/pcre-4.5-3.2.RHEL4.src.rpm e3f1d831c654c609a1152cc40fcbd61b pcre-4.5-3.2.RHEL4.src.rpm
i386: 7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm 48c6ab5365b9b18b7de7715870ab33a0 pcre-devel-4.5-3.2.RHEL4.i386.rpm
ia64: 7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm a30a41d023dd1ef8352ce192aeb06789 pcre-4.5-3.2.RHEL4.ia64.rpm eb0d0b13edae2486a16062f28538f5b2 pcre-devel-4.5-3.2.RHEL4.ia64.rpm
x86_64: 7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm 36eca0a2d4ef427e414997c60f569929 pcre-4.5-3.2.RHEL4.x86_64.rpm 7b63529fa847ae87ede25d1ef9880743 pcre-devel-4.5-3.2.RHEL4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/pcre-4.5-3.2.RHEL4.src.rpm e3f1d831c654c609a1152cc40fcbd61b pcre-4.5-3.2.RHEL4.src.rpm
i386: 7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm 48c6ab5365b9b18b7de7715870ab33a0 pcre-devel-4.5-3.2.RHEL4.i386.rpm
ia64: 7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm a30a41d023dd1ef8352ce192aeb06789 pcre-4.5-3.2.RHEL4.ia64.rpm eb0d0b13edae2486a16062f28538f5b2 pcre-devel-4.5-3.2.RHEL4.ia64.rpm
x86_64: 7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm 36eca0a2d4ef427e414997c60f569929 pcre-4.5-3.2.RHEL4.x86_64.rpm 7b63529fa847ae87ede25d1ef9880743 pcre-devel-4.5-3.2.RHEL4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/
Copyright 2005 Red Hat, Inc.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFDIHRrXlSAg2UNWIIRArAQAJ99/fPSZMdJU9r5f1cZgA3VWgmD1QCfVTF6 fdV4gKlgJeqbjzZE5hEr4XM= =aGJg -----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|