[RHSA-2005:761-02] Moderate: pcre security update

bugzilla at redhat.com bugzilla at redhat.com
Thu Sep 8 17:27:19 UTC 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: pcre security update
Advisory ID:       RHSA-2005:761-02
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-761.html
Issue date:        2005-09-08
Updated on:        2005-09-08
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-2491
- ---------------------------------------------------------------------

1. Summary:

Updated pcre packages are now available to correct a security issue.

This update has been rated as having moderate security impact by the
Red Hat Security Response Team

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

PCRE is a Perl-compatible regular expression library.

An integer overflow flaw was found in PCRE, triggered by a maliciously
crafted regular expression.  On systems that accept arbitrary regular
expressions from untrusted users, this could be exploited to execute
arbitrary code with the privileges of the application using the library.
The Common Vulnerabilities and Exposures project assigned the name
CAN-2005-2491 to this issue.

The security impact of this issue varies depending on the way that
applications make use of PCRE.  For example, the Apache web server uses the
system PCRE library in order to parse regular expressions, but this flaw
would only allow a user who already has the ability to write .htaccess
files to gain 'apache' privileges.  For applications supplied with Red Hat
Enterprise Linux, a maximum security impact of moderate has been assigned.

Users should update to these erratum packages that contain a backported
patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

After updating you will need to restart all services that use the system
PCRE library.  This can be done manually or by rebooting your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

166330 - CAN-2005-2491 PCRE heap overflow


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/pcre-3.4-2.2.src.rpm
2fe96f7440e58dd2bf4a55ee451f3d39  pcre-3.4-2.2.src.rpm

i386:
12129fa5f54f8f5916ede338b189aa0a  pcre-3.4-2.2.i386.rpm
d07c334a30b6d2294b3976f49e593e03  pcre-devel-3.4-2.2.i386.rpm

ia64:
ea95b853cc42dd45b659010847effd65  pcre-3.4-2.2.ia64.rpm
1fd6f118be4f11bf61246d81a071a9bb  pcre-devel-3.4-2.2.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/pcre-3.4-2.2.src.rpm
2fe96f7440e58dd2bf4a55ee451f3d39  pcre-3.4-2.2.src.rpm

ia64:
ea95b853cc42dd45b659010847effd65  pcre-3.4-2.2.ia64.rpm
1fd6f118be4f11bf61246d81a071a9bb  pcre-devel-3.4-2.2.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/pcre-3.4-2.2.src.rpm
2fe96f7440e58dd2bf4a55ee451f3d39  pcre-3.4-2.2.src.rpm

i386:
12129fa5f54f8f5916ede338b189aa0a  pcre-3.4-2.2.i386.rpm
d07c334a30b6d2294b3976f49e593e03  pcre-devel-3.4-2.2.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/pcre-3.4-2.2.src.rpm
2fe96f7440e58dd2bf4a55ee451f3d39  pcre-3.4-2.2.src.rpm

i386:
12129fa5f54f8f5916ede338b189aa0a  pcre-3.4-2.2.i386.rpm
d07c334a30b6d2294b3976f49e593e03  pcre-devel-3.4-2.2.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/pcre-3.9-10.2.src.rpm
587ab1e44061fafb3a4a29d4533d6c0a  pcre-3.9-10.2.src.rpm

i386:
4c02dbc359435be8b00ebbce44031675  pcre-3.9-10.2.i386.rpm
769958cd03a22d82e79008f292b3fdb3  pcre-devel-3.9-10.2.i386.rpm

ia64:
4c02dbc359435be8b00ebbce44031675  pcre-3.9-10.2.i386.rpm
0c974951ac22c79bd637af7248529a0f  pcre-3.9-10.2.ia64.rpm
7a42e3ae5f7881a5217542c8d440e17b  pcre-devel-3.9-10.2.ia64.rpm

ppc:
7eaf9c1a30bbbf85e96e1d5046dfd12a  pcre-3.9-10.2.ppc.rpm
d154acf6a5e613905022b273395784e1  pcre-3.9-10.2.ppc64.rpm
542c1342632c67fc040f42ba8cd0a9d6  pcre-devel-3.9-10.2.ppc.rpm

s390:
6708bc5e0b5965151c2e5c6b92c3c184  pcre-3.9-10.2.s390.rpm
f3f58299cd1652392a2ba82d5cf9e1c9  pcre-devel-3.9-10.2.s390.rpm

s390x:
6708bc5e0b5965151c2e5c6b92c3c184  pcre-3.9-10.2.s390.rpm
84626e37f2d5a1015f9c81d4cb908cd9  pcre-3.9-10.2.s390x.rpm
9a31dd113f2aa99d979881881cb1fc82  pcre-devel-3.9-10.2.s390x.rpm

x86_64:
4c02dbc359435be8b00ebbce44031675  pcre-3.9-10.2.i386.rpm
635232acaa561ea9a5c649ef98ea209b  pcre-3.9-10.2.x86_64.rpm
eda6e9d9752e1224cb31f645d34fd938  pcre-devel-3.9-10.2.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/pcre-3.9-10.2.src.rpm
587ab1e44061fafb3a4a29d4533d6c0a  pcre-3.9-10.2.src.rpm

i386:
4c02dbc359435be8b00ebbce44031675  pcre-3.9-10.2.i386.rpm
769958cd03a22d82e79008f292b3fdb3  pcre-devel-3.9-10.2.i386.rpm

x86_64:
4c02dbc359435be8b00ebbce44031675  pcre-3.9-10.2.i386.rpm
635232acaa561ea9a5c649ef98ea209b  pcre-3.9-10.2.x86_64.rpm
eda6e9d9752e1224cb31f645d34fd938  pcre-devel-3.9-10.2.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/pcre-3.9-10.2.src.rpm
587ab1e44061fafb3a4a29d4533d6c0a  pcre-3.9-10.2.src.rpm

i386:
4c02dbc359435be8b00ebbce44031675  pcre-3.9-10.2.i386.rpm
769958cd03a22d82e79008f292b3fdb3  pcre-devel-3.9-10.2.i386.rpm

ia64:
4c02dbc359435be8b00ebbce44031675  pcre-3.9-10.2.i386.rpm
0c974951ac22c79bd637af7248529a0f  pcre-3.9-10.2.ia64.rpm
7a42e3ae5f7881a5217542c8d440e17b  pcre-devel-3.9-10.2.ia64.rpm

x86_64:
4c02dbc359435be8b00ebbce44031675  pcre-3.9-10.2.i386.rpm
635232acaa561ea9a5c649ef98ea209b  pcre-3.9-10.2.x86_64.rpm
eda6e9d9752e1224cb31f645d34fd938  pcre-devel-3.9-10.2.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/pcre-3.9-10.2.src.rpm
587ab1e44061fafb3a4a29d4533d6c0a  pcre-3.9-10.2.src.rpm

i386:
4c02dbc359435be8b00ebbce44031675  pcre-3.9-10.2.i386.rpm
769958cd03a22d82e79008f292b3fdb3  pcre-devel-3.9-10.2.i386.rpm

ia64:
4c02dbc359435be8b00ebbce44031675  pcre-3.9-10.2.i386.rpm
0c974951ac22c79bd637af7248529a0f  pcre-3.9-10.2.ia64.rpm
7a42e3ae5f7881a5217542c8d440e17b  pcre-devel-3.9-10.2.ia64.rpm

x86_64:
4c02dbc359435be8b00ebbce44031675  pcre-3.9-10.2.i386.rpm
635232acaa561ea9a5c649ef98ea209b  pcre-3.9-10.2.x86_64.rpm
eda6e9d9752e1224cb31f645d34fd938  pcre-devel-3.9-10.2.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/pcre-4.5-3.2.RHEL4.src.rpm
e3f1d831c654c609a1152cc40fcbd61b  pcre-4.5-3.2.RHEL4.src.rpm

i386:
7f0b9db34077e394a3c185d965311d98  pcre-4.5-3.2.RHEL4.i386.rpm
48c6ab5365b9b18b7de7715870ab33a0  pcre-devel-4.5-3.2.RHEL4.i386.rpm

ia64:
7f0b9db34077e394a3c185d965311d98  pcre-4.5-3.2.RHEL4.i386.rpm
a30a41d023dd1ef8352ce192aeb06789  pcre-4.5-3.2.RHEL4.ia64.rpm
eb0d0b13edae2486a16062f28538f5b2  pcre-devel-4.5-3.2.RHEL4.ia64.rpm

ppc:
896951b63b6db04f6a18c7959ed3f3fe  pcre-4.5-3.2.RHEL4.ppc.rpm
64279f3c3032512a532ecd7305ea9c42  pcre-4.5-3.2.RHEL4.ppc64.rpm
a860dc1420d25e2b8456162456fcedca  pcre-devel-4.5-3.2.RHEL4.ppc.rpm

s390:
c1042264456245cfac1d3c4d74adee8c  pcre-4.5-3.2.RHEL4.s390.rpm
e6751b4459b644bd5d5a8716e6fdccca  pcre-devel-4.5-3.2.RHEL4.s390.rpm

s390x:
c1042264456245cfac1d3c4d74adee8c  pcre-4.5-3.2.RHEL4.s390.rpm
22ed73d94c926516b399015c9d558b8e  pcre-4.5-3.2.RHEL4.s390x.rpm
dec668e2b159953d3203edea4422da7f  pcre-devel-4.5-3.2.RHEL4.s390x.rpm

x86_64:
7f0b9db34077e394a3c185d965311d98  pcre-4.5-3.2.RHEL4.i386.rpm
36eca0a2d4ef427e414997c60f569929  pcre-4.5-3.2.RHEL4.x86_64.rpm
7b63529fa847ae87ede25d1ef9880743  pcre-devel-4.5-3.2.RHEL4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/pcre-4.5-3.2.RHEL4.src.rpm
e3f1d831c654c609a1152cc40fcbd61b  pcre-4.5-3.2.RHEL4.src.rpm

i386:
7f0b9db34077e394a3c185d965311d98  pcre-4.5-3.2.RHEL4.i386.rpm
48c6ab5365b9b18b7de7715870ab33a0  pcre-devel-4.5-3.2.RHEL4.i386.rpm

x86_64:
7f0b9db34077e394a3c185d965311d98  pcre-4.5-3.2.RHEL4.i386.rpm
36eca0a2d4ef427e414997c60f569929  pcre-4.5-3.2.RHEL4.x86_64.rpm
7b63529fa847ae87ede25d1ef9880743  pcre-devel-4.5-3.2.RHEL4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/pcre-4.5-3.2.RHEL4.src.rpm
e3f1d831c654c609a1152cc40fcbd61b  pcre-4.5-3.2.RHEL4.src.rpm

i386:
7f0b9db34077e394a3c185d965311d98  pcre-4.5-3.2.RHEL4.i386.rpm
48c6ab5365b9b18b7de7715870ab33a0  pcre-devel-4.5-3.2.RHEL4.i386.rpm

ia64:
7f0b9db34077e394a3c185d965311d98  pcre-4.5-3.2.RHEL4.i386.rpm
a30a41d023dd1ef8352ce192aeb06789  pcre-4.5-3.2.RHEL4.ia64.rpm
eb0d0b13edae2486a16062f28538f5b2  pcre-devel-4.5-3.2.RHEL4.ia64.rpm

x86_64:
7f0b9db34077e394a3c185d965311d98  pcre-4.5-3.2.RHEL4.i386.rpm
36eca0a2d4ef427e414997c60f569929  pcre-4.5-3.2.RHEL4.x86_64.rpm
7b63529fa847ae87ede25d1ef9880743  pcre-devel-4.5-3.2.RHEL4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/pcre-4.5-3.2.RHEL4.src.rpm
e3f1d831c654c609a1152cc40fcbd61b  pcre-4.5-3.2.RHEL4.src.rpm

i386:
7f0b9db34077e394a3c185d965311d98  pcre-4.5-3.2.RHEL4.i386.rpm
48c6ab5365b9b18b7de7715870ab33a0  pcre-devel-4.5-3.2.RHEL4.i386.rpm

ia64:
7f0b9db34077e394a3c185d965311d98  pcre-4.5-3.2.RHEL4.i386.rpm
a30a41d023dd1ef8352ce192aeb06789  pcre-4.5-3.2.RHEL4.ia64.rpm
eb0d0b13edae2486a16062f28538f5b2  pcre-devel-4.5-3.2.RHEL4.ia64.rpm

x86_64:
7f0b9db34077e394a3c185d965311d98  pcre-4.5-3.2.RHEL4.i386.rpm
36eca0a2d4ef427e414997c60f569929  pcre-4.5-3.2.RHEL4.x86_64.rpm
7b63529fa847ae87ede25d1ef9880743  pcre-devel-4.5-3.2.RHEL4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDIHRrXlSAg2UNWIIRArAQAJ99/fPSZMdJU9r5f1cZgA3VWgmD1QCfVTF6
fdV4gKlgJeqbjzZE5hEr4XM=
=aGJg
-----END PGP SIGNATURE-----

More information about the Enterprise-watch-list mailing list