Issued:: 2005-09-08
Updated:: 2005-09-08

RHSA-2005:761 - Security Advisory

Overview
Updated Packages

Synopsis

pcre security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated pcre packages are now available to correct a security issue.

This update has been rated as having moderate security impact by the
Red Hat Security Response Team

Description

PCRE is a Perl-compatible regular expression library.

An integer overflow flaw was found in PCRE, triggered by a maliciously
crafted regular expression. On systems that accept arbitrary regular
expressions from untrusted users, this could be exploited to execute
arbitrary code with the privileges of the application using the library.
The Common Vulnerabilities and Exposures project assigned the name
CAN-2005-2491 to this issue.

The security impact of this issue varies depending on the way that
applications make use of PCRE. For example, the Apache web server uses the
system PCRE library in order to parse regular expressions, but this flaw
would only allow a user who already has the ability to write .htaccess
files to gain 'apache' privileges. For applications supplied with Red Hat
Enterprise Linux, a maximum security impact of moderate has been assigned.

Users should update to these erratum packages that contain a backported
patch to correct this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

After updating you will need to restart all services that use the system
PCRE library. This can be done manually or by rebooting your system.

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux Server 2 ia64
Red Hat Enterprise Linux Server 2 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Workstation 2 ia64
Red Hat Enterprise Linux Workstation 2 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

BZ - 166330 - CAN-2005-2491 PCRE heap overflow

CVEs

CVE-2005-2491

References

(none)

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
x86_64
pcre-4.5-3.2.RHEL4.i386.rpm	SHA-256: c7fed2ca08a7e7ba49c13c388b6cbe32f8d03822e59dff585da4e81c556588ff
pcre-4.5-3.2.RHEL4.i386.rpm	SHA-256: c7fed2ca08a7e7ba49c13c388b6cbe32f8d03822e59dff585da4e81c556588ff
pcre-4.5-3.2.RHEL4.x86_64.rpm	SHA-256: 128bde0d0f8d25a9cddd4044dc98f9cfe973ea9f6c3b6e543fb64bc805ade949
pcre-4.5-3.2.RHEL4.x86_64.rpm	SHA-256: 128bde0d0f8d25a9cddd4044dc98f9cfe973ea9f6c3b6e543fb64bc805ade949
pcre-devel-4.5-3.2.RHEL4.x86_64.rpm	SHA-256: 914e7f5eeb57592d459942dc81554a18ab333bfc156d4118eae77c68dd4b9192
pcre-devel-4.5-3.2.RHEL4.x86_64.rpm	SHA-256: 914e7f5eeb57592d459942dc81554a18ab333bfc156d4118eae77c68dd4b9192
ia64
pcre-4.5-3.2.RHEL4.i386.rpm	SHA-256: c7fed2ca08a7e7ba49c13c388b6cbe32f8d03822e59dff585da4e81c556588ff
pcre-4.5-3.2.RHEL4.i386.rpm	SHA-256: c7fed2ca08a7e7ba49c13c388b6cbe32f8d03822e59dff585da4e81c556588ff
pcre-4.5-3.2.RHEL4.ia64.rpm	SHA-256: 565ac38033385e4ea4b8e713dcd42cce9bfdb4b48de77aec64691f7d331845cd
pcre-4.5-3.2.RHEL4.ia64.rpm	SHA-256: 565ac38033385e4ea4b8e713dcd42cce9bfdb4b48de77aec64691f7d331845cd
pcre-devel-4.5-3.2.RHEL4.ia64.rpm	SHA-256: b93c120bd6967eee0672f059ecc6974111e59ccb5c65946461f4839c43a34cdb
pcre-devel-4.5-3.2.RHEL4.ia64.rpm	SHA-256: b93c120bd6967eee0672f059ecc6974111e59ccb5c65946461f4839c43a34cdb
i386
pcre-4.5-3.2.RHEL4.i386.rpm	SHA-256: c7fed2ca08a7e7ba49c13c388b6cbe32f8d03822e59dff585da4e81c556588ff
pcre-4.5-3.2.RHEL4.i386.rpm	SHA-256: c7fed2ca08a7e7ba49c13c388b6cbe32f8d03822e59dff585da4e81c556588ff
pcre-devel-4.5-3.2.RHEL4.i386.rpm	SHA-256: 833834913b20644cffb3cf257f02113819092084a83a09ada017f873fc3b6bec
pcre-devel-4.5-3.2.RHEL4.i386.rpm	SHA-256: 833834913b20644cffb3cf257f02113819092084a83a09ada017f873fc3b6bec

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server 2

SRPM
ia64
i386

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
pcre-4.5-3.2.RHEL4.i386.rpm	SHA-256: c7fed2ca08a7e7ba49c13c388b6cbe32f8d03822e59dff585da4e81c556588ff
pcre-4.5-3.2.RHEL4.x86_64.rpm	SHA-256: 128bde0d0f8d25a9cddd4044dc98f9cfe973ea9f6c3b6e543fb64bc805ade949
pcre-devel-4.5-3.2.RHEL4.x86_64.rpm	SHA-256: 914e7f5eeb57592d459942dc81554a18ab333bfc156d4118eae77c68dd4b9192
ia64
pcre-4.5-3.2.RHEL4.i386.rpm	SHA-256: c7fed2ca08a7e7ba49c13c388b6cbe32f8d03822e59dff585da4e81c556588ff
pcre-4.5-3.2.RHEL4.ia64.rpm	SHA-256: 565ac38033385e4ea4b8e713dcd42cce9bfdb4b48de77aec64691f7d331845cd
pcre-devel-4.5-3.2.RHEL4.ia64.rpm	SHA-256: b93c120bd6967eee0672f059ecc6974111e59ccb5c65946461f4839c43a34cdb
i386
pcre-4.5-3.2.RHEL4.i386.rpm	SHA-256: c7fed2ca08a7e7ba49c13c388b6cbe32f8d03822e59dff585da4e81c556588ff
pcre-devel-4.5-3.2.RHEL4.i386.rpm	SHA-256: 833834913b20644cffb3cf257f02113819092084a83a09ada017f873fc3b6bec

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 2

SRPM
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
pcre-4.5-3.2.RHEL4.i386.rpm	SHA-256: c7fed2ca08a7e7ba49c13c388b6cbe32f8d03822e59dff585da4e81c556588ff
pcre-4.5-3.2.RHEL4.x86_64.rpm	SHA-256: 128bde0d0f8d25a9cddd4044dc98f9cfe973ea9f6c3b6e543fb64bc805ade949
pcre-devel-4.5-3.2.RHEL4.x86_64.rpm	SHA-256: 914e7f5eeb57592d459942dc81554a18ab333bfc156d4118eae77c68dd4b9192
i386
pcre-4.5-3.2.RHEL4.i386.rpm	SHA-256: c7fed2ca08a7e7ba49c13c388b6cbe32f8d03822e59dff585da4e81c556588ff
pcre-devel-4.5-3.2.RHEL4.i386.rpm	SHA-256: 833834913b20644cffb3cf257f02113819092084a83a09ada017f873fc3b6bec

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
s390x
pcre-4.5-3.2.RHEL4.s390.rpm	SHA-256: 7a57a199eb0cc9ac2045ec33337dbe4fca9e0231399ac2c17236cb56ef3fecc9
pcre-4.5-3.2.RHEL4.s390x.rpm	SHA-256: b356f1818b0123e89620b21c30e14c7e60c43beacac5cf41128e471a955fb4eb
pcre-devel-4.5-3.2.RHEL4.s390x.rpm	SHA-256: c1eef8e0184805aa7b9e526c66b0706e65c36d71ff8b04bc9bd436dc4583f5fe
s390
pcre-4.5-3.2.RHEL4.s390.rpm	SHA-256: 7a57a199eb0cc9ac2045ec33337dbe4fca9e0231399ac2c17236cb56ef3fecc9
pcre-devel-4.5-3.2.RHEL4.s390.rpm	SHA-256: 683ba463850a4531747bbfe5b0bfe322c446f62646a15c66aecc4e7980468e64

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
pcre-4.5-3.2.RHEL4.ppc.rpm	SHA-256: 83c5e774337e9c2e7e6b64bb317e18fe5d82134a33bb97102276de705506c81a
pcre-4.5-3.2.RHEL4.ppc64.rpm	SHA-256: 1244bf6a81a951c599d31592d7fb8edbe27b8f08fe158f9d009931655b2c4949
pcre-devel-4.5-3.2.RHEL4.ppc.rpm	SHA-256: f51f54e79ecf1a0869e530f80deebc1cd8667e47e10f13ad85c462fce819532d

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation