Red Hat Product Errata RHSA-2007:0967 - Security Advisory

Issued:: 2007-11-05
Updated:: 2007-11-05

RHSA-2007:0967 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: pcre security update

Type/Severity

Security Advisory: Critical

Topic

Updated pcre packages that correct two security flaws are now available for
Red Hat Enterprise Linux 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Description

PCRE is a Perl-compatible regular expression library.

Multiple flaws were found in the way pcre handles certain malformed regular
expressions. If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it may be possible to run arbitrary
code as the user running the application. (CVE-2007-1659, CVE-2007-1660)

Users of pcre are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

Red Hat would like to thank Tavis Ormandy and Will Drewry for properly
disclosing these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 315871 - CVE-2007-1659 pcre regular expression flaws
BZ - 315881 - CVE-2007-1660 pcre regular expression flaws

CVEs

References

http://www.redhat.com/security/updates/classification/#critical

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
pcre-6.6-2.el5_0.1.src.rpm	SHA-256: 0d6ede5f2b7046a7a7880ba0f5f1840363d198e05bd38c0541707deb57e64939
x86_64
pcre-6.6-2.el5_0.1.i386.rpm	SHA-256: b4b139f1288107fce09fe9258e67227566d19c4740e75f5d2d90fef0fb17ad31
pcre-6.6-2.el5_0.1.x86_64.rpm	SHA-256: 3bf69d5bc52ea9d18d41d4dc499a10ba7ae13cfc9e1ba5da22f7d5f9bf8db478
pcre-devel-6.6-2.el5_0.1.i386.rpm	SHA-256: 060b538f71f37086dc00a3cac919d070bdd5f733424eab27231f241c92d1fc7a
pcre-devel-6.6-2.el5_0.1.x86_64.rpm	SHA-256: 2428986d8a9984e7550b547eade2037f1c78de9306452b57f199237f5ebb2937
ia64
pcre-6.6-2.el5_0.1.ia64.rpm	SHA-256: e8b7869a6707e88acf44564453f52531145b43d95c43b14458d1726e060da9ed
pcre-devel-6.6-2.el5_0.1.ia64.rpm	SHA-256: f5cf42dfd43a4235525c54ed72b51db6705b98443db4b7a52f71fadc3269c3cf
i386
pcre-6.6-2.el5_0.1.i386.rpm	SHA-256: b4b139f1288107fce09fe9258e67227566d19c4740e75f5d2d90fef0fb17ad31
pcre-devel-6.6-2.el5_0.1.i386.rpm	SHA-256: 060b538f71f37086dc00a3cac919d070bdd5f733424eab27231f241c92d1fc7a

Red Hat Enterprise Linux Workstation 5

SRPM
pcre-6.6-2.el5_0.1.src.rpm	SHA-256: 0d6ede5f2b7046a7a7880ba0f5f1840363d198e05bd38c0541707deb57e64939
x86_64
pcre-6.6-2.el5_0.1.i386.rpm	SHA-256: b4b139f1288107fce09fe9258e67227566d19c4740e75f5d2d90fef0fb17ad31
pcre-6.6-2.el5_0.1.x86_64.rpm	SHA-256: 3bf69d5bc52ea9d18d41d4dc499a10ba7ae13cfc9e1ba5da22f7d5f9bf8db478
pcre-devel-6.6-2.el5_0.1.i386.rpm	SHA-256: 060b538f71f37086dc00a3cac919d070bdd5f733424eab27231f241c92d1fc7a
pcre-devel-6.6-2.el5_0.1.x86_64.rpm	SHA-256: 2428986d8a9984e7550b547eade2037f1c78de9306452b57f199237f5ebb2937
i386
pcre-6.6-2.el5_0.1.i386.rpm	SHA-256: b4b139f1288107fce09fe9258e67227566d19c4740e75f5d2d90fef0fb17ad31
pcre-devel-6.6-2.el5_0.1.i386.rpm	SHA-256: 060b538f71f37086dc00a3cac919d070bdd5f733424eab27231f241c92d1fc7a

Red Hat Enterprise Linux Desktop 5

SRPM
pcre-6.6-2.el5_0.1.src.rpm	SHA-256: 0d6ede5f2b7046a7a7880ba0f5f1840363d198e05bd38c0541707deb57e64939
x86_64
pcre-6.6-2.el5_0.1.i386.rpm	SHA-256: b4b139f1288107fce09fe9258e67227566d19c4740e75f5d2d90fef0fb17ad31
pcre-6.6-2.el5_0.1.x86_64.rpm	SHA-256: 3bf69d5bc52ea9d18d41d4dc499a10ba7ae13cfc9e1ba5da22f7d5f9bf8db478
i386
pcre-6.6-2.el5_0.1.i386.rpm	SHA-256: b4b139f1288107fce09fe9258e67227566d19c4740e75f5d2d90fef0fb17ad31

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
pcre-6.6-2.el5_0.1.src.rpm	SHA-256: 0d6ede5f2b7046a7a7880ba0f5f1840363d198e05bd38c0541707deb57e64939
s390x
pcre-6.6-2.el5_0.1.s390.rpm	SHA-256: 72c125853787a1911ff5f03bc9d45196418c9d1232979ea263a3e223b998e827
pcre-6.6-2.el5_0.1.s390x.rpm	SHA-256: 628192ceba1011db14fc21b81b08a318e8e0f09063807984bc937e8f274f0b42
pcre-devel-6.6-2.el5_0.1.s390.rpm	SHA-256: f62638c0f67c01f120db9482fe9e27ea84f07f05d521fc0e7e0284ae972a7947
pcre-devel-6.6-2.el5_0.1.s390x.rpm	SHA-256: d88d8872f76bb41fb3afb48c388cc669a2c6897f85bf9cdb3791055177935abd

Red Hat Enterprise Linux for Power, big endian 5

SRPM
pcre-6.6-2.el5_0.1.src.rpm	SHA-256: 0d6ede5f2b7046a7a7880ba0f5f1840363d198e05bd38c0541707deb57e64939
ppc
pcre-6.6-2.el5_0.1.ppc.rpm	SHA-256: 07655fade2699ad6396e9c11f2f30efb3442742b5ac66f30ca5c6950be9195bd
pcre-6.6-2.el5_0.1.ppc64.rpm	SHA-256: 1cd6c711aed0996928f7f55064a8fdcfddded152139f9afb7d1b13ae2b307003
pcre-devel-6.6-2.el5_0.1.ppc.rpm	SHA-256: c26e00604a334a2f5fd0f285487847e4a0923f85c032957d05ad9a8ac71b2e67
pcre-devel-6.6-2.el5_0.1.ppc64.rpm	SHA-256: 4c1eb39ce25b33e9c3504735784636dc6d042003edfe93679ab07cb16c4f2611

Red Hat Enterprise Linux Server from RHUI 5

SRPM
pcre-6.6-2.el5_0.1.src.rpm	SHA-256: 0d6ede5f2b7046a7a7880ba0f5f1840363d198e05bd38c0541707deb57e64939
x86_64
pcre-6.6-2.el5_0.1.i386.rpm	SHA-256: b4b139f1288107fce09fe9258e67227566d19c4740e75f5d2d90fef0fb17ad31
pcre-6.6-2.el5_0.1.x86_64.rpm	SHA-256: 3bf69d5bc52ea9d18d41d4dc499a10ba7ae13cfc9e1ba5da22f7d5f9bf8db478
pcre-devel-6.6-2.el5_0.1.i386.rpm	SHA-256: 060b538f71f37086dc00a3cac919d070bdd5f733424eab27231f241c92d1fc7a
pcre-devel-6.6-2.el5_0.1.x86_64.rpm	SHA-256: 2428986d8a9984e7550b547eade2037f1c78de9306452b57f199237f5ebb2937
i386
pcre-6.6-2.el5_0.1.i386.rpm	SHA-256: b4b139f1288107fce09fe9258e67227566d19c4740e75f5d2d90fef0fb17ad31
pcre-devel-6.6-2.el5_0.1.i386.rpm	SHA-256: 060b538f71f37086dc00a3cac919d070bdd5f733424eab27231f241c92d1fc7a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories