Red Hat Product Errata RHSA-2007:0967 - Security Advisory
Issued:
2007-11-05
Updated:
2007-11-05

RHSA-2007:0967 - Security Advisory

Synopsis

Critical: pcre security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated pcre packages that correct two security flaws are now available for
Red Hat Enterprise Linux 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Description

PCRE is a Perl-compatible regular expression library.

Multiple flaws were found in the way pcre handles certain malformed regular
expressions. If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it may be possible to run arbitrary
code as the user running the application. (CVE-2007-1659, CVE-2007-1660)

Users of pcre are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

Red Hat would like to thank Tavis Ormandy and Will Drewry for properly
disclosing these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 315871 - CVE-2007-1659 pcre regular expression flaws
  • BZ - 315881 - CVE-2007-1660 pcre regular expression flaws

Red Hat Enterprise Linux Server 5

SRPM
pcre-6.6-2.el5_0.1.src.rpm SHA-256: 0d6ede5f2b7046a7a7880ba0f5f1840363d198e05bd38c0541707deb57e64939
x86_64
pcre-6.6-2.el5_0.1.i386.rpm SHA-256: b4b139f1288107fce09fe9258e67227566d19c4740e75f5d2d90fef0fb17ad31
pcre-6.6-2.el5_0.1.x86_64.rpm SHA-256: 3bf69d5bc52ea9d18d41d4dc499a10ba7ae13cfc9e1ba5da22f7d5f9bf8db478
pcre-devel-6.6-2.el5_0.1.i386.rpm SHA-256: 060b538f71f37086dc00a3cac919d070bdd5f733424eab27231f241c92d1fc7a
pcre-devel-6.6-2.el5_0.1.x86_64.rpm SHA-256: 2428986d8a9984e7550b547eade2037f1c78de9306452b57f199237f5ebb2937
ia64
pcre-6.6-2.el5_0.1.ia64.rpm SHA-256: e8b7869a6707e88acf44564453f52531145b43d95c43b14458d1726e060da9ed
pcre-devel-6.6-2.el5_0.1.ia64.rpm SHA-256: f5cf42dfd43a4235525c54ed72b51db6705b98443db4b7a52f71fadc3269c3cf
i386
pcre-6.6-2.el5_0.1.i386.rpm SHA-256: b4b139f1288107fce09fe9258e67227566d19c4740e75f5d2d90fef0fb17ad31
pcre-devel-6.6-2.el5_0.1.i386.rpm SHA-256: 060b538f71f37086dc00a3cac919d070bdd5f733424eab27231f241c92d1fc7a

Red Hat Enterprise Linux Workstation 5

SRPM
pcre-6.6-2.el5_0.1.src.rpm SHA-256: 0d6ede5f2b7046a7a7880ba0f5f1840363d198e05bd38c0541707deb57e64939
x86_64
pcre-6.6-2.el5_0.1.i386.rpm SHA-256: b4b139f1288107fce09fe9258e67227566d19c4740e75f5d2d90fef0fb17ad31
pcre-6.6-2.el5_0.1.x86_64.rpm SHA-256: 3bf69d5bc52ea9d18d41d4dc499a10ba7ae13cfc9e1ba5da22f7d5f9bf8db478
pcre-devel-6.6-2.el5_0.1.i386.rpm SHA-256: 060b538f71f37086dc00a3cac919d070bdd5f733424eab27231f241c92d1fc7a
pcre-devel-6.6-2.el5_0.1.x86_64.rpm SHA-256: 2428986d8a9984e7550b547eade2037f1c78de9306452b57f199237f5ebb2937
i386
pcre-6.6-2.el5_0.1.i386.rpm SHA-256: b4b139f1288107fce09fe9258e67227566d19c4740e75f5d2d90fef0fb17ad31
pcre-devel-6.6-2.el5_0.1.i386.rpm SHA-256: 060b538f71f37086dc00a3cac919d070bdd5f733424eab27231f241c92d1fc7a

Red Hat Enterprise Linux Desktop 5

SRPM
pcre-6.6-2.el5_0.1.src.rpm SHA-256: 0d6ede5f2b7046a7a7880ba0f5f1840363d198e05bd38c0541707deb57e64939
x86_64
pcre-6.6-2.el5_0.1.i386.rpm SHA-256: b4b139f1288107fce09fe9258e67227566d19c4740e75f5d2d90fef0fb17ad31
pcre-6.6-2.el5_0.1.x86_64.rpm SHA-256: 3bf69d5bc52ea9d18d41d4dc499a10ba7ae13cfc9e1ba5da22f7d5f9bf8db478
i386
pcre-6.6-2.el5_0.1.i386.rpm SHA-256: b4b139f1288107fce09fe9258e67227566d19c4740e75f5d2d90fef0fb17ad31

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
pcre-6.6-2.el5_0.1.src.rpm SHA-256: 0d6ede5f2b7046a7a7880ba0f5f1840363d198e05bd38c0541707deb57e64939
s390x
pcre-6.6-2.el5_0.1.s390.rpm SHA-256: 72c125853787a1911ff5f03bc9d45196418c9d1232979ea263a3e223b998e827
pcre-6.6-2.el5_0.1.s390x.rpm SHA-256: 628192ceba1011db14fc21b81b08a318e8e0f09063807984bc937e8f274f0b42
pcre-devel-6.6-2.el5_0.1.s390.rpm SHA-256: f62638c0f67c01f120db9482fe9e27ea84f07f05d521fc0e7e0284ae972a7947
pcre-devel-6.6-2.el5_0.1.s390x.rpm SHA-256: d88d8872f76bb41fb3afb48c388cc669a2c6897f85bf9cdb3791055177935abd

Red Hat Enterprise Linux for Power, big endian 5

SRPM
pcre-6.6-2.el5_0.1.src.rpm SHA-256: 0d6ede5f2b7046a7a7880ba0f5f1840363d198e05bd38c0541707deb57e64939
ppc
pcre-6.6-2.el5_0.1.ppc.rpm SHA-256: 07655fade2699ad6396e9c11f2f30efb3442742b5ac66f30ca5c6950be9195bd
pcre-6.6-2.el5_0.1.ppc64.rpm SHA-256: 1cd6c711aed0996928f7f55064a8fdcfddded152139f9afb7d1b13ae2b307003
pcre-devel-6.6-2.el5_0.1.ppc.rpm SHA-256: c26e00604a334a2f5fd0f285487847e4a0923f85c032957d05ad9a8ac71b2e67
pcre-devel-6.6-2.el5_0.1.ppc64.rpm SHA-256: 4c1eb39ce25b33e9c3504735784636dc6d042003edfe93679ab07cb16c4f2611

Red Hat Enterprise Linux Server from RHUI 5

SRPM
pcre-6.6-2.el5_0.1.src.rpm SHA-256: 0d6ede5f2b7046a7a7880ba0f5f1840363d198e05bd38c0541707deb57e64939
x86_64
pcre-6.6-2.el5_0.1.i386.rpm SHA-256: b4b139f1288107fce09fe9258e67227566d19c4740e75f5d2d90fef0fb17ad31
pcre-6.6-2.el5_0.1.x86_64.rpm SHA-256: 3bf69d5bc52ea9d18d41d4dc499a10ba7ae13cfc9e1ba5da22f7d5f9bf8db478
pcre-devel-6.6-2.el5_0.1.i386.rpm SHA-256: 060b538f71f37086dc00a3cac919d070bdd5f733424eab27231f241c92d1fc7a
pcre-devel-6.6-2.el5_0.1.x86_64.rpm SHA-256: 2428986d8a9984e7550b547eade2037f1c78de9306452b57f199237f5ebb2937
i386
pcre-6.6-2.el5_0.1.i386.rpm SHA-256: b4b139f1288107fce09fe9258e67227566d19c4740e75f5d2d90fef0fb17ad31
pcre-devel-6.6-2.el5_0.1.i386.rpm SHA-256: 060b538f71f37086dc00a3cac919d070bdd5f733424eab27231f241c92d1fc7a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.