Red Hat Product Errata RHSA-2007:0968 - Security Advisory

Issued:: 2007-11-05
Updated:: 2007-11-05

RHSA-2007:0968 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: pcre security update

Type/Severity

Security Advisory: Critical

Topic

Updated pcre packages that correct two security flaws are now available for
Red Hat Enterprise Linux 4.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Description

PCRE is a Perl-compatible regular expression library.

Multiple flaws were found in the way pcre handles certain malformed regular
expressions. If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it may be possible to run arbitrary
code as the user running the application. (CVE-2007-1660)

Users of pcre are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

Red Hat would like to thank Tavis Ormandy and Will Drewry for properly
disclosing these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server - Extended Update Support 4.5 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 4.5 ia64
Red Hat Enterprise Linux Server - Extended Update Support 4.5 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5 ppc

Fixes

BZ - 315881 - CVE-2007-1660 pcre regular expression flaws

CVEs

CVE-2007-1660

References

http://www.redhat.com/security/updates/classification/#critical

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
pcre-4.5-4.el4_5.1.src.rpm	SHA-256: 9b42c437b5b7fcfe43aef04068253aa71e393221375823a8b0b0c49cafc2d4f4
x86_64
pcre-4.5-4.el4_5.1.i386.rpm	SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.i386.rpm	SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.x86_64.rpm	SHA-256: e48684c70f1aefee62a5196b0068aeaccc224472cfec3ce7f43cb3e57c5b5e68
pcre-4.5-4.el4_5.1.x86_64.rpm	SHA-256: e48684c70f1aefee62a5196b0068aeaccc224472cfec3ce7f43cb3e57c5b5e68
pcre-devel-4.5-4.el4_5.1.x86_64.rpm	SHA-256: a72f93138cf6c90a7238f9e172851252800fd3d7f7b533d0dc9493164f0afdd9
pcre-devel-4.5-4.el4_5.1.x86_64.rpm	SHA-256: a72f93138cf6c90a7238f9e172851252800fd3d7f7b533d0dc9493164f0afdd9
ia64
pcre-4.5-4.el4_5.1.i386.rpm	SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.i386.rpm	SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.ia64.rpm	SHA-256: 5191feb6f8dd9a74f083fb3eba993d8e1ba960bf2ed0c4f0ab0147b8bf9ca948
pcre-4.5-4.el4_5.1.ia64.rpm	SHA-256: 5191feb6f8dd9a74f083fb3eba993d8e1ba960bf2ed0c4f0ab0147b8bf9ca948
pcre-devel-4.5-4.el4_5.1.ia64.rpm	SHA-256: 66f35a02a2f391d62e50c13ce36cc54e57e96485cb0801816d2312e682a6fb8a
pcre-devel-4.5-4.el4_5.1.ia64.rpm	SHA-256: 66f35a02a2f391d62e50c13ce36cc54e57e96485cb0801816d2312e682a6fb8a
i386
pcre-4.5-4.el4_5.1.i386.rpm	SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.i386.rpm	SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-devel-4.5-4.el4_5.1.i386.rpm	SHA-256: 72311276cf8420ebe37a5c086fdfea28841cd961c59f1d72a4ff5fd360982448
pcre-devel-4.5-4.el4_5.1.i386.rpm	SHA-256: 72311276cf8420ebe37a5c086fdfea28841cd961c59f1d72a4ff5fd360982448

Red Hat Enterprise Linux Server - Extended Update Support 4.5

SRPM
pcre-4.5-4.el4_5.1.src.rpm	SHA-256: 9b42c437b5b7fcfe43aef04068253aa71e393221375823a8b0b0c49cafc2d4f4
x86_64
pcre-4.5-4.el4_5.1.i386.rpm	SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.i386.rpm	SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.x86_64.rpm	SHA-256: e48684c70f1aefee62a5196b0068aeaccc224472cfec3ce7f43cb3e57c5b5e68
pcre-4.5-4.el4_5.1.x86_64.rpm	SHA-256: e48684c70f1aefee62a5196b0068aeaccc224472cfec3ce7f43cb3e57c5b5e68
pcre-devel-4.5-4.el4_5.1.x86_64.rpm	SHA-256: a72f93138cf6c90a7238f9e172851252800fd3d7f7b533d0dc9493164f0afdd9
pcre-devel-4.5-4.el4_5.1.x86_64.rpm	SHA-256: a72f93138cf6c90a7238f9e172851252800fd3d7f7b533d0dc9493164f0afdd9
ia64
pcre-4.5-4.el4_5.1.i386.rpm	SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.i386.rpm	SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.ia64.rpm	SHA-256: 5191feb6f8dd9a74f083fb3eba993d8e1ba960bf2ed0c4f0ab0147b8bf9ca948
pcre-4.5-4.el4_5.1.ia64.rpm	SHA-256: 5191feb6f8dd9a74f083fb3eba993d8e1ba960bf2ed0c4f0ab0147b8bf9ca948
pcre-devel-4.5-4.el4_5.1.ia64.rpm	SHA-256: 66f35a02a2f391d62e50c13ce36cc54e57e96485cb0801816d2312e682a6fb8a
pcre-devel-4.5-4.el4_5.1.ia64.rpm	SHA-256: 66f35a02a2f391d62e50c13ce36cc54e57e96485cb0801816d2312e682a6fb8a
i386
pcre-4.5-4.el4_5.1.i386.rpm	SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.i386.rpm	SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-devel-4.5-4.el4_5.1.i386.rpm	SHA-256: 72311276cf8420ebe37a5c086fdfea28841cd961c59f1d72a4ff5fd360982448
pcre-devel-4.5-4.el4_5.1.i386.rpm	SHA-256: 72311276cf8420ebe37a5c086fdfea28841cd961c59f1d72a4ff5fd360982448

Red Hat Enterprise Linux Workstation 4

SRPM
pcre-4.5-4.el4_5.1.src.rpm	SHA-256: 9b42c437b5b7fcfe43aef04068253aa71e393221375823a8b0b0c49cafc2d4f4
x86_64
pcre-4.5-4.el4_5.1.i386.rpm	SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.x86_64.rpm	SHA-256: e48684c70f1aefee62a5196b0068aeaccc224472cfec3ce7f43cb3e57c5b5e68
pcre-devel-4.5-4.el4_5.1.x86_64.rpm	SHA-256: a72f93138cf6c90a7238f9e172851252800fd3d7f7b533d0dc9493164f0afdd9
ia64
pcre-4.5-4.el4_5.1.i386.rpm	SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.ia64.rpm	SHA-256: 5191feb6f8dd9a74f083fb3eba993d8e1ba960bf2ed0c4f0ab0147b8bf9ca948
pcre-devel-4.5-4.el4_5.1.ia64.rpm	SHA-256: 66f35a02a2f391d62e50c13ce36cc54e57e96485cb0801816d2312e682a6fb8a
i386
pcre-4.5-4.el4_5.1.i386.rpm	SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-devel-4.5-4.el4_5.1.i386.rpm	SHA-256: 72311276cf8420ebe37a5c086fdfea28841cd961c59f1d72a4ff5fd360982448

Red Hat Enterprise Linux Desktop 4

SRPM
pcre-4.5-4.el4_5.1.src.rpm	SHA-256: 9b42c437b5b7fcfe43aef04068253aa71e393221375823a8b0b0c49cafc2d4f4
x86_64
pcre-4.5-4.el4_5.1.i386.rpm	SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.x86_64.rpm	SHA-256: e48684c70f1aefee62a5196b0068aeaccc224472cfec3ce7f43cb3e57c5b5e68
pcre-devel-4.5-4.el4_5.1.x86_64.rpm	SHA-256: a72f93138cf6c90a7238f9e172851252800fd3d7f7b533d0dc9493164f0afdd9
i386
pcre-4.5-4.el4_5.1.i386.rpm	SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-devel-4.5-4.el4_5.1.i386.rpm	SHA-256: 72311276cf8420ebe37a5c086fdfea28841cd961c59f1d72a4ff5fd360982448

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
pcre-4.5-4.el4_5.1.src.rpm	SHA-256: 9b42c437b5b7fcfe43aef04068253aa71e393221375823a8b0b0c49cafc2d4f4
s390x
pcre-4.5-4.el4_5.1.s390.rpm	SHA-256: bddefbfb9b6d683b5afabac7d7ace0f983086a5fc82d2e937b5a2d78ed78fe4d
pcre-4.5-4.el4_5.1.s390x.rpm	SHA-256: 8abb3b7cc5a233533a35cd5701b777a551343aaec08389e128838b4b67981797
pcre-devel-4.5-4.el4_5.1.s390x.rpm	SHA-256: 59c517b6a981f653e6cf6760781834ff64dc0f2e3158d30662b2d16cb83b33fe
s390
pcre-4.5-4.el4_5.1.s390.rpm	SHA-256: bddefbfb9b6d683b5afabac7d7ace0f983086a5fc82d2e937b5a2d78ed78fe4d
pcre-devel-4.5-4.el4_5.1.s390.rpm	SHA-256: 3aabadad77f645cd5ca8fe1833ce4f9a7e8c6de23b50545f3aa72a9ab4b69623

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5

SRPM
pcre-4.5-4.el4_5.1.src.rpm	SHA-256: 9b42c437b5b7fcfe43aef04068253aa71e393221375823a8b0b0c49cafc2d4f4
s390x
pcre-4.5-4.el4_5.1.s390.rpm	SHA-256: bddefbfb9b6d683b5afabac7d7ace0f983086a5fc82d2e937b5a2d78ed78fe4d
pcre-4.5-4.el4_5.1.s390x.rpm	SHA-256: 8abb3b7cc5a233533a35cd5701b777a551343aaec08389e128838b4b67981797
pcre-devel-4.5-4.el4_5.1.s390x.rpm	SHA-256: 59c517b6a981f653e6cf6760781834ff64dc0f2e3158d30662b2d16cb83b33fe
s390
pcre-4.5-4.el4_5.1.s390.rpm	SHA-256: bddefbfb9b6d683b5afabac7d7ace0f983086a5fc82d2e937b5a2d78ed78fe4d
pcre-devel-4.5-4.el4_5.1.s390.rpm	SHA-256: 3aabadad77f645cd5ca8fe1833ce4f9a7e8c6de23b50545f3aa72a9ab4b69623

Red Hat Enterprise Linux for Power, big endian 4

SRPM
pcre-4.5-4.el4_5.1.src.rpm	SHA-256: 9b42c437b5b7fcfe43aef04068253aa71e393221375823a8b0b0c49cafc2d4f4
ppc
pcre-4.5-4.el4_5.1.ppc.rpm	SHA-256: b7817d07e0c2a556e4d41ec2ac60b6bf465e7bfff8e8a4f8773c412f796bd2b2
pcre-4.5-4.el4_5.1.ppc64.rpm	SHA-256: 84c441a40528684e9f8e75ac6f8bc78e5b5a145dd04decabfba8b890b5c49a52
pcre-devel-4.5-4.el4_5.1.ppc.rpm	SHA-256: e444b8486b1446ebf8691a0de697162b44e9a821a769ae5f1668af4c4444ca2b

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5

SRPM
pcre-4.5-4.el4_5.1.src.rpm	SHA-256: 9b42c437b5b7fcfe43aef04068253aa71e393221375823a8b0b0c49cafc2d4f4
ppc
pcre-4.5-4.el4_5.1.ppc.rpm	SHA-256: b7817d07e0c2a556e4d41ec2ac60b6bf465e7bfff8e8a4f8773c412f796bd2b2
pcre-4.5-4.el4_5.1.ppc64.rpm	SHA-256: 84c441a40528684e9f8e75ac6f8bc78e5b5a145dd04decabfba8b890b5c49a52
pcre-devel-4.5-4.el4_5.1.ppc.rpm	SHA-256: e444b8486b1446ebf8691a0de697162b44e9a821a769ae5f1668af4c4444ca2b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories