Red Hat Product Errata RHSA-2007:0968 - Security Advisory
Issued:
2007-11-05
Updated:
2007-11-05

RHSA-2007:0968 - Security Advisory

Synopsis

Critical: pcre security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated pcre packages that correct two security flaws are now available for
Red Hat Enterprise Linux 4.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Description

PCRE is a Perl-compatible regular expression library.

Multiple flaws were found in the way pcre handles certain malformed regular
expressions. If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it may be possible to run arbitrary
code as the user running the application. (CVE-2007-1660)

Users of pcre are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

Red Hat would like to thank Tavis Ormandy and Will Drewry for properly
disclosing these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5 ppc

Fixes

  • BZ - 315881 - CVE-2007-1660 pcre regular expression flaws

Red Hat Enterprise Linux Server 4

SRPM
pcre-4.5-4.el4_5.1.src.rpm SHA-256: 9b42c437b5b7fcfe43aef04068253aa71e393221375823a8b0b0c49cafc2d4f4
x86_64
pcre-4.5-4.el4_5.1.i386.rpm SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.i386.rpm SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.x86_64.rpm SHA-256: e48684c70f1aefee62a5196b0068aeaccc224472cfec3ce7f43cb3e57c5b5e68
pcre-4.5-4.el4_5.1.x86_64.rpm SHA-256: e48684c70f1aefee62a5196b0068aeaccc224472cfec3ce7f43cb3e57c5b5e68
pcre-devel-4.5-4.el4_5.1.x86_64.rpm SHA-256: a72f93138cf6c90a7238f9e172851252800fd3d7f7b533d0dc9493164f0afdd9
pcre-devel-4.5-4.el4_5.1.x86_64.rpm SHA-256: a72f93138cf6c90a7238f9e172851252800fd3d7f7b533d0dc9493164f0afdd9
ia64
pcre-4.5-4.el4_5.1.i386.rpm SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.i386.rpm SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.ia64.rpm SHA-256: 5191feb6f8dd9a74f083fb3eba993d8e1ba960bf2ed0c4f0ab0147b8bf9ca948
pcre-4.5-4.el4_5.1.ia64.rpm SHA-256: 5191feb6f8dd9a74f083fb3eba993d8e1ba960bf2ed0c4f0ab0147b8bf9ca948
pcre-devel-4.5-4.el4_5.1.ia64.rpm SHA-256: 66f35a02a2f391d62e50c13ce36cc54e57e96485cb0801816d2312e682a6fb8a
pcre-devel-4.5-4.el4_5.1.ia64.rpm SHA-256: 66f35a02a2f391d62e50c13ce36cc54e57e96485cb0801816d2312e682a6fb8a
i386
pcre-4.5-4.el4_5.1.i386.rpm SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.i386.rpm SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-devel-4.5-4.el4_5.1.i386.rpm SHA-256: 72311276cf8420ebe37a5c086fdfea28841cd961c59f1d72a4ff5fd360982448
pcre-devel-4.5-4.el4_5.1.i386.rpm SHA-256: 72311276cf8420ebe37a5c086fdfea28841cd961c59f1d72a4ff5fd360982448

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5

SRPM
pcre-4.5-4.el4_5.1.src.rpm SHA-256: 9b42c437b5b7fcfe43aef04068253aa71e393221375823a8b0b0c49cafc2d4f4
x86_64
pcre-4.5-4.el4_5.1.i386.rpm SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.i386.rpm SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.x86_64.rpm SHA-256: e48684c70f1aefee62a5196b0068aeaccc224472cfec3ce7f43cb3e57c5b5e68
pcre-4.5-4.el4_5.1.x86_64.rpm SHA-256: e48684c70f1aefee62a5196b0068aeaccc224472cfec3ce7f43cb3e57c5b5e68
pcre-devel-4.5-4.el4_5.1.x86_64.rpm SHA-256: a72f93138cf6c90a7238f9e172851252800fd3d7f7b533d0dc9493164f0afdd9
pcre-devel-4.5-4.el4_5.1.x86_64.rpm SHA-256: a72f93138cf6c90a7238f9e172851252800fd3d7f7b533d0dc9493164f0afdd9
ia64
pcre-4.5-4.el4_5.1.i386.rpm SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.i386.rpm SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.ia64.rpm SHA-256: 5191feb6f8dd9a74f083fb3eba993d8e1ba960bf2ed0c4f0ab0147b8bf9ca948
pcre-4.5-4.el4_5.1.ia64.rpm SHA-256: 5191feb6f8dd9a74f083fb3eba993d8e1ba960bf2ed0c4f0ab0147b8bf9ca948
pcre-devel-4.5-4.el4_5.1.ia64.rpm SHA-256: 66f35a02a2f391d62e50c13ce36cc54e57e96485cb0801816d2312e682a6fb8a
pcre-devel-4.5-4.el4_5.1.ia64.rpm SHA-256: 66f35a02a2f391d62e50c13ce36cc54e57e96485cb0801816d2312e682a6fb8a
i386
pcre-4.5-4.el4_5.1.i386.rpm SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.i386.rpm SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-devel-4.5-4.el4_5.1.i386.rpm SHA-256: 72311276cf8420ebe37a5c086fdfea28841cd961c59f1d72a4ff5fd360982448
pcre-devel-4.5-4.el4_5.1.i386.rpm SHA-256: 72311276cf8420ebe37a5c086fdfea28841cd961c59f1d72a4ff5fd360982448

Red Hat Enterprise Linux Workstation 4

SRPM
pcre-4.5-4.el4_5.1.src.rpm SHA-256: 9b42c437b5b7fcfe43aef04068253aa71e393221375823a8b0b0c49cafc2d4f4
x86_64
pcre-4.5-4.el4_5.1.i386.rpm SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.x86_64.rpm SHA-256: e48684c70f1aefee62a5196b0068aeaccc224472cfec3ce7f43cb3e57c5b5e68
pcre-devel-4.5-4.el4_5.1.x86_64.rpm SHA-256: a72f93138cf6c90a7238f9e172851252800fd3d7f7b533d0dc9493164f0afdd9
ia64
pcre-4.5-4.el4_5.1.i386.rpm SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.ia64.rpm SHA-256: 5191feb6f8dd9a74f083fb3eba993d8e1ba960bf2ed0c4f0ab0147b8bf9ca948
pcre-devel-4.5-4.el4_5.1.ia64.rpm SHA-256: 66f35a02a2f391d62e50c13ce36cc54e57e96485cb0801816d2312e682a6fb8a
i386
pcre-4.5-4.el4_5.1.i386.rpm SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-devel-4.5-4.el4_5.1.i386.rpm SHA-256: 72311276cf8420ebe37a5c086fdfea28841cd961c59f1d72a4ff5fd360982448

Red Hat Enterprise Linux Desktop 4

SRPM
pcre-4.5-4.el4_5.1.src.rpm SHA-256: 9b42c437b5b7fcfe43aef04068253aa71e393221375823a8b0b0c49cafc2d4f4
x86_64
pcre-4.5-4.el4_5.1.i386.rpm SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-4.5-4.el4_5.1.x86_64.rpm SHA-256: e48684c70f1aefee62a5196b0068aeaccc224472cfec3ce7f43cb3e57c5b5e68
pcre-devel-4.5-4.el4_5.1.x86_64.rpm SHA-256: a72f93138cf6c90a7238f9e172851252800fd3d7f7b533d0dc9493164f0afdd9
i386
pcre-4.5-4.el4_5.1.i386.rpm SHA-256: 7b4b6982534fb2258b850a6fbe76344debfb205ce60fea5916208b4e4facba56
pcre-devel-4.5-4.el4_5.1.i386.rpm SHA-256: 72311276cf8420ebe37a5c086fdfea28841cd961c59f1d72a4ff5fd360982448

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
pcre-4.5-4.el4_5.1.src.rpm SHA-256: 9b42c437b5b7fcfe43aef04068253aa71e393221375823a8b0b0c49cafc2d4f4
s390x
pcre-4.5-4.el4_5.1.s390.rpm SHA-256: bddefbfb9b6d683b5afabac7d7ace0f983086a5fc82d2e937b5a2d78ed78fe4d
pcre-4.5-4.el4_5.1.s390x.rpm SHA-256: 8abb3b7cc5a233533a35cd5701b777a551343aaec08389e128838b4b67981797
pcre-devel-4.5-4.el4_5.1.s390x.rpm SHA-256: 59c517b6a981f653e6cf6760781834ff64dc0f2e3158d30662b2d16cb83b33fe
s390
pcre-4.5-4.el4_5.1.s390.rpm SHA-256: bddefbfb9b6d683b5afabac7d7ace0f983086a5fc82d2e937b5a2d78ed78fe4d
pcre-devel-4.5-4.el4_5.1.s390.rpm SHA-256: 3aabadad77f645cd5ca8fe1833ce4f9a7e8c6de23b50545f3aa72a9ab4b69623

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5

SRPM
pcre-4.5-4.el4_5.1.src.rpm SHA-256: 9b42c437b5b7fcfe43aef04068253aa71e393221375823a8b0b0c49cafc2d4f4
s390x
pcre-4.5-4.el4_5.1.s390.rpm SHA-256: bddefbfb9b6d683b5afabac7d7ace0f983086a5fc82d2e937b5a2d78ed78fe4d
pcre-4.5-4.el4_5.1.s390x.rpm SHA-256: 8abb3b7cc5a233533a35cd5701b777a551343aaec08389e128838b4b67981797
pcre-devel-4.5-4.el4_5.1.s390x.rpm SHA-256: 59c517b6a981f653e6cf6760781834ff64dc0f2e3158d30662b2d16cb83b33fe
s390
pcre-4.5-4.el4_5.1.s390.rpm SHA-256: bddefbfb9b6d683b5afabac7d7ace0f983086a5fc82d2e937b5a2d78ed78fe4d
pcre-devel-4.5-4.el4_5.1.s390.rpm SHA-256: 3aabadad77f645cd5ca8fe1833ce4f9a7e8c6de23b50545f3aa72a9ab4b69623

Red Hat Enterprise Linux for Power, big endian 4

SRPM
pcre-4.5-4.el4_5.1.src.rpm SHA-256: 9b42c437b5b7fcfe43aef04068253aa71e393221375823a8b0b0c49cafc2d4f4
ppc
pcre-4.5-4.el4_5.1.ppc.rpm SHA-256: b7817d07e0c2a556e4d41ec2ac60b6bf465e7bfff8e8a4f8773c412f796bd2b2
pcre-4.5-4.el4_5.1.ppc64.rpm SHA-256: 84c441a40528684e9f8e75ac6f8bc78e5b5a145dd04decabfba8b890b5c49a52
pcre-devel-4.5-4.el4_5.1.ppc.rpm SHA-256: e444b8486b1446ebf8691a0de697162b44e9a821a769ae5f1668af4c4444ca2b

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5

SRPM
pcre-4.5-4.el4_5.1.src.rpm SHA-256: 9b42c437b5b7fcfe43aef04068253aa71e393221375823a8b0b0c49cafc2d4f4
ppc
pcre-4.5-4.el4_5.1.ppc.rpm SHA-256: b7817d07e0c2a556e4d41ec2ac60b6bf465e7bfff8e8a4f8773c412f796bd2b2
pcre-4.5-4.el4_5.1.ppc64.rpm SHA-256: 84c441a40528684e9f8e75ac6f8bc78e5b5a145dd04decabfba8b890b5c49a52
pcre-devel-4.5-4.el4_5.1.ppc.rpm SHA-256: e444b8486b1446ebf8691a0de697162b44e9a821a769ae5f1668af4c4444ca2b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.