Issued:: 2007-11-09
Updated:: 2007-11-15

RHSA-2007:1052 - Security Advisory

Overview
Updated Packages

Synopsis

Important: pcre security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated pcre packages that correct security issues are now available for
Red Hat Enterprise Linux 4 and 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

[Updated 15 November 2007]
Further analysis of these flaws in PCRE has led to the single CVE
identifier CVE-2006-7224 being split into three separate identifiers and a
re-analysis of the risk of each of the flaws. We are therefore updating
the text of this advisory to use the correct CVE names for the two flaws
fixed by these erratum packages, and downgrading the security impact of
this advisory from critical to important. No changes have been made to the
packages themselves.

Description

PCRE is a Perl-compatible regular expression library.

Flaws were found in the way PCRE handles certain malformed regular
expressions. If an application linked against PCRE, such as Konqueror,
parses a malicious regular expression, it may be possible to run arbitrary
code as the user running the application. (CVE-2005-4872, CVE-2006-7227)

Users of PCRE are advised to upgrade to these updated packages, which
contain a backported patch to correct these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1 ia64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.1 s390x
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.1 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 383341 - CVE-2006-7227 pcre integer overflow
BZ - 383361 - CVE-2005-4872 pcre incorrect memory requirement computation

CVEs

References

http://www.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
pcre-6.6-2.el5_1.1.src.rpm	SHA-256: 21f10a2c4829fe74fca7eeecaf39f841875aef28262269ba6f5af077d26c362d
x86_64
pcre-6.6-2.el5_1.1.i386.rpm	SHA-256: 76e3d96a7668064e2302dabc34836aebef60940f706f3d06ef3098bf3782479d
pcre-6.6-2.el5_1.1.x86_64.rpm	SHA-256: 3b523cdd10a49680733b9606a04c7b3b0cdec647e798e6af81b4bf93aa0d2c02
pcre-devel-6.6-2.el5_1.1.i386.rpm	SHA-256: fff79512cc28e5e05b7018cd6b3d2d49c3af65c7762160169e1d8ebf7b42e132
pcre-devel-6.6-2.el5_1.1.x86_64.rpm	SHA-256: 185ecc061011f6dd4279320549281a900a050b1172352c19422778ed05b3109f
ia64
pcre-6.6-2.el5_1.1.ia64.rpm	SHA-256: a33c738db70681d8aa91a01ecdeaa4f5b1f6cc6893698847be990d4c629986e1
pcre-devel-6.6-2.el5_1.1.ia64.rpm	SHA-256: eb6e3710ae4ddd5ae87783027c50bd03d8a4dd79b6532e0e05c4a48b6129029e
i386
pcre-6.6-2.el5_1.1.i386.rpm	SHA-256: 76e3d96a7668064e2302dabc34836aebef60940f706f3d06ef3098bf3782479d
pcre-devel-6.6-2.el5_1.1.i386.rpm	SHA-256: fff79512cc28e5e05b7018cd6b3d2d49c3af65c7762160169e1d8ebf7b42e132

Red Hat Enterprise Linux Server 4

SRPM
pcre-4.5-4.el4_5.4.src.rpm	SHA-256: 58ba1089cb491ddc3e4f1d261f9d1b7a2fe508e5102c1e487840e89024ea57ab
x86_64
pcre-4.5-4.el4_5.4.i386.rpm	SHA-256: e686300028500a2ed7c81d303906e9985c1130574975d3b2f7a2e7e91c8616ab
pcre-4.5-4.el4_5.4.i386.rpm	SHA-256: e686300028500a2ed7c81d303906e9985c1130574975d3b2f7a2e7e91c8616ab
pcre-4.5-4.el4_5.4.x86_64.rpm	SHA-256: 812553b0986c07e40d5fc41a8dc06132379e53916f7c839b2a24cd8763ed6e55
pcre-4.5-4.el4_5.4.x86_64.rpm	SHA-256: 812553b0986c07e40d5fc41a8dc06132379e53916f7c839b2a24cd8763ed6e55
pcre-devel-4.5-4.el4_5.4.x86_64.rpm	SHA-256: 9b3f17e59032ec77f2c1756ef52c7d9768c2856a5719088ad18169735c653d37
pcre-devel-4.5-4.el4_5.4.x86_64.rpm	SHA-256: 9b3f17e59032ec77f2c1756ef52c7d9768c2856a5719088ad18169735c653d37
ia64
pcre-4.5-4.el4_5.4.i386.rpm	SHA-256: e686300028500a2ed7c81d303906e9985c1130574975d3b2f7a2e7e91c8616ab
pcre-4.5-4.el4_5.4.i386.rpm	SHA-256: e686300028500a2ed7c81d303906e9985c1130574975d3b2f7a2e7e91c8616ab
pcre-4.5-4.el4_5.4.ia64.rpm	SHA-256: e2ebce35178800ba6855d6c283fba585559e0b03b470aa284d2ff766c9d0f551
pcre-4.5-4.el4_5.4.ia64.rpm	SHA-256: e2ebce35178800ba6855d6c283fba585559e0b03b470aa284d2ff766c9d0f551
pcre-devel-4.5-4.el4_5.4.ia64.rpm	SHA-256: baf1834b855760e90df6fb56ece2d07d94f176a0fea716d1c160bbf09762c335
pcre-devel-4.5-4.el4_5.4.ia64.rpm	SHA-256: baf1834b855760e90df6fb56ece2d07d94f176a0fea716d1c160bbf09762c335
i386
pcre-4.5-4.el4_5.4.i386.rpm	SHA-256: e686300028500a2ed7c81d303906e9985c1130574975d3b2f7a2e7e91c8616ab
pcre-4.5-4.el4_5.4.i386.rpm	SHA-256: e686300028500a2ed7c81d303906e9985c1130574975d3b2f7a2e7e91c8616ab
pcre-devel-4.5-4.el4_5.4.i386.rpm	SHA-256: 36f5354cdc0a016bf83ebfa3377a685a542dfc0698c8370063f97ca269bf563c
pcre-devel-4.5-4.el4_5.4.i386.rpm	SHA-256: 36f5354cdc0a016bf83ebfa3377a685a542dfc0698c8370063f97ca269bf563c

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 5

SRPM
pcre-6.6-2.el5_1.1.src.rpm	SHA-256: 21f10a2c4829fe74fca7eeecaf39f841875aef28262269ba6f5af077d26c362d
x86_64
pcre-6.6-2.el5_1.1.i386.rpm	SHA-256: 76e3d96a7668064e2302dabc34836aebef60940f706f3d06ef3098bf3782479d
pcre-6.6-2.el5_1.1.x86_64.rpm	SHA-256: 3b523cdd10a49680733b9606a04c7b3b0cdec647e798e6af81b4bf93aa0d2c02
pcre-devel-6.6-2.el5_1.1.i386.rpm	SHA-256: fff79512cc28e5e05b7018cd6b3d2d49c3af65c7762160169e1d8ebf7b42e132
pcre-devel-6.6-2.el5_1.1.x86_64.rpm	SHA-256: 185ecc061011f6dd4279320549281a900a050b1172352c19422778ed05b3109f
i386
pcre-6.6-2.el5_1.1.i386.rpm	SHA-256: 76e3d96a7668064e2302dabc34836aebef60940f706f3d06ef3098bf3782479d
pcre-devel-6.6-2.el5_1.1.i386.rpm	SHA-256: fff79512cc28e5e05b7018cd6b3d2d49c3af65c7762160169e1d8ebf7b42e132

Red Hat Enterprise Linux Workstation 4

SRPM
pcre-4.5-4.el4_5.4.src.rpm	SHA-256: 58ba1089cb491ddc3e4f1d261f9d1b7a2fe508e5102c1e487840e89024ea57ab
x86_64
pcre-4.5-4.el4_5.4.i386.rpm	SHA-256: e686300028500a2ed7c81d303906e9985c1130574975d3b2f7a2e7e91c8616ab
pcre-4.5-4.el4_5.4.x86_64.rpm	SHA-256: 812553b0986c07e40d5fc41a8dc06132379e53916f7c839b2a24cd8763ed6e55
pcre-devel-4.5-4.el4_5.4.x86_64.rpm	SHA-256: 9b3f17e59032ec77f2c1756ef52c7d9768c2856a5719088ad18169735c653d37
ia64
pcre-4.5-4.el4_5.4.i386.rpm	SHA-256: e686300028500a2ed7c81d303906e9985c1130574975d3b2f7a2e7e91c8616ab
pcre-4.5-4.el4_5.4.ia64.rpm	SHA-256: e2ebce35178800ba6855d6c283fba585559e0b03b470aa284d2ff766c9d0f551
pcre-devel-4.5-4.el4_5.4.ia64.rpm	SHA-256: baf1834b855760e90df6fb56ece2d07d94f176a0fea716d1c160bbf09762c335
i386
pcre-4.5-4.el4_5.4.i386.rpm	SHA-256: e686300028500a2ed7c81d303906e9985c1130574975d3b2f7a2e7e91c8616ab
pcre-devel-4.5-4.el4_5.4.i386.rpm	SHA-256: 36f5354cdc0a016bf83ebfa3377a685a542dfc0698c8370063f97ca269bf563c

Red Hat Enterprise Linux Desktop 5

SRPM
pcre-6.6-2.el5_1.1.src.rpm	SHA-256: 21f10a2c4829fe74fca7eeecaf39f841875aef28262269ba6f5af077d26c362d
x86_64
pcre-6.6-2.el5_1.1.i386.rpm	SHA-256: 76e3d96a7668064e2302dabc34836aebef60940f706f3d06ef3098bf3782479d
pcre-6.6-2.el5_1.1.x86_64.rpm	SHA-256: 3b523cdd10a49680733b9606a04c7b3b0cdec647e798e6af81b4bf93aa0d2c02
i386
pcre-6.6-2.el5_1.1.i386.rpm	SHA-256: 76e3d96a7668064e2302dabc34836aebef60940f706f3d06ef3098bf3782479d

Red Hat Enterprise Linux Desktop 4

SRPM
pcre-4.5-4.el4_5.4.src.rpm	SHA-256: 58ba1089cb491ddc3e4f1d261f9d1b7a2fe508e5102c1e487840e89024ea57ab
x86_64
pcre-4.5-4.el4_5.4.i386.rpm	SHA-256: e686300028500a2ed7c81d303906e9985c1130574975d3b2f7a2e7e91c8616ab
pcre-4.5-4.el4_5.4.x86_64.rpm	SHA-256: 812553b0986c07e40d5fc41a8dc06132379e53916f7c839b2a24cd8763ed6e55
pcre-devel-4.5-4.el4_5.4.x86_64.rpm	SHA-256: 9b3f17e59032ec77f2c1756ef52c7d9768c2856a5719088ad18169735c653d37
i386
pcre-4.5-4.el4_5.4.i386.rpm	SHA-256: e686300028500a2ed7c81d303906e9985c1130574975d3b2f7a2e7e91c8616ab
pcre-devel-4.5-4.el4_5.4.i386.rpm	SHA-256: 36f5354cdc0a016bf83ebfa3377a685a542dfc0698c8370063f97ca269bf563c

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
pcre-6.6-2.el5_1.1.src.rpm	SHA-256: 21f10a2c4829fe74fca7eeecaf39f841875aef28262269ba6f5af077d26c362d
s390x
pcre-6.6-2.el5_1.1.s390.rpm	SHA-256: 6feef6f00060f7951f6e21ee46854d0d50553dad39bcec0428f9c7763978b1fa
pcre-6.6-2.el5_1.1.s390x.rpm	SHA-256: e45d2a27da1703b3e553100b2d1730c477b304d79346d189be654711d954d44b
pcre-devel-6.6-2.el5_1.1.s390.rpm	SHA-256: e07e74b290b388eda9058e6afacfd096f3c0c2aa1979f9b191d254cd0bbb693b
pcre-devel-6.6-2.el5_1.1.s390x.rpm	SHA-256: 96988bb035c3b0ac7fdbd444180eaa6058452884a68a6fc06520962ca4adb52a

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
pcre-4.5-4.el4_5.4.src.rpm	SHA-256: 58ba1089cb491ddc3e4f1d261f9d1b7a2fe508e5102c1e487840e89024ea57ab
s390x
pcre-4.5-4.el4_5.4.s390.rpm	SHA-256: 87d6808eb25cab9ad8baf9e59cf37556962b2aff77293f4e588cf064bf50f932
pcre-4.5-4.el4_5.4.s390x.rpm	SHA-256: 03d505d2d6fe4b74dae909a60183f9059bd53ecf7f37eda292e213464f025829
pcre-devel-4.5-4.el4_5.4.s390x.rpm	SHA-256: c91625da81bec55453a211de025655600b2042453f98844f9a8f5204fc6ceb4f
s390
pcre-4.5-4.el4_5.4.s390.rpm	SHA-256: 87d6808eb25cab9ad8baf9e59cf37556962b2aff77293f4e588cf064bf50f932
pcre-devel-4.5-4.el4_5.4.s390.rpm	SHA-256: a7687f63c8c020a1d71b7a55ab6c480680c1c91ae01de34c68ce5d8613ad2468

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.1

SRPM
s390x

Red Hat Enterprise Linux for Power, big endian 5

SRPM
pcre-6.6-2.el5_1.1.src.rpm	SHA-256: 21f10a2c4829fe74fca7eeecaf39f841875aef28262269ba6f5af077d26c362d
ppc
pcre-6.6-2.el5_1.1.ppc.rpm	SHA-256: 9d838915ab3a8ad86df2d74c2e358c2446f4278e589e03eb16defd6c86b3de65
pcre-6.6-2.el5_1.1.ppc64.rpm	SHA-256: 53fca76442d65a78663094dd8a2c29cd88bd8d5d1e62c7641493b86d25f9bdf3
pcre-devel-6.6-2.el5_1.1.ppc.rpm	SHA-256: 0caf0c82138e5d0b0109145a34a3bc0bc7c640a5738047261e37ff3ec0e91059
pcre-devel-6.6-2.el5_1.1.ppc64.rpm	SHA-256: d15de0c82f6e68c5c3c42ce666102cc426100b2afd846507fe9ce1014708d34e

Red Hat Enterprise Linux for Power, big endian 4

SRPM
pcre-4.5-4.el4_5.4.src.rpm	SHA-256: 58ba1089cb491ddc3e4f1d261f9d1b7a2fe508e5102c1e487840e89024ea57ab
ppc
pcre-4.5-4.el4_5.4.ppc.rpm	SHA-256: bb7dd2a465a9a2c8a88869782f07b0fe9a7db2b66bbc0cccad19f6c81d03219a
pcre-4.5-4.el4_5.4.ppc64.rpm	SHA-256: d1427f193835c7453048811282642f4766d9c1a6712b093fbd0d5bf285d0b253
pcre-devel-4.5-4.el4_5.4.ppc.rpm	SHA-256: 9dd304f4672b449c7fbdf0a016d02750d0130a65df153fe7b715bb29ba155db9

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.1

SRPM
ppc

Red Hat Enterprise Linux Server from RHUI 5

SRPM
pcre-6.6-2.el5_1.1.src.rpm	SHA-256: 21f10a2c4829fe74fca7eeecaf39f841875aef28262269ba6f5af077d26c362d
x86_64
pcre-6.6-2.el5_1.1.i386.rpm	SHA-256: 76e3d96a7668064e2302dabc34836aebef60940f706f3d06ef3098bf3782479d
pcre-6.6-2.el5_1.1.x86_64.rpm	SHA-256: 3b523cdd10a49680733b9606a04c7b3b0cdec647e798e6af81b4bf93aa0d2c02
pcre-devel-6.6-2.el5_1.1.i386.rpm	SHA-256: fff79512cc28e5e05b7018cd6b3d2d49c3af65c7762160169e1d8ebf7b42e132
pcre-devel-6.6-2.el5_1.1.x86_64.rpm	SHA-256: 185ecc061011f6dd4279320549281a900a050b1172352c19422778ed05b3109f
i386
pcre-6.6-2.el5_1.1.i386.rpm	SHA-256: 76e3d96a7668064e2302dabc34836aebef60940f706f3d06ef3098bf3782479d
pcre-devel-6.6-2.el5_1.1.i386.rpm	SHA-256: fff79512cc28e5e05b7018cd6b3d2d49c3af65c7762160169e1d8ebf7b42e132

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation