Debian: New pcre3 packages fix arbitrary code execution

    Date02 Sep 2005
    CategoryDebian
    5842
    Posted ByLinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 800-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    September 2nd, 2005                     http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : pcre3
    Vulnerability  : integer overflow
    Problem-Type   : depends on use
    Debian-specific: no
    CVE ID         : CAN-2005-2491
    BugTraq ID     : 14620
    Debian Bug     : 324531
    
    An integer overflow with subsequent buffer overflow has been detected
    in PCRE, the Perl Compatible Regular Expressions library, which allows
    an attacker to execute arbitrary code.
    
    Since several packages link dynamically to this library you are
    advised to restart the corresponding services or programs
    respectively.  The command ``apt-caches showpkg libpcre3'' will list
    the corresponding packages in the "Reverse Depends:" section.
    
    For the old stable distribution (woody) this problem has been fixed in
    version 3.4-1.1woody1.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 4.5-1.2sarge1.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 6.3-1.
    
    We recommend that you upgrade your libpcre3 package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/p/pcre3/pcre3_3.4-1.1woody1.dsc
          Size/MD5 checksum:      546 f20fefc57bb56bfa6cf32d9c18a7add4
        http://security.debian.org/pool/updates/main/p/pcre3/pcre3_3.4-1.1woody1.diff.gz
          Size/MD5 checksum:    49801 b69439f16a83c75f4afdad1bc87e0983
        http://security.debian.org/pool/updates/main/p/pcre3/pcre3_3.4.orig.tar.gz
          Size/MD5 checksum:   296708 75918d0111f592097939a7b8c490dcd0
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_alpha.deb
          Size/MD5 checksum:    66020 fe9b69946352606036a89ce9c442624e
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_alpha.deb
          Size/MD5 checksum:    62204 c566c04c9588d67cfe27372905b0d10b
        http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_alpha.deb
          Size/MD5 checksum:     5826 68691c08411bf16a238b7bdc7188a6f5
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_arm.deb
          Size/MD5 checksum:    60406 2d6c5ba122757fe453ccb97159839b27
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_arm.deb
          Size/MD5 checksum:    58406 e6478cafa3ba2735f7c8c4ccb9f2d375
        http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_arm.deb
          Size/MD5 checksum:     5276 6d183c6c7b7b3a271608718b1b330abf
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_i386.deb
          Size/MD5 checksum:    58940 2af5e448f2d6fb3cb718be00b12e8dc8
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_i386.deb
          Size/MD5 checksum:    55680 e48ae5ac13350c9069c34883c66689d8
        http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_i386.deb
          Size/MD5 checksum:     5166 cfbed9bcee48a300b5f3342f585c2ea4
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_ia64.deb
          Size/MD5 checksum:    70888 2810af532211a5ff7237faa02f2fa2a2
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_ia64.deb
          Size/MD5 checksum:    65898 ea3ff46a153c3755f9c1fc70555e016d
        http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_ia64.deb
          Size/MD5 checksum:     6614 421f2ed6e492250f4ea7455d0790cc60
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_hppa.deb
          Size/MD5 checksum:    63716 ca76198968a8c301fed26b02ea0fb8ea
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_hppa.deb
          Size/MD5 checksum:    59746 2679d450cd83f08718ee2e825cda2410
        http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_hppa.deb
          Size/MD5 checksum:     5774 e48ac73b088227f326c8f4c1d1328c2a
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_m68k.deb
          Size/MD5 checksum:    57432 cb5f2f533adcf17218d99e48a3cb4faf
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_m68k.deb
          Size/MD5 checksum:    52286 367246afee4ccfa45ce06fdac281bc58
        http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_m68k.deb
          Size/MD5 checksum:     5036 c295511ed7b42ccede3741fece86cad1
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_mips.deb
          Size/MD5 checksum:    60862 0f2c59e735155972eeb95083f6e25bf9
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_mips.deb
          Size/MD5 checksum:    60022 f0566f7dbe6c545108f3d8fd23a41a08
        http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_mips.deb
          Size/MD5 checksum:     5496 af07688fbaf8c7fdccb2835f1096f99a
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_mipsel.deb
          Size/MD5 checksum:    60768 1d8f1b60ff53f23e19ac991789a7d249
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_mipsel.deb
          Size/MD5 checksum:    59722 23d38d0b52b948d47c10a6eb316660d2
        http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_mipsel.deb
          Size/MD5 checksum:     5562 380dcfd8f22af1a34ea063b0844c64e4
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_powerpc.deb
          Size/MD5 checksum:    60780 eaa1b51cef30ed9008eba5eaf669b285
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_powerpc.deb
          Size/MD5 checksum:    62524 516b9b739fb165c07d2c2f44469273f6
        http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_powerpc.deb
          Size/MD5 checksum:     5428 e9cd704387f98d3d3b8218d0b099bda4
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_s390.deb
          Size/MD5 checksum:    59822 1273b0034ce45c9d67b1c9a5ecadd8a4
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_s390.deb
          Size/MD5 checksum:    56730 3eb9e55677ce89c5d830ff7003443ac4
        http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_s390.deb
          Size/MD5 checksum:     5600 ab80c98f176ae54f9ece2b41c9d80263
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_sparc.deb
          Size/MD5 checksum:    59392 cdcd38f84276e1d976d90578a9a558d4
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_sparc.deb
          Size/MD5 checksum:    56750 bc0b0c65125ebfd1c1d6815a09bcb1c8
        http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_sparc.deb
          Size/MD5 checksum:     7864 251068569691247a4beb0d46db1cb789
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5-1.2sarge1.dsc
          Size/MD5 checksum:      595 ac6150d25157f866b2b7f46812a82761
        http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5-1.2sarge1.diff.gz
          Size/MD5 checksum:   186116 fa5cd3f6a8cbcc88bcfd387634d12c66
        http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5.orig.tar.gz
          Size/MD5 checksum:   476057 a58971177114a3b7a5da0e5a89a43c96
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/p/pcre3/pgrep_4.5-1.2sarge1_all.deb
          Size/MD5 checksum:      768 6349e44e476cfb9dfccd483b5bc98cbc
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_alpha.deb
          Size/MD5 checksum:   113688 a7df1688edf447a5df5ef3cf42e20a9b
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_alpha.deb
          Size/MD5 checksum:   113664 72c1450c3510622db54acec47adc0996
        http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_alpha.deb
          Size/MD5 checksum:     9886 8c22637e9341ab909d0588dbd8aa542c
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_amd64.deb
          Size/MD5 checksum:   107126 f79097dfad2a9c3c27d2792aa8e17975
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_amd64.deb
          Size/MD5 checksum:   106884 a29c5174f6bf23d632a4f70b1cb6bab7
        http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_amd64.deb
          Size/MD5 checksum:     9176 ed86973df6a047b0b8279875119795ac
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_arm.deb
          Size/MD5 checksum:   106846 8e2192b4a99f34b431185b638059184e
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_arm.deb
          Size/MD5 checksum:   107464 bf4ace192cd1e4991bbd49004ff345a5
        http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_arm.deb
          Size/MD5 checksum:     8654 194c154e5fd01bae833252fefce48ef8
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_i386.deb
          Size/MD5 checksum:   107806 5462241d0e9cbad6f9385d9e69e63df5
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_i386.deb
          Size/MD5 checksum:   106116 2776119c04627d7e020e0e2a28d829b4
        http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_i386.deb
          Size/MD5 checksum:     8574 9bd58334a575fce0f39ad1b7e96e8bf0
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_ia64.deb
          Size/MD5 checksum:   126468 2fb6d844c1816f86fbdc180ec874458c
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_ia64.deb
          Size/MD5 checksum:   119958 27a1b846fc9d4549bc7d56acbebc4701
        http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_ia64.deb
          Size/MD5 checksum:    11156 0e05c09a9156c1649451dc04cc1a403b
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_hppa.deb
          Size/MD5 checksum:   112270 d872b9d73852c5cdaee9e7b99dfd4a8c
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_hppa.deb
          Size/MD5 checksum:   108640 21a814ece299a9d9dd73878f17703805
        http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_hppa.deb
          Size/MD5 checksum:     9740 ab0261190a75ac0893dbd0d83a0d075e
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_m68k.deb
          Size/MD5 checksum:   101580 6ba0f48fa1a5d58b76d098b09233dda1
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_m68k.deb
          Size/MD5 checksum:    99358 150bf88d39a8627940a05e1e06ae325b
        http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_m68k.deb
          Size/MD5 checksum:     8320 ac81c73b5d96c61343eaee5a30db045c
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_mips.deb
          Size/MD5 checksum:   106808 4330ce6ef2dbe3e74930912b5d842091
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_mips.deb
          Size/MD5 checksum:   108422 b4b532ddd12affa682bc873befdaf8ff
        http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_mips.deb
          Size/MD5 checksum:     9498 159f69ee0f42193545774a6c6fa582ee
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_mipsel.deb
          Size/MD5 checksum:   106908 cdcbdcbc499046f5d735d4e9edd6f7ae
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_mipsel.deb
          Size/MD5 checksum:   107774 5b495d916e35f1b2f46aca316f981c17
        http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_mipsel.deb
          Size/MD5 checksum:     9546 dfa799043e392273ed76cf5659b6498a
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_powerpc.deb
          Size/MD5 checksum:   110010 d91eb03e18c0f7d124505c671103fce0
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_powerpc.deb
          Size/MD5 checksum:   111210 9b32b4685b49562d3c8183bb9246c392
        http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_powerpc.deb
          Size/MD5 checksum:    10678 1548bafd11e8b283627f16dbb977f5be
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_s390.deb
          Size/MD5 checksum:   107654 f10b8fe1fa1dd19948f3d286807ce553
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_s390.deb
          Size/MD5 checksum:   106998 d76769f32c87ea11bfd71e585d6de219
        http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_s390.deb
          Size/MD5 checksum:     9364 69d17cd7d354048f2e8e972b7a15987e
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_sparc.deb
          Size/MD5 checksum:   105100 3598c03dd322930154071e6a5e8209e5
        http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_sparc.deb
          Size/MD5 checksum:   105458 f47f0ca4d4db2a948db936d56831a0aa
        http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_sparc.deb
          Size/MD5 checksum:     8728 b8877f4ed857346920c2773047efc821
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.