Debian: New pcre3 packages fix arbitrary code execution

    Date19 Feb 2008
    CategoryDebian
    3825
    Posted ByLinuxSecurity Advisories
    It was discovered that specially crafted regular expressions involving codepoints greater than 255 could cause a buffer overflow in the PCRE library (CVE-2008-0674).
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1499-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                           Florian Weimer
    February 19, 2008                     http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : pcre3
    Vulnerability  : buffer overflow
    Problem type   : local (remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2008-0674
    
    It was discovered that specially crafted regular expressions involving
    codepoints greater than 255 could cause a buffer overflow in the PCRE
    library (CVE-2008-0674).
    
    For the stable distribution (etch), this problem has been fixed in
    version 6.7+7.4-3.
    
    For the old stable distribution (sarge), this problem has been fixed in
    version 4.5+7.4-2.
    
    For the unstable distribution, thi problem has been fixed in version
    7.6-1.
    
    We recommend that you upgrade your pcre3 package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5+7.4-2.diff.gz
        Size/MD5 checksum:    99934 750cb82053d0d184e96b6f2256b07259
      http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5+7.4-2.dsc
        Size/MD5 checksum:      883 6d7166721448553dfe9672bdbb6c75c2
      http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5+7.4.orig.tar.gz
        Size/MD5 checksum:  1106897 de886b22cddc8eaf620a421d3041ee0b
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/p/pcre3/pgrep_4.5+7.4-2_all.deb
        Size/MD5 checksum:      764 f45e8c3460a8e966a1de6dd1f8499beb
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_alpha.deb
        Size/MD5 checksum:   191228 b56575e6599f47fceeffbec81ae4badd
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_alpha.deb
        Size/MD5 checksum:   218268 d4c05de57eafe47ffff9d07b84c99cd2
      http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_alpha.deb
        Size/MD5 checksum:    21346 6cb3b9513b0acdc11b2b62524d0c996e
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_amd64.deb
        Size/MD5 checksum:   181858 eaf65286f24f2eda0c5c2b0cf59d2e93
      http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_amd64.deb
        Size/MD5 checksum:    19814 abef692f2c4fd08c8564986bef855f57
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_amd64.deb
        Size/MD5 checksum:   206374 23d917983de3d901cdbc021d707bb6fd
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_arm.deb
        Size/MD5 checksum:   183712 6e6d063b597e869a4a214e5175cfc7b1
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_arm.deb
        Size/MD5 checksum:   209636 164c9c155f8c2704cebfd8798bd8d754
      http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_arm.deb
        Size/MD5 checksum:    19398 d0a3bf731aa86aa6edd0288bf5f2a3d7
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_hppa.deb
        Size/MD5 checksum:   208450 0b05321a818bfb34d17ff2baeaba6601
      http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_hppa.deb
        Size/MD5 checksum:    21022 3ed44e57de9d68aeab7d4da4c40c2eac
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_hppa.deb
        Size/MD5 checksum:   190888 671eb5283ff2527047d4b180ad6aee67
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_i386.deb
        Size/MD5 checksum:   184086 5ad41047b80b2b9846c395e6f452b497
      http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_i386.deb
        Size/MD5 checksum:    19024 ae71a5aa7677abddc6fbb5f1d69315be
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_i386.deb
        Size/MD5 checksum:   206252 06a244ad5aed436a119db629b6f5a469
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_ia64.deb
        Size/MD5 checksum:   228562 f1bc6cb07937b17adb7af5f9186cd7ed
      http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_ia64.deb
        Size/MD5 checksum:    24750 c2340f5c62f546e6fa0bcdb2cbc9bd3e
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_ia64.deb
        Size/MD5 checksum:   211280 1f181575a89a7ca5c2ff145818a08bfc
    
    m68k architecture (Motorola Mc680x0)
    
      http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_m68k.deb
        Size/MD5 checksum:    17968 820d2eb5c5a93f48b05d5cc6368239a6
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_m68k.deb
        Size/MD5 checksum:   172432 6d503aca84a4397c9c3e93462aace3d8
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_m68k.deb
        Size/MD5 checksum:   194352 af6fa0385f2609982e32f007f4c0b168
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_mips.deb
        Size/MD5 checksum:    20102 b354118e316867f1e2517b77a88b69d3
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_mips.deb
        Size/MD5 checksum:   209014 43115bb2e5e08ff0f949faaa3f23d5c1
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_mips.deb
        Size/MD5 checksum:   180848 edaf555cb5ab54f994a62d29c2732428
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_mipsel.deb
        Size/MD5 checksum:   207736 582e76a99b716d86c42e375947466249
      http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_mipsel.deb
        Size/MD5 checksum:    20232 694073304814795f7836178de03ec204
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_mipsel.deb
        Size/MD5 checksum:   181164 abc55dadc11e27d4b2d88d306c01a7be
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_powerpc.deb
        Size/MD5 checksum:    21242 1efd8bde4d3876547974c520e16ad30d
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_powerpc.deb
        Size/MD5 checksum:   213520 3bad72e9cba7e0aaa559596b1b36788c
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_powerpc.deb
        Size/MD5 checksum:   185202 194d3ad7064270d7ab155cfa94ffd7fb
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_s390.deb
        Size/MD5 checksum:   186256 b9f6c83e915fab6c290ca199e28f2d55
      http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_s390.deb
        Size/MD5 checksum:    20148 447d0b6dd101eb01ee72c1e38c48f098
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_s390.deb
        Size/MD5 checksum:   207724 c39055bc8c6a8de74d9de737d44f6f7a
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_sparc.deb
        Size/MD5 checksum:   206280 212fff0a4f257eae567e908e5fb6ee7e
      http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_sparc.deb
        Size/MD5 checksum:    19584 f6e80c15212e07cd031c2d7851f350fd
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_sparc.deb
        Size/MD5 checksum:   182586 2a81eb26be398d300e9a74a6cfd23484
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-3.dsc
        Size/MD5 checksum:      888 b969e265a1471426c7b3570e437a201e
      http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-3.diff.gz
        Size/MD5 checksum:    83543 0dbf05fc511cca922726f1e7f2af763d
      http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4.orig.tar.gz
        Size/MD5 checksum:  1106897 de886b22cddc8eaf620a421d3041ee0b
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_alpha.deb
        Size/MD5 checksum:   209240 a185de00bd04e9957a21a9cadf5fd74c
      http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_alpha.deb
        Size/MD5 checksum:    21038 625de9e5a33263fe3f5f11fab1c5fe8a
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_alpha.deb
        Size/MD5 checksum:   265202 1197b103cad5c42c316319013f8cdb79
      http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_alpha.deb
        Size/MD5 checksum:    90728 3f0620da404f3646eb26e943342e5412
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_amd64.deb
        Size/MD5 checksum:   198458 b260423a6ca31c0b21b95d6fd27c7060
      http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_amd64.deb
        Size/MD5 checksum:    20148 060259ef86fd5a4b343df02ac7e120a3
      http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_amd64.deb
        Size/MD5 checksum:    89872 89ace0cae39660c0f3642713bd02a6e4
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_amd64.deb
        Size/MD5 checksum:   249870 530568e698030731eb4c08c60abb1343
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_arm.deb
        Size/MD5 checksum:    19920 99ea14ce1a6c2972c5f1f2ecbb95f202
      http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_arm.deb
        Size/MD5 checksum:    88864 2fd3ac5b6019856f9b268e2c26aa4f51
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_arm.deb
        Size/MD5 checksum:   198132 13a5814d2cf8a020353dce2a66fc9ed7
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_arm.deb
        Size/MD5 checksum:   243820 3e740955e7559e20cdeaa706ddaa8d17
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_hppa.deb
        Size/MD5 checksum:    92218 53568ec7bfe7bc0f95dd482b5f13a285
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_hppa.deb
        Size/MD5 checksum:   201718 8a28cf65d9bc2f937efab59759af6cc8
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_hppa.deb
        Size/MD5 checksum:   256046 fd479a2655b6a7732f68f8bc00321f07
      http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_hppa.deb
        Size/MD5 checksum:    20728 1604e931db96096ff7a5add991908ad1
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_i386.deb
        Size/MD5 checksum:    19338 a87924cc11bf4f53e5b00219ef3f8a8c
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_i386.deb
        Size/MD5 checksum:   196848 7efe08bf58a6570c3d832d1e842d5342
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_i386.deb
        Size/MD5 checksum:   246880 4ce72015615de07dbaf00be25a52491b
      http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_i386.deb
        Size/MD5 checksum:    89772 2ade3a16f074800ef669ca4680a91cb1
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_ia64.deb
        Size/MD5 checksum:   230590 08a116a70d244c828492c30d2dbbb48e
      http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_ia64.deb
        Size/MD5 checksum:    93758 914e2b8d0f3321f07c013f4345209db8
      http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_ia64.deb
        Size/MD5 checksum:    25656 4bb1c29f4404522b2755625308a20b13
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_ia64.deb
        Size/MD5 checksum:   280542 588310a23aad9f613c7830a2f0b563ef
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_mips.deb
        Size/MD5 checksum:    90442 f9e23ed9d433c0cb8be1af30c5d4b612
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_mips.deb
        Size/MD5 checksum:   253442 96c4033d2a2f739df24d6a024523d8a6
      http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_mips.deb
        Size/MD5 checksum:    20420 4a32411e6f2062a198db3bd3b4446394
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_mips.deb
        Size/MD5 checksum:   198318 72fc0f745b60d9db62e9d0455eb8fb3b
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_mipsel.deb
        Size/MD5 checksum:    90412 1b7cd1ed0d81fe4df0cae8d99def8480
      http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_mipsel.deb
        Size/MD5 checksum:    20448 64f1dfccabd44c59aa5a60fad6c9296f
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_mipsel.deb
        Size/MD5 checksum:   197500 d598271ce0c2decf2aa6d4078beb9b9d
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_mipsel.deb
        Size/MD5 checksum:   252310 9447ded9ce69a2122fe16749b9f5deeb
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_powerpc.deb
        Size/MD5 checksum:   252946 10d0bd9b0d18f05c36a7463a47c4c42a
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_powerpc.deb
        Size/MD5 checksum:   197584 f9150079915d856354f1d356dcc7b240
      http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_powerpc.deb
        Size/MD5 checksum:    92048 7707c55edb19561761ae4829e49184a6
      http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_powerpc.deb
        Size/MD5 checksum:    21266 30e019d1c324c03be716bac909f26dfd
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_s390.deb
        Size/MD5 checksum:    90484 9016792309da7d08f03cdc4929260296
      http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_s390.deb
        Size/MD5 checksum:    20092 ec77abe71ed14b6129ddab73582beee8
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_s390.deb
        Size/MD5 checksum:   199916 beaac240ffda6fce20b4e002e5a1cdbe
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_s390.deb
        Size/MD5 checksum:   248354 bf79866794ae8ad26e6ac5a66d1ed20f
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_sparc.deb
        Size/MD5 checksum:    88690 a0104e54a7281ed10c7f9515f65b0063
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_sparc.deb
        Size/MD5 checksum:   247136 abaea6c7e812a4e4911c46bd8f34a05b
      http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_sparc.deb
        Size/MD5 checksum:   197550 57c76e81b4804a9c3d5f486e9359db9c
      http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_sparc.deb
        Size/MD5 checksum:    19416 5f94f1ce7796dbd46e2b4bdcdf433c82
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.