- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Important: pcre security update
Advisory ID:       RHSA-2007:1068-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2007:1068.html
Issue date:        2007-11-29
Updated on:        2007-11-29
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-7225 CVE-2006-7226 CVE-2006-7228 
                   CVE-2006-7230 CVE-2007-1659 
- ---------------------------------------------------------------------1. Summary:

Updated pcre packages that resolve several security issues are now
available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

PCRE is a Perl-compatible regular expression library.

Flaws were discovered in the way PCRE handles certain malformed regular
expressions. If an application linked against PCRE, such as Konqueror,
parses a malicious regular expression, it may have been possible to run
arbitrary code as the user running the application.
(CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659)

Users of PCRE are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.

Red Hat would like to thank Ludwig Nussel for reporting these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at

5. Bug IDs fixed (http://bugzilla.redhat.com/):

315871 - CVE-2007-1659 pcre regular expression flaws
383371 - CVE-2006-7228 pcre integer overflow
384761 - CVE-2006-7225 pcre miscalculation of memory requirements for malformed Posix character class
384781 - CVE-2006-7226 pcre miscalculation of memory requirements for repeated subpattern containing a named recursion or subroutine reference
384801 - CVE-2006-7230 pcre miscalculation of memory requirements if options are changed during pattern compilation

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
3fc0fdaf84b06cdf5788640cff0026f6  pcre-4.5-4.el4_6.6.src.rpm

i386:
2fc7dcfeab667b57d6cd72b3900e23e4  pcre-4.5-4.el4_6.6.i386.rpm
1792b64ed883f57a999ed859b9a9e554  pcre-debuginfo-4.5-4.el4_6.6.i386.rpm
9965f80d4d5ab3b571ab3c3cc9898990  pcre-devel-4.5-4.el4_6.6.i386.rpm

ia64:
2fc7dcfeab667b57d6cd72b3900e23e4  pcre-4.5-4.el4_6.6.i386.rpm
33f4eab971ef408facd1641eabaa467a  pcre-4.5-4.el4_6.6.ia64.rpm
1792b64ed883f57a999ed859b9a9e554  pcre-debuginfo-4.5-4.el4_6.6.i386.rpm
e5a27c2bddd2644641b1ad235508fbda  pcre-debuginfo-4.5-4.el4_6.6.ia64.rpm
6dfe274bd09371d8e0de10c5cc92bc26  pcre-devel-4.5-4.el4_6.6.ia64.rpm

ppc:
47acc99aadd1698c477beb54465e13f9  pcre-4.5-4.el4_6.6.ppc.rpm
c7bc58a2b1b45cba707f6e32f6b5182b  pcre-4.5-4.el4_6.6.ppc64.rpm
91d3d8000f09f9f3c8da971773718f24  pcre-debuginfo-4.5-4.el4_6.6.ppc.rpm
3efa974cd8f22041f71552ae295fc477  pcre-debuginfo-4.5-4.el4_6.6.ppc64.rpm
ffc58e305b91c427bab0f1d536bf8e3a  pcre-devel-4.5-4.el4_6.6.ppc.rpm

s390:
db4e05d53ed8fb12030d2f6684d9d869  pcre-4.5-4.el4_6.6.s390.rpm
4c60f3a6fa76de879ace31d7c635b68f  pcre-debuginfo-4.5-4.el4_6.6.s390.rpm
28d5cef76bf6ad728e777cd80e0e6628  pcre-devel-4.5-4.el4_6.6.s390.rpm

s390x:
db4e05d53ed8fb12030d2f6684d9d869  pcre-4.5-4.el4_6.6.s390.rpm
934cdcaa114cd70bf10f089fff41fea1  pcre-4.5-4.el4_6.6.s390x.rpm
4c60f3a6fa76de879ace31d7c635b68f  pcre-debuginfo-4.5-4.el4_6.6.s390.rpm
fc3a110b4cd548dc04590636f57c28ea  pcre-debuginfo-4.5-4.el4_6.6.s390x.rpm
f8589e25f1c60407ae174a941b3fa51f  pcre-devel-4.5-4.el4_6.6.s390x.rpm

x86_64:
2fc7dcfeab667b57d6cd72b3900e23e4  pcre-4.5-4.el4_6.6.i386.rpm
5ec42946ee8eea49029ff7b06ee58234  pcre-4.5-4.el4_6.6.x86_64.rpm
1792b64ed883f57a999ed859b9a9e554  pcre-debuginfo-4.5-4.el4_6.6.i386.rpm
d39e0bdc461577451e10a9d855e6fc73  pcre-debuginfo-4.5-4.el4_6.6.x86_64.rpm
d2464456a160a001ee8810a35235b3ae  pcre-devel-4.5-4.el4_6.6.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
3fc0fdaf84b06cdf5788640cff0026f6  pcre-4.5-4.el4_6.6.src.rpm

i386:
2fc7dcfeab667b57d6cd72b3900e23e4  pcre-4.5-4.el4_6.6.i386.rpm
1792b64ed883f57a999ed859b9a9e554  pcre-debuginfo-4.5-4.el4_6.6.i386.rpm
9965f80d4d5ab3b571ab3c3cc9898990  pcre-devel-4.5-4.el4_6.6.i386.rpm

x86_64:
2fc7dcfeab667b57d6cd72b3900e23e4  pcre-4.5-4.el4_6.6.i386.rpm
5ec42946ee8eea49029ff7b06ee58234  pcre-4.5-4.el4_6.6.x86_64.rpm
1792b64ed883f57a999ed859b9a9e554  pcre-debuginfo-4.5-4.el4_6.6.i386.rpm
d39e0bdc461577451e10a9d855e6fc73  pcre-debuginfo-4.5-4.el4_6.6.x86_64.rpm
d2464456a160a001ee8810a35235b3ae  pcre-devel-4.5-4.el4_6.6.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
3fc0fdaf84b06cdf5788640cff0026f6  pcre-4.5-4.el4_6.6.src.rpm

i386:
2fc7dcfeab667b57d6cd72b3900e23e4  pcre-4.5-4.el4_6.6.i386.rpm
1792b64ed883f57a999ed859b9a9e554  pcre-debuginfo-4.5-4.el4_6.6.i386.rpm
9965f80d4d5ab3b571ab3c3cc9898990  pcre-devel-4.5-4.el4_6.6.i386.rpm

ia64:
2fc7dcfeab667b57d6cd72b3900e23e4  pcre-4.5-4.el4_6.6.i386.rpm
33f4eab971ef408facd1641eabaa467a  pcre-4.5-4.el4_6.6.ia64.rpm
1792b64ed883f57a999ed859b9a9e554  pcre-debuginfo-4.5-4.el4_6.6.i386.rpm
e5a27c2bddd2644641b1ad235508fbda  pcre-debuginfo-4.5-4.el4_6.6.ia64.rpm
6dfe274bd09371d8e0de10c5cc92bc26  pcre-devel-4.5-4.el4_6.6.ia64.rpm

x86_64:
2fc7dcfeab667b57d6cd72b3900e23e4  pcre-4.5-4.el4_6.6.i386.rpm
5ec42946ee8eea49029ff7b06ee58234  pcre-4.5-4.el4_6.6.x86_64.rpm
1792b64ed883f57a999ed859b9a9e554  pcre-debuginfo-4.5-4.el4_6.6.i386.rpm
d39e0bdc461577451e10a9d855e6fc73  pcre-debuginfo-4.5-4.el4_6.6.x86_64.rpm
d2464456a160a001ee8810a35235b3ae  pcre-devel-4.5-4.el4_6.6.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
3fc0fdaf84b06cdf5788640cff0026f6  pcre-4.5-4.el4_6.6.src.rpm

i386:
2fc7dcfeab667b57d6cd72b3900e23e4  pcre-4.5-4.el4_6.6.i386.rpm
1792b64ed883f57a999ed859b9a9e554  pcre-debuginfo-4.5-4.el4_6.6.i386.rpm
9965f80d4d5ab3b571ab3c3cc9898990  pcre-devel-4.5-4.el4_6.6.i386.rpm

ia64:
2fc7dcfeab667b57d6cd72b3900e23e4  pcre-4.5-4.el4_6.6.i386.rpm
33f4eab971ef408facd1641eabaa467a  pcre-4.5-4.el4_6.6.ia64.rpm
1792b64ed883f57a999ed859b9a9e554  pcre-debuginfo-4.5-4.el4_6.6.i386.rpm
e5a27c2bddd2644641b1ad235508fbda  pcre-debuginfo-4.5-4.el4_6.6.ia64.rpm
6dfe274bd09371d8e0de10c5cc92bc26  pcre-devel-4.5-4.el4_6.6.ia64.rpm

x86_64:
2fc7dcfeab667b57d6cd72b3900e23e4  pcre-4.5-4.el4_6.6.i386.rpm
5ec42946ee8eea49029ff7b06ee58234  pcre-4.5-4.el4_6.6.x86_64.rpm
1792b64ed883f57a999ed859b9a9e554  pcre-debuginfo-4.5-4.el4_6.6.i386.rpm
d39e0bdc461577451e10a9d855e6fc73  pcre-debuginfo-4.5-4.el4_6.6.x86_64.rpm
d2464456a160a001ee8810a35235b3ae  pcre-devel-4.5-4.el4_6.6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1659
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.

RedHat: Important: pcre security update RHSA-2007:1068-01

Updated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 4

Summary



Summary

PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parses a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659) Users of PCRE are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Red Hat would like to thank Ludwig Nussel for reporting these issues.


Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at
5. Bug IDs fixed (http://bugzilla.redhat.com/):
315871 - CVE-2007-1659 pcre regular expression flaws 383371 - CVE-2006-7228 pcre integer overflow 384761 - CVE-2006-7225 pcre miscalculation of memory requirements for malformed Posix character class 384781 - CVE-2006-7226 pcre miscalculation of memory requirements for repeated subpattern containing a named recursion or subroutine reference 384801 - CVE-2006-7230 pcre miscalculation of memory requirements if options are changed during pattern compilation
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS: 3fc0fdaf84b06cdf5788640cff0026f6 pcre-4.5-4.el4_6.6.src.rpm
i386: 2fc7dcfeab667b57d6cd72b3900e23e4 pcre-4.5-4.el4_6.6.i386.rpm 1792b64ed883f57a999ed859b9a9e554 pcre-debuginfo-4.5-4.el4_6.6.i386.rpm 9965f80d4d5ab3b571ab3c3cc9898990 pcre-devel-4.5-4.el4_6.6.i386.rpm
ia64: 2fc7dcfeab667b57d6cd72b3900e23e4 pcre-4.5-4.el4_6.6.i386.rpm 33f4eab971ef408facd1641eabaa467a pcre-4.5-4.el4_6.6.ia64.rpm 1792b64ed883f57a999ed859b9a9e554 pcre-debuginfo-4.5-4.el4_6.6.i386.rpm e5a27c2bddd2644641b1ad235508fbda pcre-debuginfo-4.5-4.el4_6.6.ia64.rpm 6dfe274bd09371d8e0de10c5cc92bc26 pcre-devel-4.5-4.el4_6.6.ia64.rpm
ppc: 47acc99aadd1698c477beb54465e13f9 pcre-4.5-4.el4_6.6.ppc.rpm c7bc58a2b1b45cba707f6e32f6b5182b pcre-4.5-4.el4_6.6.ppc64.rpm 91d3d8000f09f9f3c8da971773718f24 pcre-debuginfo-4.5-4.el4_6.6.ppc.rpm 3efa974cd8f22041f71552ae295fc477 pcre-debuginfo-4.5-4.el4_6.6.ppc64.rpm ffc58e305b91c427bab0f1d536bf8e3a pcre-devel-4.5-4.el4_6.6.ppc.rpm
s390: db4e05d53ed8fb12030d2f6684d9d869 pcre-4.5-4.el4_6.6.s390.rpm 4c60f3a6fa76de879ace31d7c635b68f pcre-debuginfo-4.5-4.el4_6.6.s390.rpm 28d5cef76bf6ad728e777cd80e0e6628 pcre-devel-4.5-4.el4_6.6.s390.rpm
s390x: db4e05d53ed8fb12030d2f6684d9d869 pcre-4.5-4.el4_6.6.s390.rpm 934cdcaa114cd70bf10f089fff41fea1 pcre-4.5-4.el4_6.6.s390x.rpm 4c60f3a6fa76de879ace31d7c635b68f pcre-debuginfo-4.5-4.el4_6.6.s390.rpm fc3a110b4cd548dc04590636f57c28ea pcre-debuginfo-4.5-4.el4_6.6.s390x.rpm f8589e25f1c60407ae174a941b3fa51f pcre-devel-4.5-4.el4_6.6.s390x.rpm
x86_64: 2fc7dcfeab667b57d6cd72b3900e23e4 pcre-4.5-4.el4_6.6.i386.rpm 5ec42946ee8eea49029ff7b06ee58234 pcre-4.5-4.el4_6.6.x86_64.rpm 1792b64ed883f57a999ed859b9a9e554 pcre-debuginfo-4.5-4.el4_6.6.i386.rpm d39e0bdc461577451e10a9d855e6fc73 pcre-debuginfo-4.5-4.el4_6.6.x86_64.rpm d2464456a160a001ee8810a35235b3ae pcre-devel-4.5-4.el4_6.6.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: 3fc0fdaf84b06cdf5788640cff0026f6 pcre-4.5-4.el4_6.6.src.rpm
i386: 2fc7dcfeab667b57d6cd72b3900e23e4 pcre-4.5-4.el4_6.6.i386.rpm 1792b64ed883f57a999ed859b9a9e554 pcre-debuginfo-4.5-4.el4_6.6.i386.rpm 9965f80d4d5ab3b571ab3c3cc9898990 pcre-devel-4.5-4.el4_6.6.i386.rpm
x86_64: 2fc7dcfeab667b57d6cd72b3900e23e4 pcre-4.5-4.el4_6.6.i386.rpm 5ec42946ee8eea49029ff7b06ee58234 pcre-4.5-4.el4_6.6.x86_64.rpm 1792b64ed883f57a999ed859b9a9e554 pcre-debuginfo-4.5-4.el4_6.6.i386.rpm d39e0bdc461577451e10a9d855e6fc73 pcre-debuginfo-4.5-4.el4_6.6.x86_64.rpm d2464456a160a001ee8810a35235b3ae pcre-devel-4.5-4.el4_6.6.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: 3fc0fdaf84b06cdf5788640cff0026f6 pcre-4.5-4.el4_6.6.src.rpm
i386: 2fc7dcfeab667b57d6cd72b3900e23e4 pcre-4.5-4.el4_6.6.i386.rpm 1792b64ed883f57a999ed859b9a9e554 pcre-debuginfo-4.5-4.el4_6.6.i386.rpm 9965f80d4d5ab3b571ab3c3cc9898990 pcre-devel-4.5-4.el4_6.6.i386.rpm
ia64: 2fc7dcfeab667b57d6cd72b3900e23e4 pcre-4.5-4.el4_6.6.i386.rpm 33f4eab971ef408facd1641eabaa467a pcre-4.5-4.el4_6.6.ia64.rpm 1792b64ed883f57a999ed859b9a9e554 pcre-debuginfo-4.5-4.el4_6.6.i386.rpm e5a27c2bddd2644641b1ad235508fbda pcre-debuginfo-4.5-4.el4_6.6.ia64.rpm 6dfe274bd09371d8e0de10c5cc92bc26 pcre-devel-4.5-4.el4_6.6.ia64.rpm
x86_64: 2fc7dcfeab667b57d6cd72b3900e23e4 pcre-4.5-4.el4_6.6.i386.rpm 5ec42946ee8eea49029ff7b06ee58234 pcre-4.5-4.el4_6.6.x86_64.rpm 1792b64ed883f57a999ed859b9a9e554 pcre-debuginfo-4.5-4.el4_6.6.i386.rpm d39e0bdc461577451e10a9d855e6fc73 pcre-debuginfo-4.5-4.el4_6.6.x86_64.rpm d2464456a160a001ee8810a35235b3ae pcre-devel-4.5-4.el4_6.6.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: 3fc0fdaf84b06cdf5788640cff0026f6 pcre-4.5-4.el4_6.6.src.rpm
i386: 2fc7dcfeab667b57d6cd72b3900e23e4 pcre-4.5-4.el4_6.6.i386.rpm 1792b64ed883f57a999ed859b9a9e554 pcre-debuginfo-4.5-4.el4_6.6.i386.rpm 9965f80d4d5ab3b571ab3c3cc9898990 pcre-devel-4.5-4.el4_6.6.i386.rpm
ia64: 2fc7dcfeab667b57d6cd72b3900e23e4 pcre-4.5-4.el4_6.6.i386.rpm 33f4eab971ef408facd1641eabaa467a pcre-4.5-4.el4_6.6.ia64.rpm 1792b64ed883f57a999ed859b9a9e554 pcre-debuginfo-4.5-4.el4_6.6.i386.rpm e5a27c2bddd2644641b1ad235508fbda pcre-debuginfo-4.5-4.el4_6.6.ia64.rpm 6dfe274bd09371d8e0de10c5cc92bc26 pcre-devel-4.5-4.el4_6.6.ia64.rpm
x86_64: 2fc7dcfeab667b57d6cd72b3900e23e4 pcre-4.5-4.el4_6.6.i386.rpm 5ec42946ee8eea49029ff7b06ee58234 pcre-4.5-4.el4_6.6.x86_64.rpm 1792b64ed883f57a999ed859b9a9e554 pcre-debuginfo-4.5-4.el4_6.6.i386.rpm d39e0bdc461577451e10a9d855e6fc73 pcre-debuginfo-4.5-4.el4_6.6.x86_64.rpm d2464456a160a001ee8810a35235b3ae pcre-devel-4.5-4.el4_6.6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7225 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7230 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1659 http://www.redhat.com/security/updates/classification/#important

Package List


Severity
Advisory ID: RHSA-2007:1068-01
Advisory URL: https://access.redhat.com/errata/RHSA-2007:1068.html
Issued Date: : 2007-11-29
Updated on: 2007-11-29
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-7225 CVE-2006-7226 CVE-2006-7228 CVE-2006-7230 CVE-2007-1659 Updated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.

Topic


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64


Bugs Fixed


Related News

21.Globe RadiatingCode Esm H320
2 - 3 min read
The recent discovery of a backdoor in XZ Utils , a widely used Linux tool, raises concerns about the security of the open-source ecosystem. While
13.Lock StylizedMotherboard Esm H320
1 - 2 min read
Spiral Linux is a Debian-based distribution that offers a range of desktop environments, making it stand out from other Linux distributions. In
32.Lock Code Circular Esm H320
2 - 3 min read
Two critical security vulnerabilities were found in pgAdmin, the open-source administration tool for PostgreSQL . The vulnerabilities assigned
1.Penguin Landscape Esm H320
2 - 3 min read
The recent release of AlmaLinux 9.4 , closely aligned with Red Hat Enterprise Linux (RHEL) 9.4 , presents Linux admins and infosec professionals
11.Locks IsometricPattern Esm H320
2 - 3 min read
The upcoming release of Linux Mint 22 will introduce significant changes, particularly in handling XApp , GNOME applications, and the Software
2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved