Scientific Linux: Important PCRE Security Advisory for i386/x86_64

Dec 03, 2007 •

LinuxSecurity Advisories

1 - 2 min read

Scientific Large Esm H500

Topics Covered

security advisory code execution important pcre scientific linux malicious expressions

Important: pcre security update

Date: Mon, 3 Dec 2007 08:26:17 -0600
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux

From: Troy Dawson 
Subject: Security ERRATA for pcre on SL4.x, SL3.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."

Note: This security errata went out last friday, but I had messed up the
subject line.

Synopsis: Important: pcre security update
Issue date: 2007-11-29
CVE Names: CVE-2006-7225 CVE-2006-7226 CVE-2006-7228
 CVE-2006-7230 CVE-2007-1659 CVE-2007-1660

Flaws were discovered in the way PCRE handles certain malformed regular
expressions. If an application linked against PCRE, such as Konqueror,
parsed a malicious regular expression, it may have been possible to run
arbitrary code as the user running the application. (CVE-2006-7225,
CVE-2006-7226, CVE-2006-7228, CVE-2006-7230, CVE-2007-1660)

SL 3.0.x

 SRPMS:
pcre-3.9-10.4.src.rpm
 i386:
pcre-3.9-10.4.i386.rpm
pcre-devel-3.9-10.4.i386.rpm
 x86_64:
pcre-3.9-10.4.i386.rpm
pcre-3.9-10.4.x86_64.rpm
pcre-devel-3.9-10.4.x86_64.rpm

SL 4.x

 SRPMS:
pcre-4.5-4.el4_6.6.src.rpm
 i386:
pcre-4.5-4.el4_6.6.i386.rpm
pcre-devel-4.5-4.el4_6.6.i386.rpm
 x86_64:
pcre-4.5-4.el4_6.6.i386.rpm
pcre-4.5-4.el4.6.x86_64.rpm
pcre-devel-4.5-4.el4.6.x86_64.rpm

-Connie Sieh
-Troy Dawson

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here