Scientific Linux: Important PCRE Security Update for Buffer Overflow Risk

Nov 30, 2007 •

LinuxSecurity Advisories

1 - 2 min read

Scientific Large Esm H500

Topics Covered

security advisory update buffer overflow important malicious code pcre Scientific Linux

Important: pcre security update

Date: Fri, 30 Nov 2007 09:07:34 -0600
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux

From: Troy Dawson 
Subject: Security ERRATA for on SL4.x, SL3.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."

Synopsis:	Important: pcre security update
Issue date:	2007-11-29
CVE Names:	CVE-2006-7225 CVE-2006-7226 CVE-2006-7228
 CVE-2006-7230 CVE-2007-1659 CVE-2007-1660

Flaws were discovered in the way PCRE handles certain malformed regular
expressions. If an application linked against PCRE, such as Konqueror,
parsed a malicious regular expression, it may have been possible to run
arbitrary code as the user running the application. (CVE-2006-7225,
CVE-2006-7226, CVE-2006-7228, CVE-2006-7230, CVE-2007-1660)

SL 3.0.x

 SRPMS:
pcre-3.9-10.4.src.rpm
 i386:
pcre-3.9-10.4.i386.rpm
pcre-devel-3.9-10.4.i386.rpm
 x86_64:
pcre-3.9-10.4.i386.rpm
pcre-3.9-10.4.x86_64.rpm
pcre-devel-3.9-10.4.x86_64.rpm

SL 4.x

 SRPMS:
pcre-4.5-4.el4_6.6.src.rpm
 i386:
pcre-4.5-4.el4_6.6.i386.rpm
pcre-devel-4.5-4.el4_6.6.i386.rpm
 x86_64:
pcre-4.5-4.el4_6.6.i386.rpm
pcre-4.5-4.el4.6.x86_64.rpm
pcre-devel-4.5-4.el4.6.x86_64.rpm

-Connie Sieh
-Troy Dawson
lastline

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here