<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2005:151 - Updated pcre packages fix integer overflow vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           pcre
 Advisory ID:            MDKSA-2005:151
 Date:                   August 25th, 2005

 Affected versions:      10.0, 10.1, 10.2, Corporate 3.0,
                         Corporate Server 2.1,
                         Multi Network Firewall 2.0
 ______________________________________________________________________

 Problem Description:

 Integer overflow in pcre_compile.c in Perl Compatible Regular
 Expressions (PCRE) before 6.2, as used in multiple products, allows
 attackers to execute arbitrary code via quantifier values in regular
 expressions, which leads to a heap-based buffer overflow.
 
 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 309b57502a08710bc746463e40564c2e  10.0/RPMS/libpcre0-4.5-3.1.100mdk.i586.rpm
 a7f390ea8291db6a913db92434ab4fd1  
10.0/RPMS/libpcre0-devel-4.5-3.1.100mdk.i586.rpm
 e7ad5f3caae546bc9f76d90c53d98131  10.0/RPMS/pcre-4.5-3.1.100mdk.i586.rpm
 e832acf199d237eb25869d3e1dd1f3a5  10.0/SRPMS/pcre-4.5-3.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 5ec78978882ae59e235036f463caf728  
amd64/10.0/RPMS/lib64pcre0-4.5-3.1.100mdk.amd64.rpm
 c1ea77b8c96a64de277200642c0f39c4  
amd64/10.0/RPMS/lib64pcre0-devel-4.5-3.1.100mdk.amd64.rpm
 459960f18b926090eccfbae6faa0c84f  amd64/10.0/RPMS/pcre-4.5-3.1.100mdk.amd64.rpm
 e832acf199d237eb25869d3e1dd1f3a5  amd64/10.0/SRPMS/pcre-4.5-3.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 5fb1ddf8ac2ed8bb2268bf3e18b64529  10.1/RPMS/libpcre0-4.5-5.1.101mdk.i586.rpm
 819b1b79f017971f145b8c12b78cc593  
10.1/RPMS/libpcre0-devel-4.5-5.1.101mdk.i586.rpm
 acb97853ce1673ad72027ff5057428c0  10.1/RPMS/pcre-4.5-5.1.101mdk.i586.rpm
 f4a2d968098de33876cc7ad022f4e751  10.1/SRPMS/pcre-4.5-5.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 03249093a10cb990ec3cc5a362924841  
x86_64/10.1/RPMS/lib64pcre0-4.5-5.1.101mdk.x86_64.rpm
 f74eadbea48228c62d1093622c6e9bb9  
x86_64/10.1/RPMS/lib64pcre0-devel-4.5-5.1.101mdk.x86_64.rpm
 1a0c903d0391d7f935786a84d2fa66eb  
x86_64/10.1/RPMS/pcre-4.5-5.1.101mdk.x86_64.rpm
 f4a2d968098de33876cc7ad022f4e751  x86_64/10.1/SRPMS/pcre-4.5-5.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 4b3dcaf88712905c07eb9d1eea48f426  10.2/RPMS/libpcre0-5.0-2.1.102mdk.i586.rpm
 93f5253396e53c95b5aebb79a290957c  
10.2/RPMS/libpcre0-devel-5.0-2.1.102mdk.i586.rpm
 c42b2c321aacd8fc36aaed195aaed054  10.2/RPMS/pcre-5.0-2.1.102mdk.i586.rpm
 c9bd1f6fd2816a6ff02c08533faa700a  10.2/SRPMS/pcre-5.0-2.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 9c16f12aec35bc1d32932ecf478e0672  
x86_64/10.2/RPMS/lib64pcre0-5.0-2.1.102mdk.x86_64.rpm
 93ff357fa977d8a26ac5a4a0ef2b6400  
x86_64/10.2/RPMS/lib64pcre0-devel-5.0-2.1.102mdk.x86_64.rpm
 a2ceb2799814de8984ca6707b497fce5  
x86_64/10.2/RPMS/pcre-5.0-2.1.102mdk.x86_64.rpm
 c9bd1f6fd2816a6ff02c08533faa700a  x86_64/10.2/SRPMS/pcre-5.0-2.1.102mdk.src.rpm

 Multi Network Firewall 2.0:
 39a7d2f6d40af5ca22b7a78607b3217f  mnf/2.0/RPMS/libpcre0-4.5-3.1.M20mdk.i586.rpm
 de30c5803f323b1b124234c21f125b25  mnf/2.0/RPMS/pcre-4.5-3.1.M20mdk.i586.rpm
 6c8e57198db4380e69017f8299ff40e5  mnf/2.0/SRPMS/pcre-4.5-3.1.M20mdk.src.rpm

 Corporate Server 2.1:
 de01932f1bb779c78999762bb5057653  
corporate/2.1/RPMS/libpcre0-3.9-5.1.C21mdk.i586.rpm
 2a7c71195755079fe3eee0fda834a7d9  
corporate/2.1/RPMS/libpcre0-devel-3.9-5.1.C21mdk.i586.rpm
 aae9df225a2bdafa9f60feeb397f5796  
corporate/2.1/RPMS/pcre-3.9-5.1.C21mdk.i586.rpm
 16ff4bcf36bba60143ac847e0ce91cb0  
corporate/2.1/SRPMS/pcre-3.9-5.1.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 d310322b1038159b0270ae62140e8b4c  
x86_64/corporate/2.1/RPMS/libpcre0-3.9-5.1.C21mdk.x86_64.rpm
 7977cc9ab34756f1653e96e996abdfb4  
x86_64/corporate/2.1/RPMS/libpcre0-devel-3.9-5.1.C21mdk.x86_64.rpm
 aad833aca80deac98d7157de58a9ef68  
x86_64/corporate/2.1/RPMS/pcre-3.9-5.1.C21mdk.x86_64.rpm
 16ff4bcf36bba60143ac847e0ce91cb0  
x86_64/corporate/2.1/SRPMS/pcre-3.9-5.1.C21mdk.src.rpm

 Corporate 3.0:
 18dd263d0c809022c870a29899eeb8b3  
corporate/3.0/RPMS/libpcre0-4.5-3.2.C30mdk.i586.rpm
 674b5bba9b87dc2ed6e6fafe9c53abfc  
corporate/3.0/RPMS/libpcre0-devel-4.5-3.2.C30mdk.i586.rpm
 d5df129d1e9d7800e1b9a97cccb96217  
corporate/3.0/RPMS/pcre-4.5-3.2.C30mdk.i586.rpm
 e9f3f1d4a19b0396481871aa0c398c16  
corporate/3.0/SRPMS/pcre-4.5-3.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 a5a97684dac58a4bce9748039c961278  
x86_64/corporate/3.0/RPMS/lib64pcre0-4.5-3.2.C30mdk.x86_64.rpm
 d1dcd3f60940c3165d42b79c631b558d  
x86_64/corporate/3.0/RPMS/lib64pcre0-devel-4.5-3.2.C30mdk.x86_64.rpm
 bc0dae706980d75df70c6080cb1968a4  
x86_64/corporate/3.0/RPMS/pcre-4.5-3.2.C30mdk.x86_64.rpm
 e9f3f1d4a19b0396481871aa0c398c16  
x86_64/corporate/3.0/SRPMS/pcre-4.5-3.2.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDDkpnmqjQ0CJFipgRAu+AAJ4rpwF57tztJVaEmZcskC8xc1QhoQCfaFCK
Co3E1meGMO7bWPtcuVYDSi4=
=JArc
-----END PGP SIGNATURE-----