[ MDVSA-2008:030 ] - Updated pcre packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:030
http://www.mandriva.com/security/
_______________________________________________________________________
Package : pcre
Date : January 31, 2008
Affected: Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities were discovered by Tavis Ormandy and
Will Drewry in the way that pcre handled certain malformed regular
expressions. If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it could lead to the execution
of arbitrary code as the user running the application.
Updated packages have been patched to prevent this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1659
_______________________________________________________________________
Updated Packages:
Corporate 3.0:
6af12132e0e932020ca394cdcf3d3a06
corporate/3.0/i586/libpcre0-4.5-3.4.C30mdk.i586.rpm
dd9afe15698e99b37f934783762e366d
corporate/3.0/i586/libpcre0-devel-4.5-3.4.C30mdk.i586.rpm
278b07fa59e68bdc1a50a117c48d1d31
corporate/3.0/i586/pcre-4.5-3.4.C30mdk.i586.rpm
c8c3d5ccea445fb8f4d70b71b0ca03df
corporate/3.0/SRPMS/pcre-4.5-3.4.C30mdk.src.rpm
Corporate 3.0/X86_64:
a891898c4b21b2088f02ca0f6b769cf0
corporate/3.0/x86_64/lib64pcre0-4.5-3.4.C30mdk.x86_64.rpm
4119de7999c3dc01965b3a285839262c
corporate/3.0/x86_64/lib64pcre0-devel-4.5-3.4.C30mdk.x86_64.rpm
060b66751095a700fe6cc121a423a6f1
corporate/3.0/x86_64/pcre-4.5-3.4.C30mdk.x86_64.rpm
c8c3d5ccea445fb8f4d70b71b0ca03df
corporate/3.0/SRPMS/pcre-4.5-3.4.C30mdk.src.rpm
Multi Network Firewall 2.0:
234f4af314478d52e438785b3350f3d8 mnf/2.0/i586/libpcre0-4.5-3.4.M20mdk.i586.rpm
0bb7eab034f55e8d7704ef043646ea0a
mnf/2.0/i586/libpcre0-devel-4.5-3.4.M20mdk.i586.rpm
8056c796cfe2fd4d51e25df9beb075da mnf/2.0/i586/pcre-4.5-3.4.M20mdk.i586.rpm
2d87fce9af8d81c91d86dc81c4fff97b mnf/2.0/SRPMS/pcre-4.5-3.4.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFHomkzmqjQ0CJFipgRAjacAKDAL0SNJp1Q6+mDzeljVZuEVjvgfgCfV3GQ
J636Bfy0MTNt3vNvEtVwXaQ=
=oABM
-----END PGP SIGNATURE-----