Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...

[USN-547-1] PCRE vulnerabilities: msg#00011

linux.ubuntu.security.announce

Subject:	[USN-547-1] PCRE vulnerabilities

===========================================================
Ubuntu Security Notice USN-547-1 November 27, 2007
pcre3 vulnerabilities
CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662,
CVE-2007-4766, CVE-2007-4767, CVE-2007-4768
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libpcre3 7.4-0ubuntu0.6.06.1
libpcrecpp0 7.4-0ubuntu0.6.06.1

Ubuntu 6.10:
libpcre3 7.4-0ubuntu0.6.10.1
libpcrecpp0 7.4-0ubuntu0.6.10.1

Ubuntu 7.04:
libpcre3 7.4-0ubuntu0.7.04.1
libpcrecpp0 7.4-0ubuntu0.7.04.1

Ubuntu 7.10:
libpcre3 7.4-0ubuntu0.7.10.1
libpcrecpp0 7.4-0ubuntu0.7.10.1

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Due to the large internal code changes needed to solve outstanding flaws,
it was not possible to backport all the upstream security fixes to the
earlier released versions. To address this, the pcre3 library has been
updated to the latest stable release (7.4), which includes fixes for
all known security issues. While the new version is ABI compatible,
efforts have been taken to maintain behavioral compatibility with the
earlier versions.

Details follow:

Tavis Ormandy and Will Drewry discovered multiple flaws in the regular
expression handling of PCRE. By tricking a user or service into running
specially crafted expressions via applications linked against libpcre3,
a remote attacker could crash the application, monopolize CPU resources,
or possibly execute arbitrary code with the application's privileges.

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.6.06.1.diff.gz
Size/MD5: 79804 404e9d3c5f0f13a5bac7fa99115ad1af

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.6.06.1.dsc
Size/MD5: 619 feb0f718df6ff5f42f1895bcbe6e6c16
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4.orig.tar.gz
Size/MD5: 1106897 de886b22cddc8eaf620a421d3041ee0b

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pgrep_7.4-0ubuntu0.6.06.1_all.deb
Size/MD5: 774 d68b2ef645092b61be193deb856461a0

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 254754 2c35de5f62db0cf07fcc4e4483b42657

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 198544 055a4358bcc65f14a2fddb08611dc0e0

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 90168 7aeacbfc73aba347bb511b7f2ebeee8c

http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 20352 d3ba33a855fd3a0d9895961060ab1735

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0ubuntu0.6.06.1_i386.deb
Size/MD5: 246392 a7111664cb51a414274b41890a25b630

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubuntu0.6.06.1_i386.deb
Size/MD5: 194018 33151d8814634d20f04c4de74d6dcb3d

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ubuntu0.6.06.1_i386.deb
Size/MD5: 88470 0111206d9aa5bbe0e835ee435ba10d3d

http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0ubuntu0.6.06.1_i386.deb
Size/MD5: 18962 2fed65e4956b2869abc8c9ebe13ad9f1

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 258570 877b0f07892df6842ab89465e5dba187

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 199696 88816572a1f48b2ef8ed06f68b8e9a58

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 91244 f7a0b07960c7500b62460ea3be67c0bf

http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 21374 57f2b2873049bec20bef050cde9c95d5

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 250178 bb538eda8d6d2c5e7ed9fa1b51758406

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 196584 55c303aa170dd4ed99b784358ff561f2

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 87906 e4058b0e057b0c53df801b72b9d4ed73

http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 19578 0218527dd1c7b255c63e441314ccc543

Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.6.10.1.diff.gz
Size/MD5: 80152 b83de951145b011f6b75b6d8245ddfa4

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.6.10.1.dsc
Size/MD5: 612 92ec1632360396bafc811a451b22902b
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4.orig.tar.gz
Size/MD5: 1106897 de886b22cddc8eaf620a421d3041ee0b

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0ubuntu0.6.10.1_amd64.deb
Size/MD5: 255118 c399294a293b8f331eab5f0c0e483e30

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubuntu0.6.10.1_amd64.deb
Size/MD5: 198426 3119610ea2b3f9959e05e116f2f91a52

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ubuntu0.6.10.1_amd64.deb
Size/MD5: 90958 d2dbb7110d1ce0e25b645fe8a36e0050

http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0ubuntu0.6.10.1_amd64.deb
Size/MD5: 20378 d42439c81168ec115ae716be8da7de04

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0ubuntu0.6.10.1_i386.deb
Size/MD5: 250882 1c54985f4186baaf1ad01508ab663d27

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubuntu0.6.10.1_i386.deb
Size/MD5: 197528 e684e4dc19bad714f1bdf8f981588025

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ubuntu0.6.10.1_i386.deb
Size/MD5: 89840 67205ab0d2a704c8cd258bbef2ff2e80

http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0ubuntu0.6.10.1_i386.deb
Size/MD5: 19446 aa0b6b900a7c8492b69d7a80f225d0f7

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0ubuntu0.6.10.1_powerpc.deb
Size/MD5: 257610 3b688ce661ccda74848f9c41a4471ea2

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubuntu0.6.10.1_powerpc.deb
Size/MD5: 198242 2dac5f37646c7ff62ffc25131e4856ea

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ubuntu0.6.10.1_powerpc.deb
Size/MD5: 91980 0c57a6930cc2d50c22ab628af10a36f0

http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0ubuntu0.6.10.1_powerpc.deb
Size/MD5: 21508 be9eb52bcc5329ec904940f92e6c81df

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0ubuntu0.6.10.1_sparc.deb
Size/MD5: 252264 e26ebabb3058da2f267a0ccef529b6f4

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubuntu0.6.10.1_sparc.deb
Size/MD5: 198786 3fa031be365964d34fcd50c5d0dcdd84

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ubuntu0.6.10.1_sparc.deb
Size/MD5: 88754 6a5bac9777fa5d70697c60f35d6dab3b

http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0ubuntu0.6.10.1_sparc.deb
Size/MD5: 20026 73d13963312cee1e0b3335a8bf71e160

Updated packages for Ubuntu 7.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.7.04.1.diff.gz
Size/MD5: 80014 4044f7dfba605b537fef90b7a18539e6

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.7.04.1.dsc
Size/MD5: 696 d406e3d25e9ab03e01d53c793df000bc
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4.orig.tar.gz
Size/MD5: 1106897 de886b22cddc8eaf620a421d3041ee0b

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0ubuntu0.7.04.1_amd64.deb
Size/MD5: 255118 9516332360443e3a01614211be382b0e

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubuntu0.7.04.1_amd64.deb
Size/MD5: 198870 395b0a95be52882cf30893368eeb6909

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ubuntu0.7.04.1_amd64.deb
Size/MD5: 91452 e5935ccd7c7ce3e9a4c1ce2001dc36b2

http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0ubuntu0.7.04.1_amd64.deb
Size/MD5: 20464 af243aaa50a5501cce0f200e8a0c7750

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0ubuntu0.7.04.1_i386.deb
Size/MD5: 250856 bb7f5405cfc95892c399bc898b8c86c0

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubuntu0.7.04.1_i386.deb
Size/MD5: 197928 3c68a3a2e4989c1d74fd85919de4bcc9

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ubuntu0.7.04.1_i386.deb
Size/MD5: 91100 6ae343ec05a9857b04f92aa724f843ad

http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0ubuntu0.7.04.1_i386.deb
Size/MD5: 19534 c0f4ffd9a29c6890122a70fb8267c6c0

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0ubuntu0.7.04.1_powerpc.deb
Size/MD5: 257568 7896530f0615dd4c680d4d03f75ba576

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubuntu0.7.04.1_powerpc.deb
Size/MD5: 201742 2f4a75504ff4d87b28576238a8958198

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ubuntu0.7.04.1_powerpc.deb
Size/MD5: 94300 60068d42904cdb54e6f6a5115592cf3b

http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0ubuntu0.7.04.1_powerpc.deb
Size/MD5: 22686 4100af5f9edaf66efe2727ff06bc51d8

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0ubuntu0.7.04.1_sparc.deb
Size/MD5: 252112 d059e10ad36241a1d5a9a508ec735fe0

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubuntu0.7.04.1_sparc.deb
Size/MD5: 199448 3c5b576388d7d2844bcc54c348a4101d

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ubuntu0.7.04.1_sparc.deb
Size/MD5: 89960 abb894a69d08221a90056996187b49f8

http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0ubuntu0.7.04.1_sparc.deb
Size/MD5: 20404 3c4d38c9d2221f5b222c996e2d29102c

Updated packages for Ubuntu 7.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.7.10.1.diff.gz
Size/MD5: 10689 6365e91923f762cb60c0f4f28b8d0460

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.7.10.1.dsc
Size/MD5: 696 b090e57fbe0322b2f41bcc71f948fd7f
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4.orig.tar.gz
Size/MD5: 1106897 de886b22cddc8eaf620a421d3041ee0b

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0ubuntu0.7.10.1_amd64.deb
Size/MD5: 255484 d898fba576450cd6ab06a7847fdb6649

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubuntu0.7.10.1_amd64.deb
Size/MD5: 205306 5b55120ebc3d99bcbe5a6f88ee18cbba

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ubuntu0.7.10.1_amd64.deb
Size/MD5: 91228 c7c5be0cc3beb749681dbe8bfefc5dd6

http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0ubuntu0.7.10.1_amd64.deb
Size/MD5: 20420 f78aba0fafcd102df0514c7db36d77dc

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0ubuntu0.7.10.1_i386.deb
Size/MD5: 251024 e9c2c5baff1728f9935bf391dbee6dca

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubuntu0.7.10.1_i386.deb
Size/MD5: 204256 a5e225e3278e383eabcaa2cec8713161

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ubuntu0.7.10.1_i386.deb
Size/MD5: 90914 0c99fd00bec685fa89f75cb852903b78

http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0ubuntu0.7.10.1_i386.deb
Size/MD5: 19482 2032fe8a6dd6a02a4c2c5d9df052c52f

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0ubuntu0.7.10.1_powerpc.deb
Size/MD5: 257600 2eecf3225a0182b2895c5bd10de2df89

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubuntu0.7.10.1_powerpc.deb
Size/MD5: 208024 e6ea026dd56cd613e13b5028fb49d998

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ubuntu0.7.10.1_powerpc.deb
Size/MD5: 94210 0ee006a42190a404c8d59b3cfd4fffec

http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0ubuntu0.7.10.1_powerpc.deb
Size/MD5: 22656 34ed68af2083e1516cf508c906504705

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0ubuntu0.7.10.1_sparc.deb
Size/MD5: 252250 d38d41d35e77b30acaa020deb3398c10

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubuntu0.7.10.1_sparc.deb
Size/MD5: 205744 b138bf8b4b4f3c89d9f903fbe52f8149

http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ubuntu0.7.10.1_sparc.deb
Size/MD5: 89800 2088854f7c82f267c8e4c40e481109cf

http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0ubuntu0.7.10.1_sparc.deb
Size/MD5: 20364 c6453310b30d9847336b8c092c510138

signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

<Prev in Thread]	Current Thread	[Next in Thread>

Previous by Date:	[USN-546-1] Firefox vulnerabilities, Kees Cook
Next by Date:	[USN-548-1] Pidgin vulnerability, Kees Cook
Previous by Thread:	[USN-546-1] Firefox vulnerabilities, Kees Cook
Next by Thread:	[USN-548-1] Pidgin vulnerability, Kees Cook
Indexes:	[Date] [Thread] [Top] [All Lists]

Recently Viewed:
krysalis.sandbo... web.zope.zwiki/... gnome.apps.gnum... xfree86.newbie/... editors.vim/200... mozilla.enigmai... boot-loaders.gr... network.vnc.ult... redhat.release.... java.geronimo.u... os.netbsd.devel... horde.wicked/20... linux.lsb.discu... ietf.ips/2005-0... alsa.devel/2002... user-groups.lin... package-managem... debian.devel.da... security.cyrus.... video.gstreamer...

Home | blog view | USPTO Patent Archive | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe

Navigation