Home / vulnerabilities

PDF

MDVSA-2008-030.txt

Posted on 01 February 2008
Source : packetstormsecurity.org Link

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:030
http://www.mandriva.com/security/
_______________________________________________________________________

Package : pcre
Date : January 31, 2008
Affected: Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities were discovered by Tavis Ormandy and
Will Drewry in the way that pcre handled certain malformed regular
expressions. If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it could lead to the execution
of arbitrary code as the user running the application.

Updated packages have been patched to prevent this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1659
_______________________________________________________________________

Updated Packages:

Corporate 3.0:
6af12132e0e932020ca394cdcf3d3a06 corporate/3.0/i586/libpcre0-4.5-3.4.C30mdk.i586.rpm
dd9afe15698e99b37f934783762e366d corporate/3.0/i586/libpcre0-devel-4.5-3.4.C30mdk.i586.rpm
278b07fa59e68bdc1a50a117c48d1d31 corporate/3.0/i586/pcre-4.5-3.4.C30mdk.i586.rpm
c8c3d5ccea445fb8f4d70b71b0ca03df corporate/3.0/SRPMS/pcre-4.5-3.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
a891898c4b21b2088f02ca0f6b769cf0 corporate/3.0/x86_64/lib64pcre0-4.5-3.4.C30mdk.x86_64.rpm
4119de7999c3dc01965b3a285839262c corporate/3.0/x86_64/lib64pcre0-devel-4.5-3.4.C30mdk.x86_64.rpm
060b66751095a700fe6cc121a423a6f1 corporate/3.0/x86_64/pcre-4.5-3.4.C30mdk.x86_64.rpm
c8c3d5ccea445fb8f4d70b71b0ca03df corporate/3.0/SRPMS/pcre-4.5-3.4.C30mdk.src.rpm

Multi Network Firewall 2.0:
234f4af314478d52e438785b3350f3d8 mnf/2.0/i586/libpcre0-4.5-3.4.M20mdk.i586.rpm
0bb7eab034f55e8d7704ef043646ea0a mnf/2.0/i586/libpcre0-devel-4.5-3.4.M20mdk.i586.rpm
8056c796cfe2fd4d51e25df9beb075da mnf/2.0/i586/pcre-4.5-3.4.M20mdk.i586.rpm
2d87fce9af8d81c91d86dc81c4fff97b mnf/2.0/SRPMS/pcre-4.5-3.4.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHomkzmqjQ0CJFipgRAjacAKDAL0SNJp1Q6+mDzeljVZuEVjvgfgCfV3GQ
J636Bfy0MTNt3vNvEtVwXaQ=
=oABM
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

 

TOP