[USN-581-1] PCRE vulnerability
Date: Thu, 21 Feb 2008 16:15:17 -0800
From: Kees Cook <kees@ubuntu.com.>
To: [email protected]
Subject: [USN-581-1] PCRE vulnerability
Message-ID: <20080222001517.GL18547@outflux.net.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="wac7ysb48OaltWcw"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.307 $
X-HELO: www.outflux.net
X-Scanned-By: MIMEDefang 2.57 on 10.2.0.1
X-Virus-Scanned: antivirus-gw at tyumen.ru
--wac7ysb48OaltWcw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
Ubuntu Security Notice USN-581-1 February 21, 2008
pcre3 vulnerability
CVE-2008-0674
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libpcre3 7.4-0ubuntu0.6.06.2
Ubuntu 6.10:
libpcre3 7.4-0ubuntu0.6.10.2
Ubuntu 7.04:
libpcre3 7.4-0ubuntu0.7.04.2
Ubuntu 7.10:
libpcre3 7.4-0ubuntu0.7.10.2
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Details follow:
It was discovered that PCRE did not correctly handle very long strings
containing UTF8 sequences. In certain situations, an attacker could
exploit applications linked against PCRE by tricking a user or automated
system in processing a malicious regular expression leading to a denial
of service or possibly arbitrary code execution.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.=
6.06.2.diff.gz
Size/MD5: 85474 a26fd1f612736924ca75f5ed3eff1110
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.=
6.06.2.dsc
Size/MD5: 619 19e32becc5643dd9f840db767d2df3e1
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4.orig.tar.=
gz
Size/MD5: 1106897 de886b22cddc8eaf620a421d3041ee0b
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pgrep_7.4-0ubun=
tu0.6.06.2_all.deb
Size/MD5: 770 2aaddc4022b1274d5e23d0944b5add3e
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.6.06.2_amd64.deb
Size/MD5: 254882 ce810152d7ce84c914dde8ddd83ee3da
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.6.06.2_amd64.deb
Size/MD5: 198662 204ae1da2eeecf5637259e62995f161d
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.6.06.2_amd64.deb
Size/MD5: 90258 5863807c7290cc84252bb4d1a068da21
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.6.06.2_amd64.deb
Size/MD5: 20344 f79fa8e9db880efac499b85d500b0229
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.6.06.2_i386.deb
Size/MD5: 246520 64c77daa56fe6cd715fca17740afb1a7
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.6.06.2_i386.deb
Size/MD5: 194138 7d22404b34330e7c7d1fe069a6a99feb
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.6.06.2_i386.deb
Size/MD5: 88578 d5d1a1e5b46c75d5354e4ba743232266
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.6.06.2_i386.deb
Size/MD5: 18956 70b6a832804f4d7f257b0e44adfecc07
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.6.06.2_powerpc.deb
Size/MD5: 258710 72dbd0765a3c0d98887e63e118150930
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.6.06.2_powerpc.deb
Size/MD5: 199858 7f88d40576441513e82b874385f3222b
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.6.06.2_powerpc.deb
Size/MD5: 91344 19b5d78aacb9064b0c2ec8ff262fcaf8
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.6.06.2_powerpc.deb
Size/MD5: 21360 2156110f2dcff84d2028803a7f14cdec
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.6.06.2_sparc.deb
Size/MD5: 250172 5c67abd4640d0b7e79ae3a1389924ce8
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.6.06.2_sparc.deb
Size/MD5: 196560 072b620a6a0060d9db75a825889336f0
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.6.06.2_sparc.deb
Size/MD5: 88026 161fe2eb283bcba7f97a3a9df8322354
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.6.06.2_sparc.deb
Size/MD5: 19582 30bedd0dbc84b42613d303709404cfc4
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.=
6.10.2.diff.gz
Size/MD5: 85863 f1496e16dd7bb1e3534a9b37a851c92a
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.=
6.10.2.dsc
Size/MD5: 612 dc58861573c8e05c78bda7adcc3d8ff1
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4.orig.tar.=
gz
Size/MD5: 1106897 de886b22cddc8eaf620a421d3041ee0b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.6.10.2_amd64.deb
Size/MD5: 255286 b1e2b774173e6a42830f4a45abd028c9
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.6.10.2_amd64.deb
Size/MD5: 198588 ab71e507ed730d488d477b7262de120d
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.6.10.2_amd64.deb
Size/MD5: 91090 ba3111fd00286594c8ef771de322a065
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.6.10.2_amd64.deb
Size/MD5: 20384 8f2d1367d7f6d0e1eb49b0ee810756b9
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.6.10.2_i386.deb
Size/MD5: 251014 9a47c65caaf8576c1bb08ce2ec2a5002
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.6.10.2_i386.deb
Size/MD5: 197652 604a7b718c646bc8452a76d3ad65ab9c
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.6.10.2_i386.deb
Size/MD5: 89960 184f8d5bbc8cdbb06f0b3dd326306392
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.6.10.2_i386.deb
Size/MD5: 19426 318423c3d11dd5b39a1a2456ebb1ed09
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.6.10.2_powerpc.deb
Size/MD5: 257680 b4ead2f7839bc8edbb57ae125e0d43f4
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.6.10.2_powerpc.deb
Size/MD5: 198332 bc96bb4e897f2d49d2ac7bea9f29955e
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.6.10.2_powerpc.deb
Size/MD5: 92110 e2b620b1829c35cfcf824704dd1894be
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.6.10.2_powerpc.deb
Size/MD5: 21516 dde642344ae473d596d4c2d8ce0f6d99
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.6.10.2_sparc.deb
Size/MD5: 252384 80bc2708040809e6f779a5225f66ee0d
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.6.10.2_sparc.deb
Size/MD5: 198850 5bb5fa3acaaa64c4ea9522d2557304e6
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.6.10.2_sparc.deb
Size/MD5: 88872 dd4a7815f6ea5a5d4661039ae1233c35
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.6.10.2_sparc.deb
Size/MD5: 20040 1905d94a295212963f2fe06c5d31a8fa
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.=
7.04.2.diff.gz
Size/MD5: 85711 aa9d5e68250f9054e3f6d185c5ae2cfc
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.=
7.04.2.dsc
Size/MD5: 696 259223fa8652218fe4dd4f89a7bc1a6b
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4.orig.tar.=
gz
Size/MD5: 1106897 de886b22cddc8eaf620a421d3041ee0b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.7.04.2_amd64.deb
Size/MD5: 255264 6ec1855e80a40d759a6e165c48b6e684
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.7.04.2_amd64.deb
Size/MD5: 199016 eb1740484bb7a64b744b02158bb20569
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.7.04.2_amd64.deb
Size/MD5: 91568 da28c10e85d93d87890a97302e702567
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.7.04.2_amd64.deb
Size/MD5: 20462 848416b8f428b2671857b64821689681
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.7.04.2_i386.deb
Size/MD5: 250996 8fd77803b31ac1ac90869d6a03308678
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.7.04.2_i386.deb
Size/MD5: 198074 fb3a7b70d7d5a04e038180c874a248f9
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.7.04.2_i386.deb
Size/MD5: 91226 5fa46c245d43c8adf8b59690eebc23c1
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.7.04.2_i386.deb
Size/MD5: 19532 10072390ae05e81df6c4e21cf4b3bc59
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.7.04.2_powerpc.deb
Size/MD5: 257614 3169f6b6702a41a66b45708025f30976
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.7.04.2_powerpc.deb
Size/MD5: 201870 65dfdd99ac33ae438f31aabf7a7e8871
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.7.04.2_powerpc.deb
Size/MD5: 94428 054ca3f3c5669a5f1e83d4c113232c6f
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.7.04.2_powerpc.deb
Size/MD5: 22688 b78f365e84669bae8782a0272703f846
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.7.04.2_sparc.deb
Size/MD5: 252238 c19ce17ca8dba6a6ad45bfc8b929ed0a
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.7.04.2_sparc.deb
Size/MD5: 199508 1ceb258d409213525749d2127dc7a2cf
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.7.04.2_sparc.deb
Size/MD5: 90076 c2ad2f4454f3fd95bfd1cc9ed05888ed
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.7.04.2_sparc.deb
Size/MD5: 20416 bee68b44bf891a20bf31731bc3caa392
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.=
7.10.2.diff.gz
Size/MD5: 14990 dccca7954fa61f4243033a8efa366152
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.=
7.10.2.dsc
Size/MD5: 696 2e1f4c4fc6a96022b37ac245a53ad7fc
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4.orig.tar.=
gz
Size/MD5: 1106897 de886b22cddc8eaf620a421d3041ee0b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.7.10.2_amd64.deb
Size/MD5: 255592 b44ac1d7ee3eda801619e588668aef3a
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.7.10.2_amd64.deb
Size/MD5: 205436 2ecf355cfbd13b7ab1f7395fb273504f
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.7.10.2_amd64.deb
Size/MD5: 91346 24000c6c67b8c14a6d8ef74501644b76
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.7.10.2_amd64.deb
Size/MD5: 20420 6475b93d1121ae863434fad29e3aca1c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.7.10.2_i386.deb
Size/MD5: 251156 882bdea398341d2c6f8d0466b59e2aa0
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.7.10.2_i386.deb
Size/MD5: 204368 46e92681f4fc920900828e50a7d54d8f
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.7.10.2_i386.deb
Size/MD5: 91046 5fbee62bdda8ccd2c97701c4f41b3211
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.7.10.2_i386.deb
Size/MD5: 19490 992b5a17f802782dbcae2f196687cb53
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.7.10.2_powerpc.deb
Size/MD5: 257730 293183c50334597a4db7e1ed982f661e
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.7.10.2_powerpc.deb
Size/MD5: 208190 ccd725262c9596dabe4e04f3d5365a94
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.7.10.2_powerpc.deb
Size/MD5: 94334 79cb63e43998bb4280e3c71083ddd2e3
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.7.10.2_powerpc.deb
Size/MD5: 22652 09a8f510161400f20ca11387ce829b81
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.7.10.2_sparc.deb
Size/MD5: 252410 cd91889202686b92237c8dd545c4fc8c
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.7.10.2_sparc.deb
Size/MD5: 205840 1959f48d05fefc1e165fb735dd71c79e
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.7.10.2_sparc.deb
Size/MD5: 89942 e486bb1b89abcadf59779a95f9d3df2e
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.7.10.2_sparc.deb
Size/MD5: 20370 5c1df294a5fb41270397b0c7d65a2e91
--wac7ysb48OaltWcw
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHvhQVH/9LqRcGPm0RAgwBAJ9N8Iriux+pc36pk6fOVByn43JKkwCglAaB
OCQSj47oglpPWQoEQz1Rh5o=
=WiLE
-----END PGP SIGNATURE-----
--wac7ysb48OaltWcw--