The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-581-1] PCRE vulnerability


<< Previous INDEX Search src / Print Next >>
Date: Thu, 21 Feb 2008 16:15:17 -0800
From: Kees Cook <kees@ubuntu.com.>
To: [email protected]
Subject: [USN-581-1] PCRE vulnerability
Message-ID: <20080222001517.GL18547@outflux.net.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="wac7ysb48OaltWcw"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.307 $
X-HELO: www.outflux.net
X-Scanned-By: MIMEDefang 2.57 on 10.2.0.1
X-Virus-Scanned: antivirus-gw at tyumen.ru


--wac7ysb48OaltWcw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
Ubuntu Security Notice USN-581-1          February 21, 2008
pcre3 vulnerability
CVE-2008-0674
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libpcre3                        7.4-0ubuntu0.6.06.2

Ubuntu 6.10:
  libpcre3                        7.4-0ubuntu0.6.10.2

Ubuntu 7.04:
  libpcre3                        7.4-0ubuntu0.7.04.2

Ubuntu 7.10:
  libpcre3                        7.4-0ubuntu0.7.10.2

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

It was discovered that PCRE did not correctly handle very long strings
containing UTF8 sequences.  In certain situations, an attacker could
exploit applications linked against PCRE by tricking a user or automated
system in processing a malicious regular expression leading to a denial
of service or possibly arbitrary code execution.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.=
6.06.2.diff.gz
      Size/MD5:    85474 a26fd1f612736924ca75f5ed3eff1110
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.=
6.06.2.dsc
      Size/MD5:      619 19e32becc5643dd9f840db767d2df3e1
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4.orig.tar.=
gz
      Size/MD5:  1106897 de886b22cddc8eaf620a421d3041ee0b

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pgrep_7.4-0ubun=
tu0.6.06.2_all.deb
      Size/MD5:      770 2aaddc4022b1274d5e23d0944b5add3e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.6.06.2_amd64.deb
      Size/MD5:   254882 ce810152d7ce84c914dde8ddd83ee3da
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.6.06.2_amd64.deb
      Size/MD5:   198662 204ae1da2eeecf5637259e62995f161d
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.6.06.2_amd64.deb
      Size/MD5:    90258 5863807c7290cc84252bb4d1a068da21
    http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.6.06.2_amd64.deb
      Size/MD5:    20344 f79fa8e9db880efac499b85d500b0229

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.6.06.2_i386.deb
      Size/MD5:   246520 64c77daa56fe6cd715fca17740afb1a7
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.6.06.2_i386.deb
      Size/MD5:   194138 7d22404b34330e7c7d1fe069a6a99feb
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.6.06.2_i386.deb
      Size/MD5:    88578 d5d1a1e5b46c75d5354e4ba743232266
    http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.6.06.2_i386.deb
      Size/MD5:    18956 70b6a832804f4d7f257b0e44adfecc07

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.6.06.2_powerpc.deb
      Size/MD5:   258710 72dbd0765a3c0d98887e63e118150930
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.6.06.2_powerpc.deb
      Size/MD5:   199858 7f88d40576441513e82b874385f3222b
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.6.06.2_powerpc.deb
      Size/MD5:    91344 19b5d78aacb9064b0c2ec8ff262fcaf8
    http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.6.06.2_powerpc.deb
      Size/MD5:    21360 2156110f2dcff84d2028803a7f14cdec

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.6.06.2_sparc.deb
      Size/MD5:   250172 5c67abd4640d0b7e79ae3a1389924ce8
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.6.06.2_sparc.deb
      Size/MD5:   196560 072b620a6a0060d9db75a825889336f0
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.6.06.2_sparc.deb
      Size/MD5:    88026 161fe2eb283bcba7f97a3a9df8322354
    http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.6.06.2_sparc.deb
      Size/MD5:    19582 30bedd0dbc84b42613d303709404cfc4

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.=
6.10.2.diff.gz
      Size/MD5:    85863 f1496e16dd7bb1e3534a9b37a851c92a
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.=
6.10.2.dsc
      Size/MD5:      612 dc58861573c8e05c78bda7adcc3d8ff1
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4.orig.tar.=
gz
      Size/MD5:  1106897 de886b22cddc8eaf620a421d3041ee0b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.6.10.2_amd64.deb
      Size/MD5:   255286 b1e2b774173e6a42830f4a45abd028c9
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.6.10.2_amd64.deb
      Size/MD5:   198588 ab71e507ed730d488d477b7262de120d
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.6.10.2_amd64.deb
      Size/MD5:    91090 ba3111fd00286594c8ef771de322a065
    http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.6.10.2_amd64.deb
      Size/MD5:    20384 8f2d1367d7f6d0e1eb49b0ee810756b9

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.6.10.2_i386.deb
      Size/MD5:   251014 9a47c65caaf8576c1bb08ce2ec2a5002
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.6.10.2_i386.deb
      Size/MD5:   197652 604a7b718c646bc8452a76d3ad65ab9c
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.6.10.2_i386.deb
      Size/MD5:    89960 184f8d5bbc8cdbb06f0b3dd326306392
    http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.6.10.2_i386.deb
      Size/MD5:    19426 318423c3d11dd5b39a1a2456ebb1ed09

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.6.10.2_powerpc.deb
      Size/MD5:   257680 b4ead2f7839bc8edbb57ae125e0d43f4
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.6.10.2_powerpc.deb
      Size/MD5:   198332 bc96bb4e897f2d49d2ac7bea9f29955e
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.6.10.2_powerpc.deb
      Size/MD5:    92110 e2b620b1829c35cfcf824704dd1894be
    http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.6.10.2_powerpc.deb
      Size/MD5:    21516 dde642344ae473d596d4c2d8ce0f6d99

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.6.10.2_sparc.deb
      Size/MD5:   252384 80bc2708040809e6f779a5225f66ee0d
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.6.10.2_sparc.deb
      Size/MD5:   198850 5bb5fa3acaaa64c4ea9522d2557304e6
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.6.10.2_sparc.deb
      Size/MD5:    88872 dd4a7815f6ea5a5d4661039ae1233c35
    http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.6.10.2_sparc.deb
      Size/MD5:    20040 1905d94a295212963f2fe06c5d31a8fa

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.=
7.04.2.diff.gz
      Size/MD5:    85711 aa9d5e68250f9054e3f6d185c5ae2cfc
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.=
7.04.2.dsc
      Size/MD5:      696 259223fa8652218fe4dd4f89a7bc1a6b
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4.orig.tar.=
gz
      Size/MD5:  1106897 de886b22cddc8eaf620a421d3041ee0b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.7.04.2_amd64.deb
      Size/MD5:   255264 6ec1855e80a40d759a6e165c48b6e684
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.7.04.2_amd64.deb
      Size/MD5:   199016 eb1740484bb7a64b744b02158bb20569
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.7.04.2_amd64.deb
      Size/MD5:    91568 da28c10e85d93d87890a97302e702567
    http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.7.04.2_amd64.deb
      Size/MD5:    20462 848416b8f428b2671857b64821689681

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.7.04.2_i386.deb
      Size/MD5:   250996 8fd77803b31ac1ac90869d6a03308678
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.7.04.2_i386.deb
      Size/MD5:   198074 fb3a7b70d7d5a04e038180c874a248f9
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.7.04.2_i386.deb
      Size/MD5:    91226 5fa46c245d43c8adf8b59690eebc23c1
    http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.7.04.2_i386.deb
      Size/MD5:    19532 10072390ae05e81df6c4e21cf4b3bc59

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.7.04.2_powerpc.deb
      Size/MD5:   257614 3169f6b6702a41a66b45708025f30976
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.7.04.2_powerpc.deb
      Size/MD5:   201870 65dfdd99ac33ae438f31aabf7a7e8871
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.7.04.2_powerpc.deb
      Size/MD5:    94428 054ca3f3c5669a5f1e83d4c113232c6f
    http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.7.04.2_powerpc.deb
      Size/MD5:    22688 b78f365e84669bae8782a0272703f846

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.7.04.2_sparc.deb
      Size/MD5:   252238 c19ce17ca8dba6a6ad45bfc8b929ed0a
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.7.04.2_sparc.deb
      Size/MD5:   199508 1ceb258d409213525749d2127dc7a2cf
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.7.04.2_sparc.deb
      Size/MD5:    90076 c2ad2f4454f3fd95bfd1cc9ed05888ed
    http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.7.04.2_sparc.deb
      Size/MD5:    20416 bee68b44bf891a20bf31731bc3caa392

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.=
7.10.2.diff.gz
      Size/MD5:    14990 dccca7954fa61f4243033a8efa366152
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4-0ubuntu0.=
7.10.2.dsc
      Size/MD5:      696 2e1f4c4fc6a96022b37ac245a53ad7fc
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_7.4.orig.tar.=
gz
      Size/MD5:  1106897 de886b22cddc8eaf620a421d3041ee0b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.7.10.2_amd64.deb
      Size/MD5:   255592 b44ac1d7ee3eda801619e588668aef3a
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.7.10.2_amd64.deb
      Size/MD5:   205436 2ecf355cfbd13b7ab1f7395fb273504f
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.7.10.2_amd64.deb
      Size/MD5:    91346 24000c6c67b8c14a6d8ef74501644b76
    http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.7.10.2_amd64.deb
      Size/MD5:    20420 6475b93d1121ae863434fad29e3aca1c

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.7.10.2_i386.deb
      Size/MD5:   251156 882bdea398341d2c6f8d0466b59e2aa0
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.7.10.2_i386.deb
      Size/MD5:   204368 46e92681f4fc920900828e50a7d54d8f
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.7.10.2_i386.deb
      Size/MD5:    91046 5fbee62bdda8ccd2c97701c4f41b3211
    http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.7.10.2_i386.deb
      Size/MD5:    19490 992b5a17f802782dbcae2f196687cb53

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.7.10.2_powerpc.deb
      Size/MD5:   257730 293183c50334597a4db7e1ed982f661e
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.7.10.2_powerpc.deb
      Size/MD5:   208190 ccd725262c9596dabe4e04f3d5365a94
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.7.10.2_powerpc.deb
      Size/MD5:    94334 79cb63e43998bb4280e3c71083ddd2e3
    http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.7.10.2_powerpc.deb
      Size/MD5:    22652 09a8f510161400f20ca11387ce829b81

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_7.4-0u=
buntu0.7.10.2_sparc.deb
      Size/MD5:   252410 cd91889202686b92237c8dd545c4fc8c
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_7.4-0ubunt=
u0.7.10.2_sparc.deb
      Size/MD5:   205840 1959f48d05fefc1e165fb735dd71c79e
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcrecpp0_7.4-0ub=
untu0.7.10.2_sparc.deb
      Size/MD5:    89942 e486bb1b89abcadf59779a95f9d3df2e
    http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_7.4-0u=
buntu0.7.10.2_sparc.deb
      Size/MD5:    20370 5c1df294a5fb41270397b0c7d65a2e91


--wac7ysb48OaltWcw
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHvhQVH/9LqRcGPm0RAgwBAJ9N8Iriux+pc36pk6fOVByn43JKkwCglAaB
OCQSj47oglpPWQoEQz1Rh5o=
=WiLE
-----END PGP SIGNATURE-----

--wac7ysb48OaltWcw--


<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру