Red Hat 9062 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: pcre security update
Advisory ID: RHSA-2005:761-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-761.html
Issue date: 2005-09-08
Updated on: 2005-09-08
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-2491
- ---------------------------------------------------------------------

1. Summary:

Updated pcre packages are now available to correct a security issue.

This update has been rated as having moderate security impact by the
Red Hat Security Response Team

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

PCRE is a Perl-compatible regular expression library.

An integer overflow flaw was found in PCRE, triggered by a maliciously
crafted regular expression. On systems that accept arbitrary regular
expressions from untrusted users, this could be exploited to execute
arbitrary code with the privileges of the application using the library.
The Common Vulnerabilities and Exposures project assigned the name
CAN-2005-2491 to this issue.

The security impact of this issue varies depending on the way that
applications make use of PCRE. For example, the Apache web server uses the
system PCRE library in order to parse regular expressions, but this flaw
would only allow a user who already has the ability to write .htaccess
files to gain 'apache' privileges. For applications supplied with Red Hat
Enterprise Linux, a maximum security impact of moderate has been assigned.

Users should update to these erratum packages that contain a backported
patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

After updating you will need to restart all services that use the system
PCRE library. This can be done manually or by rebooting your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

166330 - CAN-2005-2491 PCRE heap overflow


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/pcre-3.4-2.2.src.rpm
2fe96f7440e58dd2bf4a55ee451f3d39 pcre-3.4-2.2.src.rpm

i386:
12129fa5f54f8f5916ede338b189aa0a pcre-3.4-2.2.i386.rpm
d07c334a30b6d2294b3976f49e593e03 pcre-devel-3.4-2.2.i386.rpm

ia64:
ea95b853cc42dd45b659010847effd65 pcre-3.4-2.2.ia64.rpm
1fd6f118be4f11bf61246d81a071a9bb pcre-devel-3.4-2.2.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/pcre-3.4-2.2.src.rpm
2fe96f7440e58dd2bf4a55ee451f3d39 pcre-3.4-2.2.src.rpm

ia64:
ea95b853cc42dd45b659010847effd65 pcre-3.4-2.2.ia64.rpm
1fd6f118be4f11bf61246d81a071a9bb pcre-devel-3.4-2.2.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/pcre-3.4-2.2.src.rpm
2fe96f7440e58dd2bf4a55ee451f3d39 pcre-3.4-2.2.src.rpm

i386:
12129fa5f54f8f5916ede338b189aa0a pcre-3.4-2.2.i386.rpm
d07c334a30b6d2294b3976f49e593e03 pcre-devel-3.4-2.2.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/pcre-3.4-2.2.src.rpm
2fe96f7440e58dd2bf4a55ee451f3d39 pcre-3.4-2.2.src.rpm

i386:
12129fa5f54f8f5916ede338b189aa0a pcre-3.4-2.2.i386.rpm
d07c334a30b6d2294b3976f49e593e03 pcre-devel-3.4-2.2.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/pcre-3.9-10.2.src.rpm
587ab1e44061fafb3a4a29d4533d6c0a pcre-3.9-10.2.src.rpm

i386:
4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm
769958cd03a22d82e79008f292b3fdb3 pcre-devel-3.9-10.2.i386.rpm

ia64:
4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm
0c974951ac22c79bd637af7248529a0f pcre-3.9-10.2.ia64.rpm
7a42e3ae5f7881a5217542c8d440e17b pcre-devel-3.9-10.2.ia64.rpm

ppc:
7eaf9c1a30bbbf85e96e1d5046dfd12a pcre-3.9-10.2.ppc.rpm
d154acf6a5e613905022b273395784e1 pcre-3.9-10.2.ppc64.rpm
542c1342632c67fc040f42ba8cd0a9d6 pcre-devel-3.9-10.2.ppc.rpm

s390:
6708bc5e0b5965151c2e5c6b92c3c184 pcre-3.9-10.2.s390.rpm
f3f58299cd1652392a2ba82d5cf9e1c9 pcre-devel-3.9-10.2.s390.rpm

s390x:
6708bc5e0b5965151c2e5c6b92c3c184 pcre-3.9-10.2.s390.rpm
84626e37f2d5a1015f9c81d4cb908cd9 pcre-3.9-10.2.s390x.rpm
9a31dd113f2aa99d979881881cb1fc82 pcre-devel-3.9-10.2.s390x.rpm

x86_64:
4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm
635232acaa561ea9a5c649ef98ea209b pcre-3.9-10.2.x86_64.rpm
eda6e9d9752e1224cb31f645d34fd938 pcre-devel-3.9-10.2.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/pcre-3.9-10.2.src.rpm
587ab1e44061fafb3a4a29d4533d6c0a pcre-3.9-10.2.src.rpm

i386:
4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm
769958cd03a22d82e79008f292b3fdb3 pcre-devel-3.9-10.2.i386.rpm

x86_64:
4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm
635232acaa561ea9a5c649ef98ea209b pcre-3.9-10.2.x86_64.rpm
eda6e9d9752e1224cb31f645d34fd938 pcre-devel-3.9-10.2.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/pcre-3.9-10.2.src.rpm
587ab1e44061fafb3a4a29d4533d6c0a pcre-3.9-10.2.src.rpm

i386:
4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm
769958cd03a22d82e79008f292b3fdb3 pcre-devel-3.9-10.2.i386.rpm

ia64:
4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm
0c974951ac22c79bd637af7248529a0f pcre-3.9-10.2.ia64.rpm
7a42e3ae5f7881a5217542c8d440e17b pcre-devel-3.9-10.2.ia64.rpm

x86_64:
4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm
635232acaa561ea9a5c649ef98ea209b pcre-3.9-10.2.x86_64.rpm
eda6e9d9752e1224cb31f645d34fd938 pcre-devel-3.9-10.2.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/pcre-3.9-10.2.src.rpm
587ab1e44061fafb3a4a29d4533d6c0a pcre-3.9-10.2.src.rpm

i386:
4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm
769958cd03a22d82e79008f292b3fdb3 pcre-devel-3.9-10.2.i386.rpm

ia64:
4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm
0c974951ac22c79bd637af7248529a0f pcre-3.9-10.2.ia64.rpm
7a42e3ae5f7881a5217542c8d440e17b pcre-devel-3.9-10.2.ia64.rpm

x86_64:
4c02dbc359435be8b00ebbce44031675 pcre-3.9-10.2.i386.rpm
635232acaa561ea9a5c649ef98ea209b pcre-3.9-10.2.x86_64.rpm
eda6e9d9752e1224cb31f645d34fd938 pcre-devel-3.9-10.2.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/pcre-4.5-3.2.RHEL4.src.rpm
e3f1d831c654c609a1152cc40fcbd61b pcre-4.5-3.2.RHEL4.src.rpm

i386:
7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm
48c6ab5365b9b18b7de7715870ab33a0 pcre-devel-4.5-3.2.RHEL4.i386.rpm

ia64:
7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm
a30a41d023dd1ef8352ce192aeb06789 pcre-4.5-3.2.RHEL4.ia64.rpm
eb0d0b13edae2486a16062f28538f5b2 pcre-devel-4.5-3.2.RHEL4.ia64.rpm

ppc:
896951b63b6db04f6a18c7959ed3f3fe pcre-4.5-3.2.RHEL4.ppc.rpm
64279f3c3032512a532ecd7305ea9c42 pcre-4.5-3.2.RHEL4.ppc64.rpm
a860dc1420d25e2b8456162456fcedca pcre-devel-4.5-3.2.RHEL4.ppc.rpm

s390:
c1042264456245cfac1d3c4d74adee8c pcre-4.5-3.2.RHEL4.s390.rpm
e6751b4459b644bd5d5a8716e6fdccca pcre-devel-4.5-3.2.RHEL4.s390.rpm

s390x:
c1042264456245cfac1d3c4d74adee8c pcre-4.5-3.2.RHEL4.s390.rpm
22ed73d94c926516b399015c9d558b8e pcre-4.5-3.2.RHEL4.s390x.rpm
dec668e2b159953d3203edea4422da7f pcre-devel-4.5-3.2.RHEL4.s390x.rpm

x86_64:
7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm
36eca0a2d4ef427e414997c60f569929 pcre-4.5-3.2.RHEL4.x86_64.rpm
7b63529fa847ae87ede25d1ef9880743 pcre-devel-4.5-3.2.RHEL4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/pcre-4.5-3.2.RHEL4.src.rpm
e3f1d831c654c609a1152cc40fcbd61b pcre-4.5-3.2.RHEL4.src.rpm

i386:
7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm
48c6ab5365b9b18b7de7715870ab33a0 pcre-devel-4.5-3.2.RHEL4.i386.rpm

x86_64:
7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm
36eca0a2d4ef427e414997c60f569929 pcre-4.5-3.2.RHEL4.x86_64.rpm
7b63529fa847ae87ede25d1ef9880743 pcre-devel-4.5-3.2.RHEL4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/pcre-4.5-3.2.RHEL4.src.rpm
e3f1d831c654c609a1152cc40fcbd61b pcre-4.5-3.2.RHEL4.src.rpm

i386:
7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm
48c6ab5365b9b18b7de7715870ab33a0 pcre-devel-4.5-3.2.RHEL4.i386.rpm

ia64:
7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm
a30a41d023dd1ef8352ce192aeb06789 pcre-4.5-3.2.RHEL4.ia64.rpm
eb0d0b13edae2486a16062f28538f5b2 pcre-devel-4.5-3.2.RHEL4.ia64.rpm

x86_64:
7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm
36eca0a2d4ef427e414997c60f569929 pcre-4.5-3.2.RHEL4.x86_64.rpm
7b63529fa847ae87ede25d1ef9880743 pcre-devel-4.5-3.2.RHEL4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/pcre-4.5-3.2.RHEL4.src.rpm
e3f1d831c654c609a1152cc40fcbd61b pcre-4.5-3.2.RHEL4.src.rpm

i386:
7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm
48c6ab5365b9b18b7de7715870ab33a0 pcre-devel-4.5-3.2.RHEL4.i386.rpm

ia64:
7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm
a30a41d023dd1ef8352ce192aeb06789 pcre-4.5-3.2.RHEL4.ia64.rpm
eb0d0b13edae2486a16062f28538f5b2 pcre-devel-4.5-3.2.RHEL4.ia64.rpm

x86_64:
7f0b9db34077e394a3c185d965311d98 pcre-4.5-3.2.RHEL4.i386.rpm
36eca0a2d4ef427e414997c60f569929 pcre-4.5-3.2.RHEL4.x86_64.rpm
7b63529fa847ae87ede25d1ef9880743 pcre-devel-4.5-3.2.RHEL4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDIHRrXlSAg2UNWIIRArAQAJ99/fPSZMdJU9r5f1cZgA3VWgmD1QCfVTF6
fdV4gKlgJeqbjzZE5hEr4XM=
=aGJg
-----END PGP SIGNATURE-----