lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050823155713.GB7706@piware.de>
Date: Tue, 23 Aug 2005 17:57:13 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-173-1] PCRE vulnerability

===========================================================
Ubuntu Security Notice USN-173-1	    August 23, 2005
pcre3 vulnerability
CAN-2005-2491
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

libpcre3

The problem can be corrected by upgrading the affected package to
version 4.5-1.1ubuntu0.4.10 (for Ubuntu 4.10), or 4.5-1.1ubuntu0.5.04
(for Ubuntu 5.04). 

A standard system upgrade is NOT SUFFICIENT to effect the necessary
changes! If you can afford to reboot your machine, this is the easiest
way to ensure that all services using this library are restarted
correctly. If not, please manually restart all server processes (exim,
Apache, PHP, etc.). It is advised to also restart your desktop
session.


Details follow:

A buffer overflow has been discovered in the PCRE, a widely used
library that provides Perl compatible regular expressions. Specially
crafted regular expressions triggered a buffer overflow. On systems
that accept arbitrary regular expressions from untrusted users, this
could be exploited to execute arbitrary code with the privileges of
the application using the library.


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_4.5-1.1ubuntu0.4.10.diff.gz
      Size/MD5:   183474 72d65636bfd4af6836fc8472f1fe3c78
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_4.5-1.1ubuntu0.4.10.dsc
      Size/MD5:      607 8846bc461afedca938a709ead2891fcd
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_4.5.orig.tar.gz
      Size/MD5:   476057 a58971177114a3b7a5da0e5a89a43c96

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pgrep_4.5-1.1ubuntu0.4.10_all.deb
      Size/MD5:      774 52a52c15ff0ab0928dfb47080f40a5f0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_4.5-1.1ubuntu0.4.10_amd64.deb
      Size/MD5:   106736 62013edb6bc2ca7ae96d3739aac0e84b
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_4.5-1.1ubuntu0.4.10_amd64.deb
      Size/MD5:   106922 ea42ff8f246928c0998c5f35155fba21
    http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_4.5-1.1ubuntu0.4.10_amd64.deb
      Size/MD5:     9160 d801a4aec0c0591c8087ee3c80d83466

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_4.5-1.1ubuntu0.4.10_i386.deb
      Size/MD5:   105130 63b585816a99b0fa1a7696fabee272e5
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_4.5-1.1ubuntu0.4.10_i386.deb
      Size/MD5:   106736 37c7df39e6bfac99fd5d82525836d0b2
    http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_4.5-1.1ubuntu0.4.10_i386.deb
      Size/MD5:     8446 2cef77c4bfe564260e60dbcc429df54b

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_4.5-1.1ubuntu0.4.10_powerpc.deb
      Size/MD5:   111116 67a137cc04696da087beaf665e9a7e4e
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_4.5-1.1ubuntu0.4.10_powerpc.deb
      Size/MD5:   109812 7c687f390b65d20143cafa73fb4fc5ab
    http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_4.5-1.1ubuntu0.4.10_powerpc.deb
      Size/MD5:    10680 c88971b34f540193e28019d7801c768c


Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_4.5-1.1ubuntu0.5.04.diff.gz
      Size/MD5:   183473 dbc61833e0c2e671c9d5316551640e20
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_4.5-1.1ubuntu0.5.04.dsc
      Size/MD5:      607 9556aec130df9a17c835293a4b569f53
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_4.5.orig.tar.gz
      Size/MD5:   476057 a58971177114a3b7a5da0e5a89a43c96

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pgrep_4.5-1.1ubuntu0.5.04_all.deb
      Size/MD5:      776 e28108b81e46c153e9d13cb142a0ee55

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_4.5-1.1ubuntu0.5.04_amd64.deb
      Size/MD5:   106726 1cd55307ab68b857a30a9d914a6b0f34
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_4.5-1.1ubuntu0.5.04_amd64.deb
      Size/MD5:   106956 a0b218c184b61f087674603fb76977ec
    http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_4.5-1.1ubuntu0.5.04_amd64.deb
      Size/MD5:     9168 07caef2f35532ff156adc7ad9980712b

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_4.5-1.1ubuntu0.5.04_i386.deb
      Size/MD5:   105150 e93cb7c4fd77b1f61b56aa6bd606fb0c
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_4.5-1.1ubuntu0.5.04_i386.deb
      Size/MD5:   106674 0b590cd8855d69ae39f5fde1f2afda2e
    http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_4.5-1.1ubuntu0.5.04_i386.deb
      Size/MD5:     8402 19f13b0338fc508f29bcb4fbd7004281

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_4.5-1.1ubuntu0.5.04_powerpc.deb
      Size/MD5:   111110 3f9152da5f123399c2b9c0e9c33a94c5
    http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_4.5-1.1ubuntu0.5.04_powerpc.deb
      Size/MD5:   109862 2c5aa546b1e3c69473443e341d661c15
    http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_4.5-1.1ubuntu0.5.04_powerpc.deb
      Size/MD5:    10666 5d460aa1007800c2be8d88be03f9b0d9

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ