[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050824152619.GA16385@piware.de>
Date: Wed, 24 Aug 2005 17:26:19 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-173-2] PCRE vulnerability
===========================================================
Ubuntu Security Notice USN-173-2 August 24, 2005
pcre3, apache2 vulnerabilities
CAN-2005-2491
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog):
The following packages are affected:
apache2
apache2-mpm-perchild
apache2-mpm-prefork
apache2-mpm-threadpool
apache2-mpm-worker
libpcre3
The problem can be corrected by upgrading the affected package to
version 2.0.50-12ubuntu4.4 (apache2 for Ubuntu 4.10),
4.5-1.1ubuntu0.4.10.1 (libpcre3 for Ubuntu4.10), or
4.5-1.1ubuntu0.5.04.1 (libpcre3 for Ubuntu 5.04).
A standard system upgrade is NOT SUFFICIENT to effect the necessary
changes! If you can afford to reboot your machine, this is the easiest
way to ensure that all services using this library are restarted
correctly. If not, please manually restart all server processes (exim,
PHP, etc.). It is advised to also restart your desktop session.
Details follow:
USN-173-1 fixed a buffer overflow vulnerability in the PCRE library.
However, it was determined that this did not suffice to prevent all
possible overflows, so another update is necessary.
In addition, it was found that the Ubuntu 4.10 version of Apache 2
contains a static copy of the library code, so this package needs to
be updated as well. In Ubuntu 5.04, Apache 2 uses the external library
from the libpcre3 package.
Updated packages for Ubuntu 4.10 (Warty Warthog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.4.diff.gz
Size/MD5: 99437 2ec7366e3b6cb2b5c71181b6548808d5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.4.dsc
Size/MD5: 1151 1683a2c86a5f8f64cc200c13684c0af8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50.orig.tar.gz
Size/MD5: 6321209 9d0767f8a1344229569fcd8272156f8b
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_4.5-1.1ubuntu0.4.10.1.diff.gz
Size/MD5: 186473 23255683011d112e0d640005529fdcb6
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_4.5-1.1ubuntu0.4.10.1.dsc
Size/MD5: 611 1aa3ef1882be8157f4633a6b969a0f60
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_4.5.orig.tar.gz
Size/MD5: 476057 a58971177114a3b7a5da0e5a89a43c96
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.50-12ubuntu4.4_all.deb
Size/MD5: 3178264 a5df71bfa12ecbe37e46173508948b1e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.50-12ubuntu4.4_all.deb
Size/MD5: 163816 d5d16be7b8a61b7a1a7150573d0ae1c2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.50-12ubuntu4.4_all.deb
Size/MD5: 164576 73dd7539b67d6b39db994a14d88fd767
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pgrep_4.5-1.1ubuntu0.4.10.1_all.deb
Size/MD5: 770 475394a2acc796700888067434ed1fa3
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.4_amd64.deb
Size/MD5: 864696 51e05b5c49dea16124af0291aeddd34a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.4_amd64.deb
Size/MD5: 230442 e4d0ab0e0f4e12c1d165f5d0688d2f0e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.4_amd64.deb
Size/MD5: 225648 fed779ea47e97f77d8e480461a11bfa2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.4_amd64.deb
Size/MD5: 229042 f3932e8a42c725324547bd5fff8687f9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.4_amd64.deb
Size/MD5: 229632 a948e60571700bd0130d5b260b6899d1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.4_amd64.deb
Size/MD5: 30046 16e716b545d917d5df294432d5635064
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.4_amd64.deb
Size/MD5: 275550 129e8fdad596ae2885083e7237599022
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.4_amd64.deb
Size/MD5: 133502 4f42fad8d02976fa9143b608481205ee
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_4.5-1.1ubuntu0.4.10.1_amd64.deb
Size/MD5: 106882 3c0e8b8a59d32ae2be91835a2a85cd18
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_4.5-1.1ubuntu0.4.10.1_amd64.deb
Size/MD5: 107072 033e5fe0052ac64310edcd86936d94bc
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_4.5-1.1ubuntu0.4.10.1_amd64.deb
Size/MD5: 9162 3d73e3dd0a0bf59f83ddb9c31af88cc8
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.4_i386.deb
Size/MD5: 826136 448d8292cd63da6e97c20fb75808aaed
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.4_i386.deb
Size/MD5: 209442 fa3613ea6f664c70e603356206074e2c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.4_i386.deb
Size/MD5: 205660 5fd6d83f773a051e1960e40092952d33
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.4_i386.deb
Size/MD5: 208318 9a55bea5039f3776d5c1776afbfe6fe7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.4_i386.deb
Size/MD5: 208740 d54a2ca9c5397ed6dc601bb85664ddc3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.4_i386.deb
Size/MD5: 30040 6fc8ef0b828e3a642170c2a568a4e7d0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.4_i386.deb
Size/MD5: 253496 59fcec5f8fe52f02dfafa1f7ad08593c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.4_i386.deb
Size/MD5: 124212 4a76225f2129ea76d56ba6b70499fc4e
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_4.5-1.1ubuntu0.4.10.1_i386.deb
Size/MD5: 105234 189a4f988570bca3b2365f88a4cf9270
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_4.5-1.1ubuntu0.4.10.1_i386.deb
Size/MD5: 106854 99ad2737d3d3fd27fed11765913aacaf
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_4.5-1.1ubuntu0.4.10.1_i386.deb
Size/MD5: 8438 0c7adfb2729a43501c238293e2188155
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.4_powerpc.deb
Size/MD5: 903896 a2a8b50a1178d9d3118a500190851bbd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.4_powerpc.deb
Size/MD5: 223112 fd4174be29e547b530a1139d259b2d49
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.4_powerpc.deb
Size/MD5: 218062 41ea2b90a54588035346bca0529185fe
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.4_powerpc.deb
Size/MD5: 221308 e5642bd8744f3fc8239da9d764e3dfce
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.4_powerpc.deb
Size/MD5: 221898 376dee961786a2a0eea7d6e7248ab134
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.4_powerpc.deb
Size/MD5: 30052 411594b6e4fcba4565fe9abc77e847e7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.4_powerpc.deb
Size/MD5: 269314 d89744b51bac7c5bcbac2852f7e87225
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.4_powerpc.deb
Size/MD5: 130824 9111e8dd27a24c8fc0f6a26a05c9cee0
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_4.5-1.1ubuntu0.4.10.1_powerpc.deb
Size/MD5: 111252 f58cf5b717e4466d47c276b38ebc55ed
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_4.5-1.1ubuntu0.4.10.1_powerpc.deb
Size/MD5: 109924 0cb232a94b4a8f2eba5be80e9c1a3895
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_4.5-1.1ubuntu0.4.10.1_powerpc.deb
Size/MD5: 10684 7afe87ad27a361b835a423adf44f0c65
Updated packages for Ubuntu 5.04 (Hoary Hedgehog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_4.5-1.1ubuntu0.5.04.1.diff.gz
Size/MD5: 186471 912614b401d34df8c183f58fd15c2a4f
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_4.5-1.1ubuntu0.5.04.1.dsc
Size/MD5: 611 99a5654a9d99d82cbebf753f35fdfd63
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_4.5.orig.tar.gz
Size/MD5: 476057 a58971177114a3b7a5da0e5a89a43c96
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pgrep_4.5-1.1ubuntu0.5.04.1_all.deb
Size/MD5: 770 0112a4f8db49e364b511d0913e7db850
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_4.5-1.1ubuntu0.5.04.1_amd64.deb
Size/MD5: 106860 d59d8b1bcf9eddb4dd618234d7afac47
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_4.5-1.1ubuntu0.5.04.1_amd64.deb
Size/MD5: 107086 8bec3f336d9d74483d15e16306fa3651
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_4.5-1.1ubuntu0.5.04.1_amd64.deb
Size/MD5: 9160 8fa63c4f1f9998f0b3cfa432037bd525
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_4.5-1.1ubuntu0.5.04.1_i386.deb
Size/MD5: 105268 0dcdea19b3d29ef7e87359c239367d54
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_4.5-1.1ubuntu0.5.04.1_i386.deb
Size/MD5: 106790 7d1ba079a7ff75967aa432e725bf6899
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_4.5-1.1ubuntu0.5.04.1_i386.deb
Size/MD5: 8394 8f43d61d69a44dead76472421cc7a602
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_4.5-1.1ubuntu0.5.04.1_powerpc.deb
Size/MD5: 111232 96f1afd42831adaa9c5d9af8e6c60f0d
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_4.5-1.1ubuntu0.5.04.1_powerpc.deb
Size/MD5: 109990 71dc3404a424f2449855f8d80bf8f8fd
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_4.5-1.1ubuntu0.5.04.1_powerpc.deb
Size/MD5: 10678 6f16535e47fe355d683829a1435600cf
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists