[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050823155713.GB7706@piware.de>
Date: Tue Aug 23 16:58:15 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-173-1] PCRE vulnerability
===========================================================
Ubuntu Security Notice USN-173-1 August 23, 2005
pcre3 vulnerability
CAN-2005-2491
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
libpcre3
The problem can be corrected by upgrading the affected package to
version 4.5-1.1ubuntu0.4.10 (for Ubuntu 4.10), or 4.5-1.1ubuntu0.5.04
(for Ubuntu 5.04).
A standard system upgrade is NOT SUFFICIENT to effect the necessary
changes! If you can afford to reboot your machine, this is the easiest
way to ensure that all services using this library are restarted
correctly. If not, please manually restart all server processes (exim,
Apache, PHP, etc.). It is advised to also restart your desktop
session.
Details follow:
A buffer overflow has been discovered in the PCRE, a widely used
library that provides Perl compatible regular expressions. Specially
crafted regular expressions triggered a buffer overflow. On systems
that accept arbitrary regular expressions from untrusted users, this
could be exploited to execute arbitrary code with the privileges of
the application using the library.
Updated packages for Ubuntu 4.10 (Warty Warthog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_4.5-1.1ubuntu0.4.10.diff.gz
Size/MD5: 183474 72d65636bfd4af6836fc8472f1fe3c78
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_4.5-1.1ubuntu0.4.10.dsc
Size/MD5: 607 8846bc461afedca938a709ead2891fcd
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_4.5.orig.tar.gz
Size/MD5: 476057 a58971177114a3b7a5da0e5a89a43c96
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pgrep_4.5-1.1ubuntu0.4.10_all.deb
Size/MD5: 774 52a52c15ff0ab0928dfb47080f40a5f0
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_4.5-1.1ubuntu0.4.10_amd64.deb
Size/MD5: 106736 62013edb6bc2ca7ae96d3739aac0e84b
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_4.5-1.1ubuntu0.4.10_amd64.deb
Size/MD5: 106922 ea42ff8f246928c0998c5f35155fba21
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_4.5-1.1ubuntu0.4.10_amd64.deb
Size/MD5: 9160 d801a4aec0c0591c8087ee3c80d83466
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_4.5-1.1ubuntu0.4.10_i386.deb
Size/MD5: 105130 63b585816a99b0fa1a7696fabee272e5
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_4.5-1.1ubuntu0.4.10_i386.deb
Size/MD5: 106736 37c7df39e6bfac99fd5d82525836d0b2
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_4.5-1.1ubuntu0.4.10_i386.deb
Size/MD5: 8446 2cef77c4bfe564260e60dbcc429df54b
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_4.5-1.1ubuntu0.4.10_powerpc.deb
Size/MD5: 111116 67a137cc04696da087beaf665e9a7e4e
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_4.5-1.1ubuntu0.4.10_powerpc.deb
Size/MD5: 109812 7c687f390b65d20143cafa73fb4fc5ab
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_4.5-1.1ubuntu0.4.10_powerpc.deb
Size/MD5: 10680 c88971b34f540193e28019d7801c768c
Updated packages for Ubuntu 5.04 (Hoary Hedgehog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_4.5-1.1ubuntu0.5.04.diff.gz
Size/MD5: 183473 dbc61833e0c2e671c9d5316551640e20
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_4.5-1.1ubuntu0.5.04.dsc
Size/MD5: 607 9556aec130df9a17c835293a4b569f53
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3_4.5.orig.tar.gz
Size/MD5: 476057 a58971177114a3b7a5da0e5a89a43c96
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pgrep_4.5-1.1ubuntu0.5.04_all.deb
Size/MD5: 776 e28108b81e46c153e9d13cb142a0ee55
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_4.5-1.1ubuntu0.5.04_amd64.deb
Size/MD5: 106726 1cd55307ab68b857a30a9d914a6b0f34
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_4.5-1.1ubuntu0.5.04_amd64.deb
Size/MD5: 106956 a0b218c184b61f087674603fb76977ec
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_4.5-1.1ubuntu0.5.04_amd64.deb
Size/MD5: 9168 07caef2f35532ff156adc7ad9980712b
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_4.5-1.1ubuntu0.5.04_i386.deb
Size/MD5: 105150 e93cb7c4fd77b1f61b56aa6bd606fb0c
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_4.5-1.1ubuntu0.5.04_i386.deb
Size/MD5: 106674 0b590cd8855d69ae39f5fde1f2afda2e
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_4.5-1.1ubuntu0.5.04_i386.deb
Size/MD5: 8402 19f13b0338fc508f29bcb4fbd7004281
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3-dev_4.5-1.1ubuntu0.5.04_powerpc.deb
Size/MD5: 111110 3f9152da5f123399c2b9c0e9c33a94c5
http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpcre3_4.5-1.1ubuntu0.5.04_powerpc.deb
Size/MD5: 109862 2c5aa546b1e3c69473443e341d661c15
http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/pcregrep_4.5-1.1ubuntu0.5.04_powerpc.deb
Size/MD5: 10666 5d460aa1007800c2be8d88be03f9b0d9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050823/d10924aa/attachment.bin
Powered by blists - more mailing lists