lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <871w784mxu.fsf@mid.deneb.enyo.de>
Date: Tue, 19 Feb 2008 23:10:37 +0100
From: Florian Weimer <fw@...eb.enyo.de>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 1499-1] New pcre3 packages fix
	arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1499-1                  security@...ian.org
http://www.debian.org/security/                           Florian Weimer
February 19, 2008                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : pcre3
Vulnerability  : buffer overflow
Problem type   : local (remote)
Debian-specific: no
CVE Id(s)      : CVE-2008-0674

It was discovered that specially crafted regular expressions involving
codepoints greater than 255 could cause a buffer overflow in the PCRE
library (CVE-2008-0674).

For the stable distribution (etch), this problem has been fixed in
version 6.7+7.4-3.

For the old stable distribution (sarge), this problem has been fixed in
version 4.5+7.4-2.

For the unstable distribution, thi problem has been fixed in version
7.6-1.

We recommend that you upgrade your pcre3 package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5+7.4-2.diff.gz
    Size/MD5 checksum:    99934 750cb82053d0d184e96b6f2256b07259
  http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5+7.4-2.dsc
    Size/MD5 checksum:      883 6d7166721448553dfe9672bdbb6c75c2
  http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5+7.4.orig.tar.gz
    Size/MD5 checksum:  1106897 de886b22cddc8eaf620a421d3041ee0b

Architecture independent packages:

  http://security.debian.org/pool/updates/main/p/pcre3/pgrep_4.5+7.4-2_all.deb
    Size/MD5 checksum:      764 f45e8c3460a8e966a1de6dd1f8499beb

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_alpha.deb
    Size/MD5 checksum:   191228 b56575e6599f47fceeffbec81ae4badd
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_alpha.deb
    Size/MD5 checksum:   218268 d4c05de57eafe47ffff9d07b84c99cd2
  http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_alpha.deb
    Size/MD5 checksum:    21346 6cb3b9513b0acdc11b2b62524d0c996e

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_amd64.deb
    Size/MD5 checksum:   181858 eaf65286f24f2eda0c5c2b0cf59d2e93
  http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_amd64.deb
    Size/MD5 checksum:    19814 abef692f2c4fd08c8564986bef855f57
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_amd64.deb
    Size/MD5 checksum:   206374 23d917983de3d901cdbc021d707bb6fd

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_arm.deb
    Size/MD5 checksum:   183712 6e6d063b597e869a4a214e5175cfc7b1
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_arm.deb
    Size/MD5 checksum:   209636 164c9c155f8c2704cebfd8798bd8d754
  http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_arm.deb
    Size/MD5 checksum:    19398 d0a3bf731aa86aa6edd0288bf5f2a3d7

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_hppa.deb
    Size/MD5 checksum:   208450 0b05321a818bfb34d17ff2baeaba6601
  http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_hppa.deb
    Size/MD5 checksum:    21022 3ed44e57de9d68aeab7d4da4c40c2eac
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_hppa.deb
    Size/MD5 checksum:   190888 671eb5283ff2527047d4b180ad6aee67

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_i386.deb
    Size/MD5 checksum:   184086 5ad41047b80b2b9846c395e6f452b497
  http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_i386.deb
    Size/MD5 checksum:    19024 ae71a5aa7677abddc6fbb5f1d69315be
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_i386.deb
    Size/MD5 checksum:   206252 06a244ad5aed436a119db629b6f5a469

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_ia64.deb
    Size/MD5 checksum:   228562 f1bc6cb07937b17adb7af5f9186cd7ed
  http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_ia64.deb
    Size/MD5 checksum:    24750 c2340f5c62f546e6fa0bcdb2cbc9bd3e
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_ia64.deb
    Size/MD5 checksum:   211280 1f181575a89a7ca5c2ff145818a08bfc

m68k architecture (Motorola Mc680x0)

  http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_m68k.deb
    Size/MD5 checksum:    17968 820d2eb5c5a93f48b05d5cc6368239a6
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_m68k.deb
    Size/MD5 checksum:   172432 6d503aca84a4397c9c3e93462aace3d8
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_m68k.deb
    Size/MD5 checksum:   194352 af6fa0385f2609982e32f007f4c0b168

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_mips.deb
    Size/MD5 checksum:    20102 b354118e316867f1e2517b77a88b69d3
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_mips.deb
    Size/MD5 checksum:   209014 43115bb2e5e08ff0f949faaa3f23d5c1
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_mips.deb
    Size/MD5 checksum:   180848 edaf555cb5ab54f994a62d29c2732428

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_mipsel.deb
    Size/MD5 checksum:   207736 582e76a99b716d86c42e375947466249
  http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_mipsel.deb
    Size/MD5 checksum:    20232 694073304814795f7836178de03ec204
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_mipsel.deb
    Size/MD5 checksum:   181164 abc55dadc11e27d4b2d88d306c01a7be

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_powerpc.deb
    Size/MD5 checksum:    21242 1efd8bde4d3876547974c520e16ad30d
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_powerpc.deb
    Size/MD5 checksum:   213520 3bad72e9cba7e0aaa559596b1b36788c
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_powerpc.deb
    Size/MD5 checksum:   185202 194d3ad7064270d7ab155cfa94ffd7fb

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_s390.deb
    Size/MD5 checksum:   186256 b9f6c83e915fab6c290ca199e28f2d55
  http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_s390.deb
    Size/MD5 checksum:    20148 447d0b6dd101eb01ee72c1e38c48f098
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_s390.deb
    Size/MD5 checksum:   207724 c39055bc8c6a8de74d9de737d44f6f7a

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_sparc.deb
    Size/MD5 checksum:   206280 212fff0a4f257eae567e908e5fb6ee7e
  http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_sparc.deb
    Size/MD5 checksum:    19584 f6e80c15212e07cd031c2d7851f350fd
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_sparc.deb
    Size/MD5 checksum:   182586 2a81eb26be398d300e9a74a6cfd23484

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-3.dsc
    Size/MD5 checksum:      888 b969e265a1471426c7b3570e437a201e
  http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-3.diff.gz
    Size/MD5 checksum:    83543 0dbf05fc511cca922726f1e7f2af763d
  http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4.orig.tar.gz
    Size/MD5 checksum:  1106897 de886b22cddc8eaf620a421d3041ee0b

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_alpha.deb
    Size/MD5 checksum:   209240 a185de00bd04e9957a21a9cadf5fd74c
  http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_alpha.deb
    Size/MD5 checksum:    21038 625de9e5a33263fe3f5f11fab1c5fe8a
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_alpha.deb
    Size/MD5 checksum:   265202 1197b103cad5c42c316319013f8cdb79
  http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_alpha.deb
    Size/MD5 checksum:    90728 3f0620da404f3646eb26e943342e5412

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_amd64.deb
    Size/MD5 checksum:   198458 b260423a6ca31c0b21b95d6fd27c7060
  http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_amd64.deb
    Size/MD5 checksum:    20148 060259ef86fd5a4b343df02ac7e120a3
  http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_amd64.deb
    Size/MD5 checksum:    89872 89ace0cae39660c0f3642713bd02a6e4
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_amd64.deb
    Size/MD5 checksum:   249870 530568e698030731eb4c08c60abb1343

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_arm.deb
    Size/MD5 checksum:    19920 99ea14ce1a6c2972c5f1f2ecbb95f202
  http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_arm.deb
    Size/MD5 checksum:    88864 2fd3ac5b6019856f9b268e2c26aa4f51
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_arm.deb
    Size/MD5 checksum:   198132 13a5814d2cf8a020353dce2a66fc9ed7
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_arm.deb
    Size/MD5 checksum:   243820 3e740955e7559e20cdeaa706ddaa8d17

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_hppa.deb
    Size/MD5 checksum:    92218 53568ec7bfe7bc0f95dd482b5f13a285
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_hppa.deb
    Size/MD5 checksum:   201718 8a28cf65d9bc2f937efab59759af6cc8
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_hppa.deb
    Size/MD5 checksum:   256046 fd479a2655b6a7732f68f8bc00321f07
  http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_hppa.deb
    Size/MD5 checksum:    20728 1604e931db96096ff7a5add991908ad1

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_i386.deb
    Size/MD5 checksum:    19338 a87924cc11bf4f53e5b00219ef3f8a8c
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_i386.deb
    Size/MD5 checksum:   196848 7efe08bf58a6570c3d832d1e842d5342
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_i386.deb
    Size/MD5 checksum:   246880 4ce72015615de07dbaf00be25a52491b
  http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_i386.deb
    Size/MD5 checksum:    89772 2ade3a16f074800ef669ca4680a91cb1

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_ia64.deb
    Size/MD5 checksum:   230590 08a116a70d244c828492c30d2dbbb48e
  http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_ia64.deb
    Size/MD5 checksum:    93758 914e2b8d0f3321f07c013f4345209db8
  http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_ia64.deb
    Size/MD5 checksum:    25656 4bb1c29f4404522b2755625308a20b13
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_ia64.deb
    Size/MD5 checksum:   280542 588310a23aad9f613c7830a2f0b563ef

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_mips.deb
    Size/MD5 checksum:    90442 f9e23ed9d433c0cb8be1af30c5d4b612
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_mips.deb
    Size/MD5 checksum:   253442 96c4033d2a2f739df24d6a024523d8a6
  http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_mips.deb
    Size/MD5 checksum:    20420 4a32411e6f2062a198db3bd3b4446394
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_mips.deb
    Size/MD5 checksum:   198318 72fc0f745b60d9db62e9d0455eb8fb3b

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_mipsel.deb
    Size/MD5 checksum:    90412 1b7cd1ed0d81fe4df0cae8d99def8480
  http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_mipsel.deb
    Size/MD5 checksum:    20448 64f1dfccabd44c59aa5a60fad6c9296f
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_mipsel.deb
    Size/MD5 checksum:   197500 d598271ce0c2decf2aa6d4078beb9b9d
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_mipsel.deb
    Size/MD5 checksum:   252310 9447ded9ce69a2122fe16749b9f5deeb

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_powerpc.deb
    Size/MD5 checksum:   252946 10d0bd9b0d18f05c36a7463a47c4c42a
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_powerpc.deb
    Size/MD5 checksum:   197584 f9150079915d856354f1d356dcc7b240
  http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_powerpc.deb
    Size/MD5 checksum:    92048 7707c55edb19561761ae4829e49184a6
  http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_powerpc.deb
    Size/MD5 checksum:    21266 30e019d1c324c03be716bac909f26dfd

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_s390.deb
    Size/MD5 checksum:    90484 9016792309da7d08f03cdc4929260296
  http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_s390.deb
    Size/MD5 checksum:    20092 ec77abe71ed14b6129ddab73582beee8
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_s390.deb
    Size/MD5 checksum:   199916 beaac240ffda6fce20b4e002e5a1cdbe
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_s390.deb
    Size/MD5 checksum:   248354 bf79866794ae8ad26e6ac5a66d1ed20f

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_sparc.deb
    Size/MD5 checksum:    88690 a0104e54a7281ed10c7f9515f65b0063
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_sparc.deb
    Size/MD5 checksum:   247136 abaea6c7e812a4e4911c46bd8f34a05b
  http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_sparc.deb
    Size/MD5 checksum:   197550 57c76e81b4804a9c3d5f486e9359db9c
  http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_sparc.deb
    Size/MD5 checksum:    19416 5f94f1ce7796dbd46e2b4bdcdf433c82


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBR7tUPr97/wQC1SS+AQLoaAf/V7g9PkZpmh6dBKFZ8TJa63E1ueWgWtvf
h/CuIn/fLAzHOjhA9yxBPMcnp4Puk4cM0wZFg/6fwSED3T1rHrWgFKMRa3uOH9Xk
uRUd7gclPYBo/qwA3DOBIhwfiQm4a6IkfddEnx+RT5XiL1Io392RazuYjQ4IMfOb
YH/5SkG43HlAsQELsIoZ1T7+7qRqVNBshsK3R9lSDVr3P9jXy7GaZSUqnCWlBi0b
KMsiuIOe6R5w8C/BVQt7D4DacCFmTksyJBDka9er6fM5NM8/Gho8GoRm99K8F/iP
mug76ehflHPSOdGhd5EPvPwQebBiyWjuGhX/SgZhgnNaDD/kTswCsA==
=BbAL
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ