[<prev] [next>] [day] [month] [year] [list]
Message-ID: <871w784mxu.fsf@mid.deneb.enyo.de>
Date: Tue, 19 Feb 2008 23:10:37 +0100
From: Florian Weimer <fw@...eb.enyo.de>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 1499-1] New pcre3 packages fix
arbitrary code execution
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1499-1 security@...ian.org
http://www.debian.org/security/ Florian Weimer
February 19, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : pcre3
Vulnerability : buffer overflow
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-0674
It was discovered that specially crafted regular expressions involving
codepoints greater than 255 could cause a buffer overflow in the PCRE
library (CVE-2008-0674).
For the stable distribution (etch), this problem has been fixed in
version 6.7+7.4-3.
For the old stable distribution (sarge), this problem has been fixed in
version 4.5+7.4-2.
For the unstable distribution, thi problem has been fixed in version
7.6-1.
We recommend that you upgrade your pcre3 package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5+7.4-2.diff.gz
Size/MD5 checksum: 99934 750cb82053d0d184e96b6f2256b07259
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5+7.4-2.dsc
Size/MD5 checksum: 883 6d7166721448553dfe9672bdbb6c75c2
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5+7.4.orig.tar.gz
Size/MD5 checksum: 1106897 de886b22cddc8eaf620a421d3041ee0b
Architecture independent packages:
http://security.debian.org/pool/updates/main/p/pcre3/pgrep_4.5+7.4-2_all.deb
Size/MD5 checksum: 764 f45e8c3460a8e966a1de6dd1f8499beb
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_alpha.deb
Size/MD5 checksum: 191228 b56575e6599f47fceeffbec81ae4badd
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_alpha.deb
Size/MD5 checksum: 218268 d4c05de57eafe47ffff9d07b84c99cd2
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_alpha.deb
Size/MD5 checksum: 21346 6cb3b9513b0acdc11b2b62524d0c996e
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_amd64.deb
Size/MD5 checksum: 181858 eaf65286f24f2eda0c5c2b0cf59d2e93
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_amd64.deb
Size/MD5 checksum: 19814 abef692f2c4fd08c8564986bef855f57
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_amd64.deb
Size/MD5 checksum: 206374 23d917983de3d901cdbc021d707bb6fd
arm architecture (ARM)
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_arm.deb
Size/MD5 checksum: 183712 6e6d063b597e869a4a214e5175cfc7b1
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_arm.deb
Size/MD5 checksum: 209636 164c9c155f8c2704cebfd8798bd8d754
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_arm.deb
Size/MD5 checksum: 19398 d0a3bf731aa86aa6edd0288bf5f2a3d7
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_hppa.deb
Size/MD5 checksum: 208450 0b05321a818bfb34d17ff2baeaba6601
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_hppa.deb
Size/MD5 checksum: 21022 3ed44e57de9d68aeab7d4da4c40c2eac
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_hppa.deb
Size/MD5 checksum: 190888 671eb5283ff2527047d4b180ad6aee67
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_i386.deb
Size/MD5 checksum: 184086 5ad41047b80b2b9846c395e6f452b497
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_i386.deb
Size/MD5 checksum: 19024 ae71a5aa7677abddc6fbb5f1d69315be
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_i386.deb
Size/MD5 checksum: 206252 06a244ad5aed436a119db629b6f5a469
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_ia64.deb
Size/MD5 checksum: 228562 f1bc6cb07937b17adb7af5f9186cd7ed
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_ia64.deb
Size/MD5 checksum: 24750 c2340f5c62f546e6fa0bcdb2cbc9bd3e
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_ia64.deb
Size/MD5 checksum: 211280 1f181575a89a7ca5c2ff145818a08bfc
m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_m68k.deb
Size/MD5 checksum: 17968 820d2eb5c5a93f48b05d5cc6368239a6
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_m68k.deb
Size/MD5 checksum: 172432 6d503aca84a4397c9c3e93462aace3d8
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_m68k.deb
Size/MD5 checksum: 194352 af6fa0385f2609982e32f007f4c0b168
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_mips.deb
Size/MD5 checksum: 20102 b354118e316867f1e2517b77a88b69d3
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_mips.deb
Size/MD5 checksum: 209014 43115bb2e5e08ff0f949faaa3f23d5c1
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_mips.deb
Size/MD5 checksum: 180848 edaf555cb5ab54f994a62d29c2732428
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_mipsel.deb
Size/MD5 checksum: 207736 582e76a99b716d86c42e375947466249
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_mipsel.deb
Size/MD5 checksum: 20232 694073304814795f7836178de03ec204
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_mipsel.deb
Size/MD5 checksum: 181164 abc55dadc11e27d4b2d88d306c01a7be
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_powerpc.deb
Size/MD5 checksum: 21242 1efd8bde4d3876547974c520e16ad30d
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_powerpc.deb
Size/MD5 checksum: 213520 3bad72e9cba7e0aaa559596b1b36788c
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_powerpc.deb
Size/MD5 checksum: 185202 194d3ad7064270d7ab155cfa94ffd7fb
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_s390.deb
Size/MD5 checksum: 186256 b9f6c83e915fab6c290ca199e28f2d55
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_s390.deb
Size/MD5 checksum: 20148 447d0b6dd101eb01ee72c1e38c48f098
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_s390.deb
Size/MD5 checksum: 207724 c39055bc8c6a8de74d9de737d44f6f7a
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_sparc.deb
Size/MD5 checksum: 206280 212fff0a4f257eae567e908e5fb6ee7e
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_sparc.deb
Size/MD5 checksum: 19584 f6e80c15212e07cd031c2d7851f350fd
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_sparc.deb
Size/MD5 checksum: 182586 2a81eb26be398d300e9a74a6cfd23484
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-3.dsc
Size/MD5 checksum: 888 b969e265a1471426c7b3570e437a201e
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-3.diff.gz
Size/MD5 checksum: 83543 0dbf05fc511cca922726f1e7f2af763d
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4.orig.tar.gz
Size/MD5 checksum: 1106897 de886b22cddc8eaf620a421d3041ee0b
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_alpha.deb
Size/MD5 checksum: 209240 a185de00bd04e9957a21a9cadf5fd74c
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_alpha.deb
Size/MD5 checksum: 21038 625de9e5a33263fe3f5f11fab1c5fe8a
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_alpha.deb
Size/MD5 checksum: 265202 1197b103cad5c42c316319013f8cdb79
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_alpha.deb
Size/MD5 checksum: 90728 3f0620da404f3646eb26e943342e5412
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_amd64.deb
Size/MD5 checksum: 198458 b260423a6ca31c0b21b95d6fd27c7060
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_amd64.deb
Size/MD5 checksum: 20148 060259ef86fd5a4b343df02ac7e120a3
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_amd64.deb
Size/MD5 checksum: 89872 89ace0cae39660c0f3642713bd02a6e4
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_amd64.deb
Size/MD5 checksum: 249870 530568e698030731eb4c08c60abb1343
arm architecture (ARM)
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_arm.deb
Size/MD5 checksum: 19920 99ea14ce1a6c2972c5f1f2ecbb95f202
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_arm.deb
Size/MD5 checksum: 88864 2fd3ac5b6019856f9b268e2c26aa4f51
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_arm.deb
Size/MD5 checksum: 198132 13a5814d2cf8a020353dce2a66fc9ed7
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_arm.deb
Size/MD5 checksum: 243820 3e740955e7559e20cdeaa706ddaa8d17
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_hppa.deb
Size/MD5 checksum: 92218 53568ec7bfe7bc0f95dd482b5f13a285
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_hppa.deb
Size/MD5 checksum: 201718 8a28cf65d9bc2f937efab59759af6cc8
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_hppa.deb
Size/MD5 checksum: 256046 fd479a2655b6a7732f68f8bc00321f07
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_hppa.deb
Size/MD5 checksum: 20728 1604e931db96096ff7a5add991908ad1
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_i386.deb
Size/MD5 checksum: 19338 a87924cc11bf4f53e5b00219ef3f8a8c
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_i386.deb
Size/MD5 checksum: 196848 7efe08bf58a6570c3d832d1e842d5342
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_i386.deb
Size/MD5 checksum: 246880 4ce72015615de07dbaf00be25a52491b
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_i386.deb
Size/MD5 checksum: 89772 2ade3a16f074800ef669ca4680a91cb1
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_ia64.deb
Size/MD5 checksum: 230590 08a116a70d244c828492c30d2dbbb48e
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_ia64.deb
Size/MD5 checksum: 93758 914e2b8d0f3321f07c013f4345209db8
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_ia64.deb
Size/MD5 checksum: 25656 4bb1c29f4404522b2755625308a20b13
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_ia64.deb
Size/MD5 checksum: 280542 588310a23aad9f613c7830a2f0b563ef
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_mips.deb
Size/MD5 checksum: 90442 f9e23ed9d433c0cb8be1af30c5d4b612
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_mips.deb
Size/MD5 checksum: 253442 96c4033d2a2f739df24d6a024523d8a6
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_mips.deb
Size/MD5 checksum: 20420 4a32411e6f2062a198db3bd3b4446394
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_mips.deb
Size/MD5 checksum: 198318 72fc0f745b60d9db62e9d0455eb8fb3b
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_mipsel.deb
Size/MD5 checksum: 90412 1b7cd1ed0d81fe4df0cae8d99def8480
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_mipsel.deb
Size/MD5 checksum: 20448 64f1dfccabd44c59aa5a60fad6c9296f
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_mipsel.deb
Size/MD5 checksum: 197500 d598271ce0c2decf2aa6d4078beb9b9d
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_mipsel.deb
Size/MD5 checksum: 252310 9447ded9ce69a2122fe16749b9f5deeb
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_powerpc.deb
Size/MD5 checksum: 252946 10d0bd9b0d18f05c36a7463a47c4c42a
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_powerpc.deb
Size/MD5 checksum: 197584 f9150079915d856354f1d356dcc7b240
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_powerpc.deb
Size/MD5 checksum: 92048 7707c55edb19561761ae4829e49184a6
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_powerpc.deb
Size/MD5 checksum: 21266 30e019d1c324c03be716bac909f26dfd
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_s390.deb
Size/MD5 checksum: 90484 9016792309da7d08f03cdc4929260296
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_s390.deb
Size/MD5 checksum: 20092 ec77abe71ed14b6129ddab73582beee8
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_s390.deb
Size/MD5 checksum: 199916 beaac240ffda6fce20b4e002e5a1cdbe
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_s390.deb
Size/MD5 checksum: 248354 bf79866794ae8ad26e6ac5a66d1ed20f
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_sparc.deb
Size/MD5 checksum: 88690 a0104e54a7281ed10c7f9515f65b0063
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_sparc.deb
Size/MD5 checksum: 247136 abaea6c7e812a4e4911c46bd8f34a05b
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_sparc.deb
Size/MD5 checksum: 197550 57c76e81b4804a9c3d5f486e9359db9c
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_sparc.deb
Size/MD5 checksum: 19416 5f94f1ce7796dbd46e2b4bdcdf433c82
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBR7tUPr97/wQC1SS+AQLoaAf/V7g9PkZpmh6dBKFZ8TJa63E1ueWgWtvf
h/CuIn/fLAzHOjhA9yxBPMcnp4Puk4cM0wZFg/6fwSED3T1rHrWgFKMRa3uOH9Xk
uRUd7gclPYBo/qwA3DOBIhwfiQm4a6IkfddEnx+RT5XiL1Io392RazuYjQ4IMfOb
YH/5SkG43HlAsQELsIoZ1T7+7qRqVNBshsK3R9lSDVr3P9jXy7GaZSUqnCWlBi0b
KMsiuIOe6R5w8C/BVQt7D4DacCFmTksyJBDka9er6fM5NM8/Gho8GoRm99K8F/iP
mug76ehflHPSOdGhd5EPvPwQebBiyWjuGhX/SgZhgnNaDD/kTswCsA==
=BbAL
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists