exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2008-030

Mandriva Linux Security Advisory 2008-030
Posted Feb 1, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities were discovered by Tavis Ormandy and Will Drewry in the way that pcre handled certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it could lead to the execution of arbitrary code as the user running the application.

tags | advisory, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2005-4872, CVE-2006-7225, CVE-2006-7226, CVE-2006-7227, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659
SHA-256 | 6438dccbbad93fb63c20daae54da39a23d83c331dd646da101db534c1d021466

Mandriva Linux Security Advisory 2008-030

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:030
http://www.mandriva.com/security/
_______________________________________________________________________

Package : pcre
Date : January 31, 2008
Affected: Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities were discovered by Tavis Ormandy and
Will Drewry in the way that pcre handled certain malformed regular
expressions. If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it could lead to the execution
of arbitrary code as the user running the application.

Updated packages have been patched to prevent this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1659
_______________________________________________________________________

Updated Packages:

Corporate 3.0:
6af12132e0e932020ca394cdcf3d3a06 corporate/3.0/i586/libpcre0-4.5-3.4.C30mdk.i586.rpm
dd9afe15698e99b37f934783762e366d corporate/3.0/i586/libpcre0-devel-4.5-3.4.C30mdk.i586.rpm
278b07fa59e68bdc1a50a117c48d1d31 corporate/3.0/i586/pcre-4.5-3.4.C30mdk.i586.rpm
c8c3d5ccea445fb8f4d70b71b0ca03df corporate/3.0/SRPMS/pcre-4.5-3.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
a891898c4b21b2088f02ca0f6b769cf0 corporate/3.0/x86_64/lib64pcre0-4.5-3.4.C30mdk.x86_64.rpm
4119de7999c3dc01965b3a285839262c corporate/3.0/x86_64/lib64pcre0-devel-4.5-3.4.C30mdk.x86_64.rpm
060b66751095a700fe6cc121a423a6f1 corporate/3.0/x86_64/pcre-4.5-3.4.C30mdk.x86_64.rpm
c8c3d5ccea445fb8f4d70b71b0ca03df corporate/3.0/SRPMS/pcre-4.5-3.4.C30mdk.src.rpm

Multi Network Firewall 2.0:
234f4af314478d52e438785b3350f3d8 mnf/2.0/i586/libpcre0-4.5-3.4.M20mdk.i586.rpm
0bb7eab034f55e8d7704ef043646ea0a mnf/2.0/i586/libpcre0-devel-4.5-3.4.M20mdk.i586.rpm
8056c796cfe2fd4d51e25df9beb075da mnf/2.0/i586/pcre-4.5-3.4.M20mdk.i586.rpm
2d87fce9af8d81c91d86dc81c4fff97b mnf/2.0/SRPMS/pcre-4.5-3.4.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHomkzmqjQ0CJFipgRAjacAKDAL0SNJp1Q6+mDzeljVZuEVjvgfgCfV3GQ
J636Bfy0MTNt3vNvEtVwXaQ=
=oABM
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close