what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2008-147

Mandriva Linux Security Advisory 2008-147
Posted Jul 16, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Tavis Ormandy of the Google Security Team discovered a heap-based buffer overflow when compiling certain regular expression patterns. This could be used by a malicious attacker by sending a specially crafted regular expression to an application using the PCRE library, resulting in the possible execution of arbitrary code or a denial of service. The updated packages have been patched to correct this issue.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2008-2371
SHA-256 | 90af6b4f2837c16c44dd246b1175a40dd0effece45f132077dde70f78db33eca

Mandriva Linux Security Advisory 2008-147

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:147
http://www.mandriva.com/security/
_______________________________________________________________________

Package : pcre
Date : July 15, 2008
Affected: 2007.1, 2008.0, 2008.1
_______________________________________________________________________

Problem Description:

Tavis Ormandy of the Google Security Team discovered a heap-based
buffer overflow when compiling certain regular expression patterns.
This could be used by a malicious attacker by sending a specially
crafted regular expression to an application using the PCRE library,
resulting in the possible execution of arbitrary code or a denial of
service (CVE-2008-2371).

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2371
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.1:
a3e3934cb41d04b4a15a3e50d884abbc 2007.1/i586/libpcre0-7.3-0.3mdv2007.1.i586.rpm
fca86a5adfb2c972f4adb2b99990f3a8 2007.1/i586/libpcre-devel-7.3-0.3mdv2007.1.i586.rpm
7d81a63b51aea4b3d3385ac5d03f9d69 2007.1/i586/pcre-7.3-0.3mdv2007.1.i586.rpm
c258d42150bf39a9f4175b9d17a336cd 2007.1/SRPMS/pcre-7.3-0.3mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
af61b2559878c624ec2c8f293e221fd8 2007.1/x86_64/lib64pcre0-7.3-0.3mdv2007.1.x86_64.rpm
8be415d8476a87a8994e84db6188395d 2007.1/x86_64/lib64pcre-devel-7.3-0.3mdv2007.1.x86_64.rpm
4d9fd3c6fbbda0e7e2c6bac3c865ec8d 2007.1/x86_64/pcre-7.3-0.3mdv2007.1.x86_64.rpm
c258d42150bf39a9f4175b9d17a336cd 2007.1/SRPMS/pcre-7.3-0.3mdv2007.1.src.rpm

Mandriva Linux 2008.0:
1c21e71318e14c7362eb673f3d4d4a7e 2008.0/i586/libpcre0-7.3-1.2mdv2008.0.i586.rpm
d36505e192f28cfd9f4242df50c0e1d1 2008.0/i586/libpcre-devel-7.3-1.2mdv2008.0.i586.rpm
9ae42fd97fa6dbb0834eae3fe80186fc 2008.0/i586/pcre-7.3-1.2mdv2008.0.i586.rpm
3aed84571823dcc78347c5578de8c3ab 2008.0/SRPMS/pcre-7.3-1.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
622f55bf529e5c2a657d871a7e1b45d6 2008.0/x86_64/lib64pcre0-7.3-1.2mdv2008.0.x86_64.rpm
115746711305143d1be0025478bfccfe 2008.0/x86_64/lib64pcre-devel-7.3-1.2mdv2008.0.x86_64.rpm
c5eced7185fa66c92753d0e54078fa3a 2008.0/x86_64/pcre-7.3-1.2mdv2008.0.x86_64.rpm
3aed84571823dcc78347c5578de8c3ab 2008.0/SRPMS/pcre-7.3-1.2mdv2008.0.src.rpm

Mandriva Linux 2008.1:
45e7f158494fe2f9cd2b3be3dc4f9c30 2008.1/i586/libpcre0-7.6-2.1mdv2008.1.i586.rpm
64a7ebd228c824f0eeabfc1de2f3af8f 2008.1/i586/libpcre-devel-7.6-2.1mdv2008.1.i586.rpm
0637ebeb63a52ff1c6675e6a185aed54 2008.1/i586/pcre-7.6-2.1mdv2008.1.i586.rpm
aa16262a74bf569d8184328334bb480c 2008.1/SRPMS/pcre-7.6-2.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
4180d16683a363b7d912bd9af780e4fc 2008.1/x86_64/lib64pcre0-7.6-2.1mdv2008.1.x86_64.rpm
5cc4e7a0297942f840c000d52b44e93a 2008.1/x86_64/lib64pcre-devel-7.6-2.1mdv2008.1.x86_64.rpm
70251c4bcaf5847c0c4ff6e534bc30cf 2008.1/x86_64/pcre-7.6-2.1mdv2008.1.x86_64.rpm
aa16262a74bf569d8184328334bb480c 2008.1/SRPMS/pcre-7.6-2.1mdv2008.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIfXGJmqjQ0CJFipgRAs2wAKCXtpSXuT5R1ykcw2vssAlx4yqroACg50Cj
dkdyyca6+h6yUMN/1/J4f4Q=
=lc00
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close