-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:030 http://www.mandriva.com/security/ _______________________________________________________________________ Package : pcre Date : January 31, 2008 Affected: Corporate 3.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities were discovered by Tavis Ormandy and Will Drewry in the way that pcre handled certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it could lead to the execution of arbitrary code as the user running the application. Updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4872 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7225 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7227 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7230 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1659 _______________________________________________________________________ Updated Packages: Corporate 3.0: 6af12132e0e932020ca394cdcf3d3a06 corporate/3.0/i586/libpcre0-4.5-3.4.C30mdk.i586.rpm dd9afe15698e99b37f934783762e366d corporate/3.0/i586/libpcre0-devel-4.5-3.4.C30mdk.i586.rpm 278b07fa59e68bdc1a50a117c48d1d31 corporate/3.0/i586/pcre-4.5-3.4.C30mdk.i586.rpm c8c3d5ccea445fb8f4d70b71b0ca03df corporate/3.0/SRPMS/pcre-4.5-3.4.C30mdk.src.rpm Corporate 3.0/X86_64: a891898c4b21b2088f02ca0f6b769cf0 corporate/3.0/x86_64/lib64pcre0-4.5-3.4.C30mdk.x86_64.rpm 4119de7999c3dc01965b3a285839262c corporate/3.0/x86_64/lib64pcre0-devel-4.5-3.4.C30mdk.x86_64.rpm 060b66751095a700fe6cc121a423a6f1 corporate/3.0/x86_64/pcre-4.5-3.4.C30mdk.x86_64.rpm c8c3d5ccea445fb8f4d70b71b0ca03df corporate/3.0/SRPMS/pcre-4.5-3.4.C30mdk.src.rpm Multi Network Firewall 2.0: 234f4af314478d52e438785b3350f3d8 mnf/2.0/i586/libpcre0-4.5-3.4.M20mdk.i586.rpm 0bb7eab034f55e8d7704ef043646ea0a mnf/2.0/i586/libpcre0-devel-4.5-3.4.M20mdk.i586.rpm 8056c796cfe2fd4d51e25df9beb075da mnf/2.0/i586/pcre-4.5-3.4.M20mdk.i586.rpm 2d87fce9af8d81c91d86dc81c4fff97b mnf/2.0/SRPMS/pcre-4.5-3.4.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHomkzmqjQ0CJFipgRAjacAKDAL0SNJp1Q6+mDzeljVZuEVjvgfgCfV3GQ J636Bfy0MTNt3vNvEtVwXaQ= =oABM -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/