Ubuntu alert USN-547-1 (pcre3)
| From: | Kees Cook <kees@ubuntu.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-547-1] PCRE vulnerabilities | |
| Date: | Mon, 26 Nov 2007 18:58:12 -0800 | |
| Message-ID: | <20071127025812.GQ8789@outflux.net> | |
| Cc: | full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com |
=========================================================== Ubuntu Security Notice USN-547-1 November 27, 2007 pcre3 vulnerabilities CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662, CVE-2007-4766, CVE-2007-4767, CVE-2007-4768 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libpcre3 7.4-0ubuntu0.6.06.1 libpcrecpp0 7.4-0ubuntu0.6.06.1 Ubuntu 6.10: libpcre3 7.4-0ubuntu0.6.10.1 libpcrecpp0 7.4-0ubuntu0.6.10.1 Ubuntu 7.04: libpcre3 7.4-0ubuntu0.7.04.1 libpcrecpp0 7.4-0ubuntu0.7.04.1 Ubuntu 7.10: libpcre3 7.4-0ubuntu0.7.10.1 libpcrecpp0 7.4-0ubuntu0.7.10.1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Due to the large internal code changes needed to solve outstanding flaws, it was not possible to backport all the upstream security fixes to the earlier released versions. To address this, the pcre3 library has been updated to the latest stable release (7.4), which includes fixes for all known security issues. While the new version is ABI compatible, efforts have been taken to maintain behavioral compatibility with the earlier versions. Details follow: Tavis Ormandy and Will Drewry discovered multiple flaws in the regular expression handling of PCRE. By tricking a user or service into running specially crafted expressions via applications linked against libpcre3, a remote attacker could crash the application, monopolize CPU resources, or possibly execute arbitrary code with the application's privileges. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3... Size/MD5: 79804 404e9d3c5f0f13a5bac7fa99115ad1af http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3... Size/MD5: 619 feb0f718df6ff5f42f1895bcbe6e6c16 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3... Size/MD5: 1106897 de886b22cddc8eaf620a421d3041ee0b Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/p... Size/MD5: 774 d68b2ef645092b61be193deb856461a0 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 254754 2c35de5f62db0cf07fcc4e4483b42657 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 198544 055a4358bcc65f14a2fddb08611dc0e0 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 90168 7aeacbfc73aba347bb511b7f2ebeee8c http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/p... Size/MD5: 20352 d3ba33a855fd3a0d9895961060ab1735 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 246392 a7111664cb51a414274b41890a25b630 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 194018 33151d8814634d20f04c4de74d6dcb3d http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 88470 0111206d9aa5bbe0e835ee435ba10d3d http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/p... Size/MD5: 18962 2fed65e4956b2869abc8c9ebe13ad9f1 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 258570 877b0f07892df6842ab89465e5dba187 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 199696 88816572a1f48b2ef8ed06f68b8e9a58 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 91244 f7a0b07960c7500b62460ea3be67c0bf http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/p... Size/MD5: 21374 57f2b2873049bec20bef050cde9c95d5 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 250178 bb538eda8d6d2c5e7ed9fa1b51758406 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 196584 55c303aa170dd4ed99b784358ff561f2 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 87906 e4058b0e057b0c53df801b72b9d4ed73 http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/p... Size/MD5: 19578 0218527dd1c7b255c63e441314ccc543 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3... Size/MD5: 80152 b83de951145b011f6b75b6d8245ddfa4 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3... Size/MD5: 612 92ec1632360396bafc811a451b22902b http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3... Size/MD5: 1106897 de886b22cddc8eaf620a421d3041ee0b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 255118 c399294a293b8f331eab5f0c0e483e30 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 198426 3119610ea2b3f9959e05e116f2f91a52 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 90958 d2dbb7110d1ce0e25b645fe8a36e0050 http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/p... Size/MD5: 20378 d42439c81168ec115ae716be8da7de04 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 250882 1c54985f4186baaf1ad01508ab663d27 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 197528 e684e4dc19bad714f1bdf8f981588025 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 89840 67205ab0d2a704c8cd258bbef2ff2e80 http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/p... Size/MD5: 19446 aa0b6b900a7c8492b69d7a80f225d0f7 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 257610 3b688ce661ccda74848f9c41a4471ea2 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 198242 2dac5f37646c7ff62ffc25131e4856ea http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 91980 0c57a6930cc2d50c22ab628af10a36f0 http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/p... Size/MD5: 21508 be9eb52bcc5329ec904940f92e6c81df sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 252264 e26ebabb3058da2f267a0ccef529b6f4 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 198786 3fa031be365964d34fcd50c5d0dcdd84 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 88754 6a5bac9777fa5d70697c60f35d6dab3b http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/p... Size/MD5: 20026 73d13963312cee1e0b3335a8bf71e160 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3... Size/MD5: 80014 4044f7dfba605b537fef90b7a18539e6 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3... Size/MD5: 696 d406e3d25e9ab03e01d53c793df000bc http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3... Size/MD5: 1106897 de886b22cddc8eaf620a421d3041ee0b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 255118 9516332360443e3a01614211be382b0e http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 198870 395b0a95be52882cf30893368eeb6909 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 91452 e5935ccd7c7ce3e9a4c1ce2001dc36b2 http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/p... Size/MD5: 20464 af243aaa50a5501cce0f200e8a0c7750 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 250856 bb7f5405cfc95892c399bc898b8c86c0 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 197928 3c68a3a2e4989c1d74fd85919de4bcc9 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 91100 6ae343ec05a9857b04f92aa724f843ad http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/p... Size/MD5: 19534 c0f4ffd9a29c6890122a70fb8267c6c0 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 257568 7896530f0615dd4c680d4d03f75ba576 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 201742 2f4a75504ff4d87b28576238a8958198 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 94300 60068d42904cdb54e6f6a5115592cf3b http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/p... Size/MD5: 22686 4100af5f9edaf66efe2727ff06bc51d8 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 252112 d059e10ad36241a1d5a9a508ec735fe0 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 199448 3c5b576388d7d2844bcc54c348a4101d http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 89960 abb894a69d08221a90056996187b49f8 http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/p... Size/MD5: 20404 3c4d38c9d2221f5b222c996e2d29102c Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3... Size/MD5: 10689 6365e91923f762cb60c0f4f28b8d0460 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3... Size/MD5: 696 b090e57fbe0322b2f41bcc71f948fd7f http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/pcre3... Size/MD5: 1106897 de886b22cddc8eaf620a421d3041ee0b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 255484 d898fba576450cd6ab06a7847fdb6649 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 205306 5b55120ebc3d99bcbe5a6f88ee18cbba http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 91228 c7c5be0cc3beb749681dbe8bfefc5dd6 http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/p... Size/MD5: 20420 f78aba0fafcd102df0514c7db36d77dc i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 251024 e9c2c5baff1728f9935bf391dbee6dca http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 204256 a5e225e3278e383eabcaa2cec8713161 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 90914 0c99fd00bec685fa89f75cb852903b78 http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/p... Size/MD5: 19482 2032fe8a6dd6a02a4c2c5d9df052c52f powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 257600 2eecf3225a0182b2895c5bd10de2df89 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 208024 e6ea026dd56cd613e13b5028fb49d998 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 94210 0ee006a42190a404c8d59b3cfd4fffec http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/p... Size/MD5: 22656 34ed68af2083e1516cf508c906504705 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 252250 d38d41d35e77b30acaa020deb3398c10 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 205744 b138bf8b4b4f3c89d9f903fbe52f8149 http://security.ubuntu.com/ubuntu/pool/main/p/pcre3/libpc... Size/MD5: 89800 2088854f7c82f267c8e4c40e481109cf http://security.ubuntu.com/ubuntu/pool/universe/p/pcre3/p... Size/MD5: 20364 c6453310b30d9847336b8c092c510138 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...