__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Perl-Compatible Regular Expression (PCRE) Security Update [Red Hat RHSA-2007:1052-4] November 12, 2007 19:00 GMT Number S-051 ______________________________________________________________________________ PROBLEM: Flaws were found in the way PCRE handles certain malformed regular expressions. PLATFORM: RHEL Desktop Workstation (v. 5 client) Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS, ES, WS (v. 4) Red Hat Enterprise Linux Desktop (v. 5 client) DAMAGE: It may be possible to run arbitrary code as the user running the application. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is LOW. If an application linked against PCRE, such as ASSESSMENT: Konqueror, parses a malicious reegular expression, it may be possible to run arbitrary code as the user running the application. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/s-051.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2007-1052.html CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2006-7224 ______________________________________________________________________________ [***** Start Red Hat RHSA-2007:1052-4 *****] Critical: pcre security update Advisory: RHSA-2007:1052-4 Type: Security Advisory Severity: Critical Issued on: 2007-11-09 Last updated on: 2007-11-09 Affected Products: RHEL Desktop Workstation (v. 5 client) Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) OVAL: com.redhat.rhsa-20071052.xml CVEs (cve.mitre.org): CVE-2006-7224 Details Updated pcre packages that correct security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Flaws were found in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parses a malicious regular expression, it may be possible to run arbitrary code as the user running the application. (CVE-2006-7224) Users of PCRE are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. Solution Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 Updated packages RHEL Desktop Workstation (v. 5 client) -------------------------------------------------------------------------------- IA-32: pcre-devel-6.6-2.el5_1.1.i386.rpm c53d0803d49bf739b59539eb5782f43f x86_64: pcre-devel-6.6-2.el5_1.1.i386.rpm c53d0803d49bf739b59539eb5782f43f pcre-devel-6.6-2.el5_1.1.x86_64.rpm cc64b53c0d0b0d4fac6429baad17fba2 Red Hat Desktop (v. 4) -------------------------------------------------------------------------------- SRPMS: pcre-4.5-4.el4_5.4.src.rpm 49236e545db29026eea3109c3fdba5ae IA-32: pcre-4.5-4.el4_5.4.i386.rpm 6c4d5d457bdcd8d9d03b1e825077f55e pcre-devel-4.5-4.el4_5.4.i386.rpm db9170f905d681c7b6a0ca283043da41 x86_64: pcre-4.5-4.el4_5.4.i386.rpm 6c4d5d457bdcd8d9d03b1e825077f55e pcre-4.5-4.el4_5.4.x86_64.rpm 1c9d0bb0a1c176950e0469d92d48748a pcre-devel-4.5-4.el4_5.4.x86_64.rpm cb6ac02502f662374d4de938aa2e19c4 Red Hat Enterprise Linux (v. 5 server) -------------------------------------------------------------------------------- SRPMS: pcre-6.6-2.el5_1.1.src.rpm 230040f3f36e5664ce5a6671334f6ddb IA-32: pcre-6.6-2.el5_1.1.i386.rpm 0bedc083211d95e89d11fbbddc07e968 pcre-devel-6.6-2.el5_1.1.i386.rpm c53d0803d49bf739b59539eb5782f43f IA-64: pcre-6.6-2.el5_1.1.ia64.rpm b7ef7d4d91f0425011c348e81140a5f3 pcre-devel-6.6-2.el5_1.1.ia64.rpm a424e60ea30261a2650124df2fe0b914 PPC: pcre-6.6-2.el5_1.1.ppc.rpm 8f903834f10271879e1a08d87987cad1 pcre-6.6-2.el5_1.1.ppc64.rpm cea8361d9d14c7fae8a57274ea02b33b pcre-devel-6.6-2.el5_1.1.ppc.rpm 3423c3eb767d485eb26e6808b2204cf1 pcre-devel-6.6-2.el5_1.1.ppc64.rpm d7b38446e64240c6d8e442552e9f5dbb s390x: pcre-6.6-2.el5_1.1.s390.rpm b06798c560af2b94f7e7b6448cdeefac pcre-6.6-2.el5_1.1.s390x.rpm bf9ec28737e79e899638a08b74f3fbf5 pcre-devel-6.6-2.el5_1.1.s390.rpm ca23b3b464e301f25229e9d5fd654909 pcre-devel-6.6-2.el5_1.1.s390x.rpm bb72d6e9246bbe645dcb9eecef9d6fe6 x86_64: pcre-6.6-2.el5_1.1.i386.rpm 0bedc083211d95e89d11fbbddc07e968 pcre-6.6-2.el5_1.1.x86_64.rpm 6ce8eee6c331ca63a39e0fe03c7fb985 pcre-devel-6.6-2.el5_1.1.i386.rpm c53d0803d49bf739b59539eb5782f43f pcre-devel-6.6-2.el5_1.1.x86_64.rpm cc64b53c0d0b0d4fac6429baad17fba2 Red Hat Enterprise Linux AS (v. 4) -------------------------------------------------------------------------------- SRPMS: pcre-4.5-4.el4_5.4.src.rpm 49236e545db29026eea3109c3fdba5ae IA-32: pcre-4.5-4.el4_5.4.i386.rpm 6c4d5d457bdcd8d9d03b1e825077f55e pcre-devel-4.5-4.el4_5.4.i386.rpm db9170f905d681c7b6a0ca283043da41 IA-64: pcre-4.5-4.el4_5.4.i386.rpm 6c4d5d457bdcd8d9d03b1e825077f55e pcre-4.5-4.el4_5.4.ia64.rpm a9f0e8482a18d5c51a736ddb1c2344b5 pcre-devel-4.5-4.el4_5.4.ia64.rpm 2027d9e67ac017b59da16034cc89177c PPC: pcre-4.5-4.el4_5.4.ppc.rpm f551684382e6beee3c585a13dd2bf652 pcre-4.5-4.el4_5.4.ppc64.rpm ecb064a62fa97b7b29d73dde82e4f7f4 pcre-devel-4.5-4.el4_5.4.ppc.rpm c24ca5e4617e57414335b82d77867906 s390: pcre-4.5-4.el4_5.4.s390.rpm 06e9196587cd01b1ff6fb6dc10247f47 pcre-devel-4.5-4.el4_5.4.s390.rpm ea0f4ca567fdddd5ef765ea13eefa98f s390x: pcre-4.5-4.el4_5.4.s390.rpm 06e9196587cd01b1ff6fb6dc10247f47 pcre-4.5-4.el4_5.4.s390x.rpm 0bc4bab9367aef27216d568059340d43 pcre-devel-4.5-4.el4_5.4.s390x.rpm 22218623a862c125c4be76ce819d9705 x86_64: pcre-4.5-4.el4_5.4.i386.rpm 6c4d5d457bdcd8d9d03b1e825077f55e pcre-4.5-4.el4_5.4.x86_64.rpm 1c9d0bb0a1c176950e0469d92d48748a pcre-devel-4.5-4.el4_5.4.x86_64.rpm cb6ac02502f662374d4de938aa2e19c4 Red Hat Enterprise Linux Desktop (v. 5 client) -------------------------------------------------------------------------------- SRPMS: pcre-6.6-2.el5_1.1.src.rpm 230040f3f36e5664ce5a6671334f6ddb IA-32: pcre-6.6-2.el5_1.1.i386.rpm 0bedc083211d95e89d11fbbddc07e968 x86_64: pcre-6.6-2.el5_1.1.i386.rpm 0bedc083211d95e89d11fbbddc07e968 pcre-6.6-2.el5_1.1.x86_64.rpm 6ce8eee6c331ca63a39e0fe03c7fb985 Red Hat Enterprise Linux ES (v. 4) -------------------------------------------------------------------------------- SRPMS: pcre-4.5-4.el4_5.4.src.rpm 49236e545db29026eea3109c3fdba5ae IA-32: pcre-4.5-4.el4_5.4.i386.rpm 6c4d5d457bdcd8d9d03b1e825077f55e pcre-devel-4.5-4.el4_5.4.i386.rpm db9170f905d681c7b6a0ca283043da41 IA-64: pcre-4.5-4.el4_5.4.i386.rpm 6c4d5d457bdcd8d9d03b1e825077f55e pcre-4.5-4.el4_5.4.ia64.rpm a9f0e8482a18d5c51a736ddb1c2344b5 pcre-devel-4.5-4.el4_5.4.ia64.rpm 2027d9e67ac017b59da16034cc89177c x86_64: pcre-4.5-4.el4_5.4.i386.rpm 6c4d5d457bdcd8d9d03b1e825077f55e pcre-4.5-4.el4_5.4.x86_64.rpm 1c9d0bb0a1c176950e0469d92d48748a pcre-devel-4.5-4.el4_5.4.x86_64.rpm cb6ac02502f662374d4de938aa2e19c4 Red Hat Enterprise Linux WS (v. 4) -------------------------------------------------------------------------------- SRPMS: pcre-4.5-4.el4_5.4.src.rpm 49236e545db29026eea3109c3fdba5ae IA-32: pcre-4.5-4.el4_5.4.i386.rpm 6c4d5d457bdcd8d9d03b1e825077f55e pcre-devel-4.5-4.el4_5.4.i386.rpm db9170f905d681c7b6a0ca283043da41 IA-64: pcre-4.5-4.el4_5.4.i386.rpm 6c4d5d457bdcd8d9d03b1e825077f55e pcre-4.5-4.el4_5.4.ia64.rpm a9f0e8482a18d5c51a736ddb1c2344b5 pcre-devel-4.5-4.el4_5.4.ia64.rpm 2027d9e67ac017b59da16034cc89177c x86_64: pcre-4.5-4.el4_5.4.i386.rpm 6c4d5d457bdcd8d9d03b1e825077f55e pcre-4.5-4.el4_5.4.x86_64.rpm 1c9d0bb0a1c176950e0469d92d48748a pcre-devel-4.5-4.el4_5.4.x86_64.rpm cb6ac02502f662374d4de938aa2e19c4 (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 373021 - CVE-2006-7224 pcre multiple integer overflows References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7224 http://www.redhat.com/security/updates/classification/#critical -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat RHSA-2007:1052-4 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) S-041: Wireshark Security Update S-042: CoolKey Security and Bug Fix Update S-043: OpenSSH Security and Bug Fix Update S-044: Apple QuickTime 7.3 Security Update S-045: OpenLDAP Security and Enhancement Update S-046: TeTeX Security Update S-047: Guidance EnCase Vulnerability S-048: phpMyAdmin Vulnerability S-049: Mozilla Firefox Vulnerability S-050: Horde3 Vulnerabilities