FrSIRT - Mandriva Security Update Fixes PCRE Code Execution and DoS Issues / Exploit

French Security Incident Response Team

Français

English

Mandriva Security Update Fixes PCRE Code Execution and DoS Issues

Date de Publication : 2007-11-09 © FrSIRT.COM
Titre : Mandriva Security Update Fixes PCRE Code Execution and DoS Issues
Identifiant : FrSIRT/AVIS-2007-3807
CVE ID : CVE-2007-1659 - CVE-2007-1660 - CVE-2007-1661 - CVE-2007-1662 - CVE-2007-4766 - CVE-2007-4767 - CVE-2007-4768
Risque : Modéré (2/4) -

Exploitable à distance : Oui
Exploitable en local : Oui

En savoir plus

Description

Produits affectés

Solution

Références

Description Technique

Plusieurs vulnérabilités ont été identifiées dans différents produits Mandriva, elles pourraient être exploitées par des attaquants afin de causer un déni de service ou compromettre un système vulnérable [...]

Solution

Installer les mises à jour :

Mandriva Linux 2007.1:
e3eadb5dc3ae91ffc735a0021bb4c3b8 2007.1/i586/libpcre-devel-7.3-0.1mdv2007.1.i586.rpm
8eee92b33ed6f6be95cae33249242dfa 2007.1/i586/libpcre0-7.3-0.1mdv2007.1.i586.rpm
42e1ac0e8188b5f142e645c1ff6bb44d 2007.1/i586/pcre-7.3-0.1mdv2007.1.i586.rpm
a03dca7708aa437655a393b0fe66f3c0 2007.1/SRPMS/pcre-7.3-0.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
370f8de2c9166883cbbcb2968b0575ec 2007.1/x86_64/lib64pcre-devel-7.3-0.1mdv2007.1.x86_64.rpm
306b2a144a25e1025d4ed02f3878b9dc 2007.1/x86_64/lib64pcre0-7.3-0.1mdv2007.1.x86_64.rpm
29b00561151987446eaaa3f0aaac5684 2007.1/x86_64/pcre-7.3-0.1mdv2007.1.x86_64.rpm
a03dca7708aa437655a393b0fe66f3c0 2007.1/SRPMS/pcre-7.3-0.1mdv2007.1.src.rpm

Mandriva Linux 2007.0:
166533543e7c7f130755e08336355d97 2007.0/i586/libpcre0-6.7-1.1mdv2007.0.i586.rpm
3d3f5edda4e2159a591e8ef22739b13d 2007.0/i586/libpcre0-devel-6.7-1.1mdv2007.0.i586.rpm
2ad8c340a26577af98a6c7fa96c7b2d9 2007.0/i586/pcre-6.7-1.1mdv2007.0.i586.rpm
1fdb2c30cbd09d68c4d20e1f40bcba5c 2007.0/SRPMS/pcre-6.7-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
1921703d5c8b1ff38d1fb7469732d8ad 2007.0/x86_64/lib64pcre0-6.7-1.1mdv2007.0.x86_64.rpm
dc0cf67b5645ca403122812762d2ca54 2007.0/x86_64/lib64pcre0-devel-6.7-1.1mdv2007.0.x86_64.rpm
75dbb4d4f6bd9085dfccbd5790ae0343 2007.0/x86_64/pcre-6.7-1.1mdv2007.0.x86_64.rpm
1fdb2c30cbd09d68c4d20e1f40bcba5c 2007.0/SRPMS/pcre-6.7-1.1mdv2007.0.src.rpm

Corporate 4.0:
ba12ba7238d88fec44fb702bcdbe4cb0 corporate/4.0/i586/libpcre0-6.7-0.1.20060mlcs4.i586.rpm
34a669bb27edf8b8bdcebeddc94ceb4d corporate/4.0/i586/libpcre0-devel-6.7-0.1.20060mlcs4.i586.rpm
0d3f9066239f33405b664316778cc200 corporate/4.0/i586/pcre-6.7-0.1.20060mlcs4.i586.rpm
ee7986f4e8a40f0aa2bb7b5fbd606075 corporate/4.0/SRPMS/pcre-6.7-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
088fd86d1ba855e862b9b440eacf02a9 corporate/4.0/x86_64/lib64pcre0-6.7-0.1.20060mlcs4.x86_64.rpm
3a5513aefbd36970a5d3bd424437d185 corporate/4.0/x86_64/lib64pcre0-devel-6.7-0.1.20060mlcs4.x86_64.rpm
89180e167111259d4e936d98307f7b99 corporate/4.0/x86_64/pcre-6.7-0.1.20060mlcs4.x86_64.rpm
ee7986f4e8a40f0aa2bb7b5fbd606075 corporate/4.0/SRPMS/pcre-6.7-0.1.20060mlcs4.src.rpm

Corporate 3.0:
57b739d648b3275ba324b5a750957ba9 corporate/3.0/i586/libpcre0-4.5-3.3.C30mdk.i586.rpm
da82fad320119b00efa6bb83b1810082 corporate/3.0/i586/libpcre0-devel-4.5-3.3.C30mdk.i586.rpm
8cb6df836593873e5fd7241aa1679074 corporate/3.0/i586/pcre-4.5-3.3.C30mdk.i586.rpm
322343a7725c11057867f7429756c0b3 corporate/3.0/SRPMS/pcre-4.5-3.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
fa619796fcc22c8382cf78eaaa148fe3 corporate/3.0/x86_64/lib64pcre0-4.5-3.3.C30mdk.x86_64.rpm
16ccef41fec0fdd8f689f0a12a972b95 corporate/3.0/x86_64/lib64pcre0-devel-4.5-3.3.C30mdk.x86_64.rpm
a68e6022055db4b8a6a75e63be9a25ab corporate/3.0/x86_64/pcre-4.5-3.3.C30mdk.x86_64.rpm
322343a7725c11057867f7429756c0b3 corporate/3.0/SRPMS/pcre-4.5-3.3.C30mdk.src.rpm

Multi Network Firewall 2.0:
0e82f7c01d7bc9638e1781c8414ef2af mnf/2.0/i586/libpcre0-4.5-3.3.M20mdk.i586.rpm
a48801a48260e2871060aa39e779d95c mnf/2.0/i586/libpcre0-devel-4.5-3.3.M20mdk.i586.rpm
701a739d0a561071cb0f9b1cf8bc3022 mnf/2.0/i586/pcre-4.5-3.3.M20mdk.i586.rpm
ed88dab837784cd2f9fae85ddae4c155 mnf/2.0/SRPMS/pcre-4.5-3.3.M20mdk.src.rpm

Historique

2007-11-09 : Version Initiale

Recevez les bulletins FrSIRT

Le service FrSIRT VNS permet aux professionnels de la sécurité (RSSI, DSI, administrateurs et consultants) de recevoir en temps-réel, par email, SMS et flux RSS/XML, des bulletins de vulnérabilités complets, détaillés et personnalisés.

Recherche

Newsletter

	Sun Solaris Covert Channel Local Security Bypass Vulnerability
	Sun Solaris NFS RPC Zone Denial of Service Vulnerability
	Sun Solaris NFS Kernel Module Local Denial of Service Vulnerability
	Sun Solaris NFSv4 Client Kernel Module Denial of Service Vulnerability
	Sun Java System Portal Server Cross Site Scripting Vulnerability
	Sun rdesktop Code Execution and Denial of Service
	Sun Java System Web Proxy Server Denial of Service Vulnerability

	IBM AIX "swcons" Insecure Permission Privilege Escalation Vulnerability
	IBM WebSphere Application Server Cross Site Scripting Vulnerability
	IBM DB2 CLR Stored Procedures Unspecified Vulnerability
	IBM Lotus Quickr Multiple Cross Site Scripting Vulnerabilities
	IBM WebSphere Portal Remote Authentication Bypass Vulnerability
	IBM Rational ClearQuest Login Page Cross Site Scripting Vulnerability
	IBM WebSphere Application Server Security Exposure Vulnerabilities

	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution Vulnerabilities
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues
	Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues