FrSIRT - Mandriva Security Update Fixes PCRE Code Execution and DoS Issues / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Mandriva Security Update Fixes PCRE Code Execution and DoS Issues

Title : Mandriva Security Update Fixes PCRE Code Execution and DoS Issues
Advisory ID : FrSIRT/ADV-2007-3807
CVE ID : CVE-2007-1659 - CVE-2007-1660 - CVE-2007-1661 - CVE-2007-1662 - CVE-2007-4766 - CVE-2007-4767 - CVE-2007-4768
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-11-09

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Multiple vulnerabilities have been identified in various Mandriva products, which could be exploited by attackers to cause a denial of service or compromise a vulnerable system [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2007.1:
e3eadb5dc3ae91ffc735a0021bb4c3b8 2007.1/i586/libpcre-devel-7.3-0.1mdv2007.1.i586.rpm
8eee92b33ed6f6be95cae33249242dfa 2007.1/i586/libpcre0-7.3-0.1mdv2007.1.i586.rpm
42e1ac0e8188b5f142e645c1ff6bb44d 2007.1/i586/pcre-7.3-0.1mdv2007.1.i586.rpm
a03dca7708aa437655a393b0fe66f3c0 2007.1/SRPMS/pcre-7.3-0.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
370f8de2c9166883cbbcb2968b0575ec 2007.1/x86_64/lib64pcre-devel-7.3-0.1mdv2007.1.x86_64.rpm
306b2a144a25e1025d4ed02f3878b9dc 2007.1/x86_64/lib64pcre0-7.3-0.1mdv2007.1.x86_64.rpm
29b00561151987446eaaa3f0aaac5684 2007.1/x86_64/pcre-7.3-0.1mdv2007.1.x86_64.rpm
a03dca7708aa437655a393b0fe66f3c0 2007.1/SRPMS/pcre-7.3-0.1mdv2007.1.src.rpm

Mandriva Linux 2007.0:
166533543e7c7f130755e08336355d97 2007.0/i586/libpcre0-6.7-1.1mdv2007.0.i586.rpm
3d3f5edda4e2159a591e8ef22739b13d 2007.0/i586/libpcre0-devel-6.7-1.1mdv2007.0.i586.rpm
2ad8c340a26577af98a6c7fa96c7b2d9 2007.0/i586/pcre-6.7-1.1mdv2007.0.i586.rpm
1fdb2c30cbd09d68c4d20e1f40bcba5c 2007.0/SRPMS/pcre-6.7-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
1921703d5c8b1ff38d1fb7469732d8ad 2007.0/x86_64/lib64pcre0-6.7-1.1mdv2007.0.x86_64.rpm
dc0cf67b5645ca403122812762d2ca54 2007.0/x86_64/lib64pcre0-devel-6.7-1.1mdv2007.0.x86_64.rpm
75dbb4d4f6bd9085dfccbd5790ae0343 2007.0/x86_64/pcre-6.7-1.1mdv2007.0.x86_64.rpm
1fdb2c30cbd09d68c4d20e1f40bcba5c 2007.0/SRPMS/pcre-6.7-1.1mdv2007.0.src.rpm

Corporate 4.0:
ba12ba7238d88fec44fb702bcdbe4cb0 corporate/4.0/i586/libpcre0-6.7-0.1.20060mlcs4.i586.rpm
34a669bb27edf8b8bdcebeddc94ceb4d corporate/4.0/i586/libpcre0-devel-6.7-0.1.20060mlcs4.i586.rpm
0d3f9066239f33405b664316778cc200 corporate/4.0/i586/pcre-6.7-0.1.20060mlcs4.i586.rpm
ee7986f4e8a40f0aa2bb7b5fbd606075 corporate/4.0/SRPMS/pcre-6.7-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
088fd86d1ba855e862b9b440eacf02a9 corporate/4.0/x86_64/lib64pcre0-6.7-0.1.20060mlcs4.x86_64.rpm
3a5513aefbd36970a5d3bd424437d185 corporate/4.0/x86_64/lib64pcre0-devel-6.7-0.1.20060mlcs4.x86_64.rpm
89180e167111259d4e936d98307f7b99 corporate/4.0/x86_64/pcre-6.7-0.1.20060mlcs4.x86_64.rpm
ee7986f4e8a40f0aa2bb7b5fbd606075 corporate/4.0/SRPMS/pcre-6.7-0.1.20060mlcs4.src.rpm

Corporate 3.0:
57b739d648b3275ba324b5a750957ba9 corporate/3.0/i586/libpcre0-4.5-3.3.C30mdk.i586.rpm
da82fad320119b00efa6bb83b1810082 corporate/3.0/i586/libpcre0-devel-4.5-3.3.C30mdk.i586.rpm
8cb6df836593873e5fd7241aa1679074 corporate/3.0/i586/pcre-4.5-3.3.C30mdk.i586.rpm
322343a7725c11057867f7429756c0b3 corporate/3.0/SRPMS/pcre-4.5-3.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
fa619796fcc22c8382cf78eaaa148fe3 corporate/3.0/x86_64/lib64pcre0-4.5-3.3.C30mdk.x86_64.rpm
16ccef41fec0fdd8f689f0a12a972b95 corporate/3.0/x86_64/lib64pcre0-devel-4.5-3.3.C30mdk.x86_64.rpm
a68e6022055db4b8a6a75e63be9a25ab corporate/3.0/x86_64/pcre-4.5-3.3.C30mdk.x86_64.rpm
322343a7725c11057867f7429756c0b3 corporate/3.0/SRPMS/pcre-4.5-3.3.C30mdk.src.rpm

Multi Network Firewall 2.0:
0e82f7c01d7bc9638e1781c8414ef2af mnf/2.0/i586/libpcre0-4.5-3.3.M20mdk.i586.rpm
a48801a48260e2871060aa39e779d95c mnf/2.0/i586/libpcre0-devel-4.5-3.3.M20mdk.i586.rpm
701a739d0a561071cb0f9b1cf8bc3022 mnf/2.0/i586/pcre-4.5-3.3.M20mdk.i586.rpm
ed88dab837784cd2f9fae85ddae4c155 mnf/2.0/SRPMS/pcre-4.5-3.3.M20mdk.src.rpm

ChangeLog

2007-11-09 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Sun Solaris System Management Agent Buffer Overflow Vulnerability
	Sun Update Fixes Mozilla Thunderbird Multiple Vulnerabilities
	Sun Java JDK and JRE Code Execution and Security Bypass Issues
	Sun Solaris DNS Protocol Remote Cache Poisoning Vulnerability
	Sun Solaris Tomcat JSP/Servlet Container Multiple Vulnerabilities
	Sun Java System Access Manager XSLT Code Execution Vulnerability
	Sun Solaris 10 Adobe Reader Multiple Code Execution Vulnerabilities

	IBM WebSphere Application Server Security Exposure Vulnerabilities
	IBM AIX DNS Transaction ID Remote Cache Poisoning Vulnerability
	IBM Tivoli Directory Server Entry Handling Double-Free Vulnerability
	IBM AFP Viewer Plug-In "SRC" Property Buffer Overflow Vulnerability
	IBM Hardware Management Console Cross Site Scripting Vulnerabilities
	IBM OS/400 BrSmRcvAndCheck Local Buffer Overflow Vulnerability
	IBM DB2 Multiple Buffer Overflow and Security Bypass Vulnerabilities

	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues
	Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues