FrSIRT - Mandriva Security Update Fixes PCRE Code Execution Vulnerabilities / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Mandriva Security Update Fixes PCRE Code Execution Vulnerabilities

Title : Mandriva Security Update Fixes PCRE Code Execution Vulnerabilities
Advisory ID : FrSIRT/ADV-2008-0378
CVE ID : CVE-2005-4872 - CVE-2006-7225 - CVE-2006-7226 - CVE-2006-7227 - CVE-2006-7228 - CVE-2006-7230 - CVE-2007-1659
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-02-01

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Multiple vulnerabilities have been identified in Mandriva, which could be exploited by attackers to cause a denial of service or compromise a vulnerable system [...]

Solution

Upgrade the affected packages :

Corporate 3.0:
6af12132e0e932020ca394cdcf3d3a06 corporate/3.0/i586/libpcre0-4.5-3.4.C30mdk.i586.rpm
dd9afe15698e99b37f934783762e366d corporate/3.0/i586/libpcre0-devel-4.5-3.4.C30mdk.i586.rpm
278b07fa59e68bdc1a50a117c48d1d31 corporate/3.0/i586/pcre-4.5-3.4.C30mdk.i586.rpm
c8c3d5ccea445fb8f4d70b71b0ca03df corporate/3.0/SRPMS/pcre-4.5-3.4.C30mdk.src.rpm
Corporate 3.0/X86_64:
a891898c4b21b2088f02ca0f6b769cf0 corporate/3.0/x86_64/lib64pcre0-4.5-3.4.C30mdk.x86_64.rpm
4119de7999c3dc01965b3a285839262c corporate/3.0/x86_64/lib64pcre0-devel-4.5-3.4.C30mdk.x86_64.rpm
060b66751095a700fe6cc121a423a6f1 corporate/3.0/x86_64/pcre-4.5-3.4.C30mdk.x86_64.rpm
c8c3d5ccea445fb8f4d70b71b0ca03df corporate/3.0/SRPMS/pcre-4.5-3.4.C30mdk.src.rpm
Multi Network Firewall 2.0:
234f4af314478d52e438785b3350f3d8 mnf/2.0/i586/libpcre0-4.5-3.4.M20mdk.i586.rpm
0bb7eab034f55e8d7704ef043646ea0a mnf/2.0/i586/libpcre0-devel-4.5-3.4.M20mdk.i586.rpm
8056c796cfe2fd4d51e25df9beb075da mnf/2.0/i586/pcre-4.5-3.4.M20mdk.i586.rpm
2d87fce9af8d81c91d86dc81c4fff97b mnf/2.0/SRPMS/pcre-4.5-3.4.M20mdk.src.rpm

ChangeLog

2008-02-01 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Apple TV Multiple File Processing Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone Code Execution and Security Bypass Vulnerabilities
	Apple QuickTime Multiple Remote Code Execution Vulnerabilities
	Apple iTunes Driver Integer Overflow Privilege Escalation Vulnerability
	Apple iPod touch Code Execution and Security Bypass Vulnerabilities
	Apple Bonjour for Windows DNS Spoofing and DoS Vulnerabilities

	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

	Microsoft Windows Vista "WRITE_ANDX" Denial of Service Vulnerability
	Microsoft Office OneNote URL Code Execution (MS08-055)
	Microsoft GDI+ Multiple Code Execution Vulnerabilities (MS08-052)
	Microsoft Visual Studio "Msmask32" Code Execution Vulnerability
	Microsoft PowerPoint Command Execution Vulnerabilities (MS08-051)
	Microsoft Windows Messenger Data Disclosure (MS08-050)
	Microsoft Windows Event System Code Execution (MS08-049)