Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59646
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-547-1 (pcre3)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to pcre3
announced via advisory USN-547-1.

CVE-2007-4766, CVE-2007-4767, CVE-2007-4768
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libpcre3 7.4-0ubuntu0.6.06.1
libpcrecpp0 7.4-0ubuntu0.6.06.1

Ubuntu 6.10:
libpcre3 7.4-0ubuntu0.6.10.1
libpcrecpp0 7.4-0ubuntu0.6.10.1

Ubuntu 7.04:
libpcre3 7.4-0ubuntu0.7.04.1
libpcrecpp0 7.4-0ubuntu0.7.04.1

Ubuntu 7.10:
libpcre3 7.4-0ubuntu0.7.10.1
libpcrecpp0 7.4-0ubuntu0.7.10.1

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Due to the large internal code changes needed to solve outstanding flaws,
it was not possible to backport all the upstream security fixes to the
earlier released versions. To address this, the pcre3 library has been
updated to the latest stable release (7.4), which includes fixes for
all known security issues. While the new version is ABI compatible,
efforts have been taken to maintain behavioral compatibility with the
earlier versions.

Details follow:

Tavis Ormandy and Will Drewry discovered multiple flaws in the regular
expression handling of PCRE. By tricking a user or service into running
specially crafted expressions via applications linked against libpcre3,
a remote attacker could crash the application, monopolize CPU resources,
or possibly execute arbitrary code with the application's privileges.





Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=USN-547-1

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-1659
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
BugTraq ID: 26346
http://www.securityfocus.com/bid/26346
Bugtraq: 20071106 rPSA-2007-0231-1 pcre (Google Search)
http://www.securityfocus.com/archive/1/483357/100/0/threaded
Bugtraq: 20071112 FLEA-2007-0064-1 pcre (Google Search)
http://www.securityfocus.com/archive/1/483579/100/0/threaded
Cert/CC Advisory: TA07-352A
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
Debian Security Information: DSA-1399 (Google Search)
http://www.debian.org/security/2007/dsa-1399
Debian Security Information: DSA-1570 (Google Search)
http://www.debian.org/security/2008/dsa-1570
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00181.html
http://security.gentoo.org/glsa/glsa-200711-30.xml
http://security.gentoo.org/glsa/glsa-200801-02.xml
http://security.gentoo.org/glsa/glsa-200801-18.xml
http://security.gentoo.org/glsa/glsa-200801-19.xml
http://security.gentoo.org/glsa/glsa-200805-11.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:211
http://www.mandriva.com/security/advisories?name=MDKSA-2007:212
http://www.mandriva.com/security/advisories?name=MDVSA-2008:030
http://bugs.gentoo.org/show_bug.cgi?id=198976
http://mail.gnome.org/archives/gtk-devel-list/2007-November/msg00022.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9725
http://www.redhat.com/support/errata/RHSA-2007-0967.html
http://www.redhat.com/support/errata/RHSA-2007-1068.html
http://securitytracker.com/id?1018895
http://secunia.com/advisories/27538
http://secunia.com/advisories/27543
http://secunia.com/advisories/27547
http://secunia.com/advisories/27554
http://secunia.com/advisories/27598
http://secunia.com/advisories/27697
http://secunia.com/advisories/27741
http://secunia.com/advisories/27773
http://secunia.com/advisories/27965
http://secunia.com/advisories/28041
http://secunia.com/advisories/28136
http://secunia.com/advisories/28406
http://secunia.com/advisories/28414
http://secunia.com/advisories/28658
http://secunia.com/advisories/28714
http://secunia.com/advisories/28720
http://secunia.com/advisories/29267
http://secunia.com/advisories/29420
http://secunia.com/advisories/30106
http://secunia.com/advisories/30155
http://secunia.com/advisories/30219
SuSE Security Announcement: SUSE-SA:2007:062 (Google Search)
http://www.novell.com/linux/security/advisories/2007_62_pcre.html
SuSE Security Announcement: SUSE-SA:2008:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
SuSE Security Announcement: SUSE-SR:2007:025 (Google Search)
http://www.novell.com/linux/security/advisories/2007_25_sr.html
https://usn.ubuntu.com/547-1/
http://www.vupen.com/english/advisories/2007/3725
http://www.vupen.com/english/advisories/2007/3790
http://www.vupen.com/english/advisories/2007/4238
http://www.vupen.com/english/advisories/2008/0924/references
XForce ISS Database: pcre-regex-code-execution(38272)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38272
Common Vulnerability Exposure (CVE) ID: CVE-2007-1660
Bugtraq: 20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus (Google Search)
http://www.securityfocus.com/archive/1/490917/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDKSA-2007:213
http://lists.vmware.com/pipermail/security-announce/2008/000014.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10562
http://www.redhat.com/support/errata/RHSA-2007-0968.html
http://www.redhat.com/support/errata/RHSA-2007-1063.html
http://www.redhat.com/support/errata/RHSA-2007-1065.html
http://www.redhat.com/support/errata/RHSA-2008-0546.html
http://secunia.com/advisories/27776
http://secunia.com/advisories/27862
http://secunia.com/advisories/29785
http://secunia.com/advisories/31124
http://www.vupen.com/english/advisories/2008/1234/references
XForce ISS Database: pcre-character-class-dos(38273)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38273
Common Vulnerability Exposure (CVE) ID: CVE-2007-1661
XForce ISS Database: pcre-nonutf8-dos(38274)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38274
Common Vulnerability Exposure (CVE) ID: CVE-2007-1662
XForce ISS Database: pcre-unmatched-dos(38275)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38275
Common Vulnerability Exposure (CVE) ID: CVE-2007-4766
XForce ISS Database: pcre-escape-sequence-overflow(38276)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38276
Common Vulnerability Exposure (CVE) ID: CVE-2007-4767
XForce ISS Database: pcre-p-sequence-bo(38277)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38277
Common Vulnerability Exposure (CVE) ID: CVE-2007-4768
Cert/CC Advisory: TA07-355A
http://www.us-cert.gov/cas/techalerts/TA07-355A.html
http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9701
http://www.redhat.com/support/errata/RHSA-2007-1126.html
http://securitytracker.com/id?1019116
http://secunia.com/advisories/28157
http://secunia.com/advisories/28161
http://secunia.com/advisories/28213
http://secunia.com/advisories/28570
http://secunia.com/advisories/30507
http://secunia.com/advisories/30840
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1
SuSE Security Announcement: SUSE-SA:2007:069 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html
http://www.vupen.com/english/advisories/2007/4258
http://www.vupen.com/english/advisories/2008/1724/references
http://www.vupen.com/english/advisories/2008/1966/references
XForce ISS Database: pcre-class-unicode-bo(38278)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38278
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.