Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1602-1] New pcre3 packages fix arbitrary code execution

From Florian Weimer@1:229/2 to All on Sat Jul 5 14:50:14 2008

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1602-1 [email protected] http://www.debian.org/security/ Florian Weimer
July 05, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : pcre3
Vulnerability : buffer overflow
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-2371

Tavis Ormandy discovered that PCRE, the Perl-Compatible Regular
Expression library, may encounter a heap overflow condition when
compiling certain regular expressions involving in-pattern options and branches, potentially leading to arbitrary code execution.

For the stable distribution (etch), this problem has been fixed in
version 6.7+7.4-4.

For the unstable distribution (sid), this problem has been fixed soon.

We recommend that you upgrade your pcre3 packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-4.dsc
Size/MD5 checksum: 888 9ef88cd7ab592b3799211018f8d20f63
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-4.diff.gz
Size/MD5 checksum: 83574 2d9686b5b3a5480aa528bd89cdea12a6
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4.orig.tar.gz
Size/MD5 checksum: 1106897 de886b22cddc8eaf620a421d3041ee0b

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_alpha.deb
Size/MD5 checksum: 21038 72545720bee988d70381cf56ac08ab3e
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_alpha.deb
Size/MD5 checksum: 91302 039876d52014e88686119445734f6ec7
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_alpha.deb
Size/MD5 checksum: 264154 19f60bc08e3f2a5d8ca305851f44ef55
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_alpha.deb
Size/MD5 checksum: 209168 f19f07f81f4b9259c7b061faf7d9fc7c

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_amd64.deb
Size/MD5 checksum: 89984 c92634b92f00d7f41991d58d3ad690bc
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_amd64.deb
Size/MD5 checksum: 198552 2760ab9ccf2cdf8b7fec89e4068feba7
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_amd64.deb
Size/MD5 checksum: 250032 68f3c4360bc41358bb97f546bcb0e3ce
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_amd64.deb
Size/MD5 checksum: 20150 9bed90914b31ea7f11810c3b99d5b5c6

arm architecture (ARM)

http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_arm.deb
Size/MD5 checksum: 88966 41f8ee2780754174274009055c952079
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_arm.deb
Size/MD5 checksum: 19920 f10b8d7a5c6366136813af67d0a8b7ff
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_arm.deb
Size/MD5 checksum: 243970 8becd101006adf3dfca88607c07d3086
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_arm.deb
Size/MD5 checksum: 198322 b2c55ac5d7a2be62c5b5e8cb6d0c48f2

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_hppa.deb
Size/MD5 checksum: 92266 b9236279f24acead3acfed524d87d1bd
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_hppa.deb
Size/MD5 checksum: 255722 f0a3084a3683ece8f0c10ffd937ef252
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_hppa.deb
Size/MD5 checksum: 202446 5e552d19b502810cf640eb8c11776736
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_hppa.deb
Size/MD5 checksum: 20726 aa317ebe8c30e18966b3786acc1398b9

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_i386.deb
Size/MD5 checksum: 89862 60a49383c76120d08e4d300564b659db
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_i386.deb
Size/MD5 checksum: 246934 b20ff56ba4289860f1d09a75abfa3505
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_i386.deb
Size/MD5 checksum: 19348 dcded2ff2a56d461e522ac11647ab4f2
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_i386.deb
Size/MD5 checksum: 196894 30a9803ec2c737702228c88b121d1544

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_ia64.deb
Size/MD5 checksum: 230688 264ad5d5665e602b2f692b899fd0a5e9
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_ia64.deb
Size/MD5 checksum: 25658 538af9aabca0427844e955f028c050e4
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_ia64.deb
Size/MD5 checksum: 280674 e4d8e19abeed7202102e94597c4798e8
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_ia64.deb
Size/MD5 checksum: 93858 c6cf88e6acf726bd4179658e0f2bbe9e

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_mips.deb
Size/MD5 checksum: 198430 ac574108ba4f6ae4b70179b7d6b5d7c9
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_mips.deb
Size/MD5 checksum: 253526 77b402e25c797abf1f7557e106326667
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_mips.deb
Size/MD5 checksum: 90538 e1671c5b76cca0256a8d41b8f9e419e3
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_mips.deb
Size/MD5 checksum: 20424 766ce624fa24e42d04b53511e1cbed21

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Fri Jun 5 17:52:51 2026
  from Sheboygan, Wi via Telnet
- Gwylbert
  Fri Jun 5 06:28:52 2026
  from Sydney, Nsw via Telnet
- Centurion
  Thu Jun 4 23:42:23 2026
  from Berea, Ohio via Telnet
- Michal Wronka
  Thu Jun 4 23:19:58 2026
  from Wroclaw, Poland via Telnet
- Michal Wronka
  Thu Jun 4 23:17:20 2026
  from Wroclaw, Poland via SSH

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	146:01:10
Calls:	12,089
Calls today:	2
Files:	15,000
Messages:	6,517,500

[SECURITY] [DSA 1602-1] New pcre3 packages fix arbitrary code execution

Who's Online

Recent Visitors

System Info