Debian Security Advisory 1570-1 - Andrews Salomon reported that kazehakase, a GTK+-base web browser that allows pluggable rendering engines, contained an embedded copy of the PCRE library in its source tree which was compiled in and used in preference to the system-wide version of this library. The PCRE library has been updated to fix the security issues reported against it in previous Debian Security Advisories. This update ensures that kazehakase uses that supported library, and not its own embedded and insecure version.
fa6aec9ce94db20975693f5f321e7d96c3c11fc033799147ddb53375db168dc4VMware Security Advisory - VMware has released updates for pcre, net-snmp, and OpenPegasus.
05d3cc52d406c326ff1eab9dc8daa8b27e7db3e09c7914fad3295665ea9f50daGentoo Linux Security Advisory GLSA 200802-10 - Python 2.3 includes a copy of PCRE which is vulnerable to an integer overflow vulnerability, leading to a buffer overflow. Versions less than 2.3.6-r4 are affected.
0cceec1e550e0f58c3a9e5aeb9e6f90f336ffd7038b99c7e94759627c6022e41VMware Security Advisory - This patch fixes a flaw in how the aacraid SCSI driver checked IOCTL command permissions. This flaw might allow a local user on the service console to cause a denial of service or gain privileges. Alin Rad Pop of Secunia Research found a stack buffer overflow flaw in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash or to execute arbitrary code with the permissions of the Samba server. Chris Evans of the Google security research team discovered an integer overflow issue with the way Python's Perl-Compatible Regular Expression (PCRE) module handled certain regular expressions. If a Python application used the PCRE module to compile and execute untrusted regular expressions, it might be possible to cause the application to crash, or to execute arbitrary code with the privileges of the Python interpreter.
af87f71c42e6aa0e473a56dc13773e081ca262c64e1a2f396e37c8aeff184654Mandriva Linux Security Advisory - Multiple vulnerabilities were discovered by Tavis Ormandy and Will Drewry in the way that pcre handled certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it could lead to the execution of arbitrary code as the user running the application.
6438dccbbad93fb63c20daae54da39a23d83c331dd646da101db534c1d021466Mandriva Linux Security Advisory - An integer overflow flaw was discovered in how python's pcre module handled certain regular expressions. If a python application using the pcre module were to compile and execute untrusted regular expressions, it could possibly lead to an application crash or the execution of arbitrary code with the privileges of the python interpreter. Multiple integer overflows were found in python's imageop module. If an application written in python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the python interpreter.
768924f6a4c4dc0d8aa6d014cd64650fde1304e861e573e4128b3711365bab10Gentoo Linux Security Advisory GLSA 200711-30 - Tavis Ormandy (Google Security) discovered multiple vulnerabilities in PCRE. He reported an error when processing \Q\E sequences with unmatched \E codes that can lead to the compiled bytecode being corrupted. PCRE does not properly calculate sizes for unspecified multiple forms of character class, which triggers a buffer overflow. Further improper calculations of memory boundaries were reported when matching certain input bytes against regex patterns in non UTF-8 mode and when searching for unmatched brackets or parentheses. Multiple integer overflows when processing escape sequences may lead to invalid memory read operations or potentially cause heap-based buffer overflows. PCRE does not properly handle \P and \P{x} sequences which can lead to heap-based buffer overflows or trigger the execution of infinite loops, PCRE is also prone to an error when optimizing character classes containing a singleton UTF-8 sequence which might lead to a heap-based buffer overflow. Versions less than 7.3-r1 are affected.
2cf13565c4553f4360f8a93a282b82bbdd945f46fb26b822c659e837a4d9ca2a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed