View Full Version : USN-581-1: PCRE vulnerability

February 22nd, 2008, 05:10 AM
Referenced CVEs:

================================================== ========= Ubuntu Security Notice USN-581-1 February 21, 2008 pcre3 vulnerability CVE-2008-0674 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libpcre3 7.4-0ubuntu0.6.06.2 Ubuntu 6.10: libpcre3 7.4-0ubuntu0.6.10.2 Ubuntu 7.04: libpcre3 7.4-0ubuntu0.7.04.2 Ubuntu 7.10: libpcre3 7.4-0ubuntu0.7.10.2 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: It was discovered that PCRE did not correctly handle very long strings containing UTF8 sequences. In certain situations, an attacker could exploit applications linked against PCRE by tricking a user or automated system in processing a malicious regular expression leading to a denial of service or possibly arbitrary code execution.

More... (http://www.ubuntu.com/usn/usn-581-1)