Debian-Sicherheitsankündigung

DSA-800-1 pcre3 -- Integer-Überlauf

Datum des Berichts:

02. Sep 2005

Betroffene Pakete:

Verwundbar:

Sicherheitsdatenbanken-Referenzen:

In der Debian-Fehlerdatenbank: Fehler 324531.
In der Bugtraq-Datenbank (bei SecurityFocus): BugTraq ID 14620.
In Mitres CVE-Verzeichnis: CVE-2005-2491.

Weitere Informationen:

Ein Integer-Überlauf mit nachfolgendem Pufferüberlauf wurde in PCRE entdeckt, der »Perl Compatible Regular Expressions«-Bibliothek, der einem Angreifer das Ausführen von beliebigem Code ermöglicht.

Da mehrere Pakete dynamisch gegen diese Bibliothek gelinkt sind, empfehlen wir Ihnen, die entsprechenden Dienste oder Programme neu zu starten. Der Befehl »apt-cache showpkg libpcre3« zeigt die entsprechenden Pakete in dem Abschnitt »Reverse Depends:« an.

Für die alte Stable-Distribution (Woody) wurde dieses Problem in Version 3.4-1.1woody1 behoben.

Für die Stable-Distribution (Sarge) wurde dieses Problem in Version 4.5-1.2sarge1 behoben.

Für die Unstable-Distribution (Sid) wurde dieses Problem in Version 6.3-1 behoben.

Wir empfehlen Ihnen, Ihr libpcre3-Paket zu aktualisieren.

Behoben in:

Debian GNU/Linux 3.0 (woody)

Quellcode:: http://security.debian.org/pool/updates/main/p/pcre3/pcre3_3.4-1.1woody1.dsc; http://security.debian.org/pool/updates/main/p/pcre3/pcre3_3.4-1.1woody1.diff.gz; http://security.debian.org/pool/updates/main/p/pcre3/pcre3_3.4.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_alpha.deb; http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_alpha.deb; http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_arm.deb; http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_arm.deb; http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_i386.deb; http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_i386.deb; http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_ia64.deb; http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_ia64.deb; http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_hppa.deb; http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_hppa.deb; http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_m68k.deb; http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_m68k.deb; http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_mips.deb; http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_mips.deb; http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_s390.deb; http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_s390.deb; http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_sparc.deb; http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_sparc.deb; http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_sparc.deb

Debian GNU/Linux 3.1 (sarge)

Quellcode:: http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5-1.2sarge1.dsc; http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5-1.2sarge1.diff.gz; http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5.orig.tar.gz
Architektur-unabhängige Dateien:: http://security.debian.org/pool/updates/main/p/pcre3/pgrep_4.5-1.2sarge1_all.deb
Alpha:: http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_amd64.deb; http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_amd64.deb; http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_sparc.deb

MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.