Vulnerabilities > CVE-2005-2491 - Unspecified vulnerability in Pcre 5.0/6.0/6.1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
pcre
nessus

Summary

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

Vulnerable Configurations

Part Description Count
Application
Pcre
3

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12013.NASL
    descriptionPython contains a copy of the pcre library. Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code. (CVE-2005-2491, CVE-2006-7228)
    last seen2020-06-01
    modified2020-06-02
    plugin id41173
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41173
    titleSuSE9 Security Update : Python (YOU Patch Number 12013)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(41173);
      script_version("1.9");
      script_cvs_date("Date: 2019/10/25 13:36:29");
    
      script_cve_id("CVE-2005-2491", "CVE-2006-7228");
    
      script_name(english:"SuSE9 Security Update : Python (YOU Patch Number 12013)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 9 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Python contains a copy of the pcre library. Specially crafted regular
    expressions could lead to a buffer overflow in the pcre library.
    Applications using pcre to process regular expressions from untrusted
    sources could therefore potentially be exploited by attackers to
    execute arbitrary code. (CVE-2005-2491, CVE-2006-7228)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2005-2491/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-7228.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12013.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/12/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SUSE9", reference:"python-2.3.3-88.18")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-curses-2.3.3-88.18")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-demo-2.3.3-88.18")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-devel-2.3.3-88.18")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-doc-2.3.3-88.18")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-doc-pdf-2.3.3-88.18")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-gdbm-2.3.3-88.18")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-idle-2.3.3-88.18")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-mpz-2.3.3-88.18")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-tk-2.3.3-88.18")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-xml-2.3.3-88.18")) flag++;
    if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"python-32bit-9-200712110030")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2005_049.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2005:049 (php4, php5). This update fixes the following security issues in the PHP scripting language. - Bugs in the PEAR::XML_RPC library allowed remote attackers to pass arbitrary PHP code to the eval() function (CVE-2005-1921, CVE-2005-2498). The Pear::XML_RPC library is not used by default in SUSE Linux, but might be used by third-party PHP applications. - A integer overflow bug was found in the PCRE (perl compatible regular expression) library which could be used by an attacker to potentially execute code. (CVE-2005-2491)
    last seen2019-10-28
    modified2005-10-05
    plugin id19928
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19928
    titleSUSE-SA:2005:049: php4, php5
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:049
    #
    
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    include("compat.inc");
    
    if(description)
    {
     script_id(19928);
     script_version ("1.8");
     
     name["english"] = "SUSE-SA:2005:049: php4, php5";
     
     script_name(english:name["english"]);
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a vendor-supplied security patch" );
     script_set_attribute(attribute:"description", value:
    "The remote host is missing the patch for the advisory SUSE-SA:2005:049 (php4, php5).
    
    
    This update fixes the following security issues in the PHP scripting
    language.
    
    - Bugs in the PEAR::XML_RPC library allowed remote attackers to pass
    arbitrary PHP code to the eval() function (CVE-2005-1921,
    CVE-2005-2498).
    
    The Pear::XML_RPC library is not used by default in SUSE Linux, but
    might be used by third-party PHP applications.
    
    - A integer overflow bug was found in the PCRE (perl compatible regular
    expression) library which could be used by an attacker to potentially
    execute code. (CVE-2005-2491)" );
     script_set_attribute(attribute:"solution", value:
    "http://www.suse.de/security/advisories/2005_49_php.html" );
     script_set_attribute(attribute:"risk_factor", value:"High" );
    
    
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2005/10/05");
     script_end_attributes();
    
     
     summary["english"] = "Check for the version of the php4, php5 package";
     script_summary(english:summary["english"]);
     
     script_category(ACT_GATHER_INFO);
     
     script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
     family["english"] = "SuSE Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/SuSE/rpm-list");
     exit(0);
    }
    
    include("rpm.inc");
    if ( rpm_check( reference:"apache2-mod_php4-4.3.3-194", release:"SUSE9.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"mod_php4-4.3.3-194", release:"SUSE9.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"mod_php4-aolserver-4.3.3-194", release:"SUSE9.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"mod_php4-core-4.3.3-194", release:"SUSE9.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"mod_php4-devel-4.3.3-194", release:"SUSE9.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"mod_php4-servlet-4.3.3-194", release:"SUSE9.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"apache2-mod_php4-4.3.4-43.41", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"mod_php4-core-4.3.4-43.41", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"mod_php4-servlet-4.3.4-43.41", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-4.3.4-43.41", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-devel-4.3.4-43.41", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-exif-4.3.4-43.41", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-fastcgi-4.3.4-43.41", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-imap-4.3.4-43.41", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-mysql-4.3.4-43.41", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-pear-4.3.4-43.41", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-recode-4.3.4-43.41", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-servlet-4.3.4-43.41", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-session-4.3.4-43.41", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-sysvshm-4.3.4-43.41", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-wddx-4.3.4-43.41", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"apache2-mod_php4-4.3.8-8.12", release:"SUSE9.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"mod_php4-servlet-4.3.8-8.12", release:"SUSE9.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-4.3.8-8.12", release:"SUSE9.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-devel-4.3.8-8.12", release:"SUSE9.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-exif-4.3.8-8.12", release:"SUSE9.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-fastcgi-4.3.8-8.12", release:"SUSE9.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-pear-4.3.8-8.12", release:"SUSE9.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-session-4.3.8-8.12", release:"SUSE9.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-sysvshm-4.3.8-8.12", release:"SUSE9.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"apache2-mod_php4-4.3.10-14.9", release:"SUSE9.3") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"apache2-mod_php5-5.0.3-14.9", release:"SUSE9.3") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"mod_php4-servlet-4.3.10-14.9", release:"SUSE9.3") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-4.3.10-14.9", release:"SUSE9.3") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-devel-4.3.10-14.9", release:"SUSE9.3") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-exif-4.3.10-14.9", release:"SUSE9.3") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-fastcgi-4.3.10-14.9", release:"SUSE9.3") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-pear-4.3.10-14.9", release:"SUSE9.3") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-session-4.3.10-14.9", release:"SUSE9.3") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php4-sysvshm-4.3.10-14.9", release:"SUSE9.3") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php5-5.0.3-14.9", release:"SUSE9.3") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php5-devel-5.0.3-14.9", release:"SUSE9.3") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php5-exif-5.0.3-14.9", release:"SUSE9.3") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php5-fastcgi-5.0.3-14.9", release:"SUSE9.3") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php5-pear-5.0.3-14.9", release:"SUSE9.3") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php5-sysvmsg-5.0.3-14.9", release:"SUSE9.3") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"php5-sysvshm-5.0.3-14.9", release:"SUSE9.3") )
    {
     security_hole(0);
     exit(0);
    }
    
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHSS_34123.NASL
    descriptions700_800 11.04 Virtualvault 4.7 OWS (Apache 2.x) update : Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerability could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.
    last seen2020-06-01
    modified2020-06-02
    plugin id21107
    published2006-03-21
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21107
    titleHP-UX PHSS_34123 : Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access (HPSBUX02074 SSRT051251 rev.2)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-154.NASL
    descriptionInteger overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The python packages use a private copy of pcre code. The updated packages have been patched to correct this problem.
    last seen2020-06-01
    modified2020-06-02
    plugin id19910
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19910
    titleMandrake Linux Security Advisory : python (MDKSA-2005:154)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-173-1.NASL
    descriptionA buffer overflow has been discovered in the PCRE, a widely used library that provides Perl compatible regular expressions. Specially crafted regular expressions triggered a buffer overflow. On systems that accept arbitrary regular expressions from untrusted users, this could be exploited to execute arbitrary code with the privileges of the application using the library. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20580
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20580
    titleUbuntu 4.10 / 5.04 : pcre3 vulnerability (USN-173-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-173-2.NASL
    descriptionUSN-173-1 fixed a buffer overflow vulnerability in the PCRE library. However, it was determined that this did not suffice to prevent all possible overflows, so another update is necessary. In addition, it was found that the Ubuntu 4.10 version of Apache 2 contains a static copy of the library code, so this package needs to be updated as well. In Ubuntu 5.04, Apache 2 uses the external library from the libpcre3 package. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20581
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20581
    titleUbuntu 4.10 / 5.04 : pcre3, apache2 vulnerabilities (USN-173-2)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_B971D2A6167011DA978E0001020EED82.NASL
    descriptionThe pcre library is vulnerable to a buffer overflow vulnerability due to insufficient validation of quantifier values. This could lead execution of arbitrary code with the permissions of the program using pcre by way of a specially crated regular expression.
    last seen2020-06-01
    modified2020-06-02
    plugin id21502
    published2006-05-13
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21502
    titleFreeBSD : pcre -- regular expression buffer overflow (b971d2a6-1670-11da-978e-0001020eed82)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2005-251-04.NASL
    descriptionA new php5 package is available for Slackware 10.1 in /testing to fix security issues. PHP has been relinked with the shared PCRE library to fix an overflow issue with PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id19863
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19863
    titleSlackware 10.1 : php5 in Slackware 10.1 (SSA:2005-251-04)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200509-12.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200509-12 (Apache, mod_ssl: Multiple vulnerabilities) mod_ssl contains a security issue when
    last seen2020-06-01
    modified2020-06-02
    plugin id19811
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19811
    titleGLSA-200509-12 : Apache, mod_ssl: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0197.NASL
    descriptionUpdated Python packages are now available to correct a security issue. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was found in Python
    last seen2020-06-01
    modified2020-06-02
    plugin id21042
    published2006-03-10
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21042
    titleRHEL 2.1 / 3 / 4 : python (RHSA-2006:0197)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2005_051.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2005:051 (php4,php5). This update fixes the following security issues in the PHP scripting language. - Bugs in the PEAR::XML_RPC library allowed remote attackers to pass arbitrary PHP code to the eval() function (CVE-2005-1921, CVE-2005-2498). The Pear::XML_RPC library is not used by default in SUSE Linux, but might be used by third-party PHP applications. - An integer overflow bug was found in the PCRE (perl compatible regular expression) library which could be used by an attacker to potentially execute code. (CVE-2005-2491) Please note:
    last seen2019-10-28
    modified2005-10-05
    plugin id19930
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19930
    titleSUSE-SA:2005:051: php4,php5
  • NASL familyCGI abuses
    NASL idPHP_4_4_1.NASL
    descriptionAccording to its banner, the version of PHP installed on the remote host is older than 4.4.1 or 5.0.6. Such versions fail to protect the
    last seen2020-06-01
    modified2020-06-02
    plugin id20111
    published2005-11-01
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20111
    titlePHP < 4.4.1 / 5.0.6 Multiple Vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-152.NASL
    descriptionInteger overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The php packages, as shipped, were built using a private copy of pcre. The updated packages have been rebuilt against the system pcre libs to correct this problem.
    last seen2020-06-01
    modified2020-06-02
    plugin id19908
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19908
    titleMandrake Linux Security Advisory : php (MDKSA-2005:152)
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHSS_34163.NASL
    descriptions700_800 11.04 Webproxy server 2.1 (Apache 2.x) update : Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerability could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.
    last seen2020-06-01
    modified2020-06-02
    plugin id21108
    published2006-03-21
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21108
    titleHP-UX PHSS_34163 : Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access (HPSBUX02074 SSRT051251 rev.2)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-213.NASL
    descriptionA number of vulnerabilities were discovered in PHP : An issue with fopen_wrappers.c would not properly restrict access to other directories when the open_basedir directive included a trailing slash (CVE-2005-3054); this issue does not affect Corporate Server 2.1. An issue with the apache2handler SAPI in mod_php could allow an attacker to cause a Denial of Service via the session.save_path option in an .htaccess file or VirtualHost stanza (CVE-2005-3319); this issue does not affect Corporate Server 2.1. A Denial of Service vulnerability was discovered in the way that PHP processes EXIF image data which could allow an attacker to cause PHP to crash by supplying carefully crafted EXIF image data (CVE-2005-3353). A cross-site scripting vulnerability was discovered in the phpinfo() function which could allow for the injection of JavaScript or HTML content onto a page displaying phpinfo() output, or to steal data such as cookies (CVE-2005-3388). A flaw in the parse_str() function could allow for the enabling of register_globals, even if it was disabled in the PHP configuration file (CVE-2005-3389). A vulnerability in the way that PHP registers global variables during a file upload request could allow a remote attacker to overwrite the $GLOBALS array which could potentially lead the execution of arbitrary PHP commands. This vulnerability only affects systems with register_globals enabled (CVE-2005-3390). The updated packages have been patched to address this issue. Once the new packages have been installed, you will need to restart your Apache server using
    last seen2020-06-01
    modified2020-06-02
    plugin id20445
    published2006-01-15
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20445
    titleMandrake Linux Security Advisory : php (MDKSA-2005:213)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-800.NASL
    descriptionAn integer overflow with subsequent buffer overflow has been detected in PCRE, the Perl Compatible Regular Expressions library, which allows an attacker to execute arbitrary code. Since several packages link dynamically to this library you are advised to restart the corresponding services or programs respectively. The command
    last seen2020-06-01
    modified2020-06-02
    plugin id19570
    published2005-09-06
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19570
    titleDebian DSA-800-1 : pcre3 - integer overflow
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200509-19.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200509-19 (PHP: Vulnerabilities in included PCRE and XML-RPC libraries) PHP makes use of a private copy of libpcre which is subject to an integer overflow leading to a heap overflow (see GLSA 200508-17). It also ships with an XML-RPC library affected by a script injection vulnerability (see GLSA 200508-13). Impact : An attacker could target a PHP-based web application that would use untrusted data as regular expressions, potentially resulting in the execution of arbitrary code. If web applications make use of the XML-RPC library shipped with PHP, they are also vulnerable to remote execution of arbitrary PHP code. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id19818
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19818
    titleGLSA-200509-19 : PHP: Vulnerabilities in included PCRE and XML-RPC libraries
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-821.NASL
    descriptionAn integer overflow with a subsequent buffer overflow has been detected in PCRE, the Perl Compatible Regular Expressions library, which allows an attacker to execute arbitrary code, and is also present in Python. Exploiting this vulnerability requires an attacker to specify the used regular expression.
    last seen2020-06-01
    modified2020-06-02
    plugin id19790
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19790
    titleDebian DSA-821-1 : python2.3 - integer overflow
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200509-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200509-02 (Gnumeric: Heap overflow in the included PCRE library) Gnumeric contains a private copy of libpcre which is subject to an integer overflow leading to a heap overflow (see GLSA 200508-17). Impact : An attacker could potentially exploit this vulnerability by tricking a user into opening a specially crafted spreadsheet, which could lead to the execution of arbitrary code with the privileges of the user running Gnumeric. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id19577
    published2005-09-06
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19577
    titleGLSA-200509-02 : Gnumeric: Heap overflow in the included PCRE library
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-819.NASL
    descriptionAn integer overflow with a subsequent buffer overflow has been detected in PCRE, the Perl Compatible Regular Expressions library, which allows an attacker to execute arbitrary code, and is also present in Python. Exploiting this vulnerability requires an attacker to specify the used regular expression.
    last seen2020-06-01
    modified2020-06-02
    plugin id19788
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19788
    titleDebian DSA-819-1 : python2.1 - integer overflow
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-761.NASL
    descriptionUpdated pcre packages are now available to correct a security issue. This update has been rated as having moderate security impact by the Red Hat Security Response Team PCRE is a Perl-compatible regular expression library. An integer overflow flaw was found in PCRE, triggered by a maliciously crafted regular expression. On systems that accept arbitrary regular expressions from untrusted users, this could be exploited to execute arbitrary code with the privileges of the application using the library. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2491 to this issue. The security impact of this issue varies depending on the way that applications make use of PCRE. For example, the Apache web server uses the system PCRE library in order to parse regular expressions, but this flaw would only allow a user who already has the ability to write .htaccess files to gain
    last seen2020-06-01
    modified2020-06-02
    plugin id19675
    published2005-09-12
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19675
    titleRHEL 2.1 / 3 / 4 : pcre (RHSA-2005:761)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-155.NASL
    descriptionInteger overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The apache2 packages, as shipped, were built using a private copy of pcre. The updated packages have been rebuilt against the system pcre libs to correct this problem. 10.1 and 10.2/LE2005 are already built against the system pcre.
    last seen2020-06-01
    modified2020-06-02
    plugin id19911
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19911
    titleMandrake Linux Security Advisory : apache2 (MDKSA-2005:155)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2005-009.NASL
    descriptionThe remote host is running Apple Mac OS X, but lacks Security Update 2005-009. This security update contains fixes for the following applications : - Apache2 - Apache_mod_ssl - CoreFoundation - curl - iodbcadmintool - OpenSSL - passwordserver - Safari - sudo - syslog
    last seen2020-06-01
    modified2020-06-02
    plugin id20249
    published2005-11-30
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20249
    titleMac OS X Multiple Vulnerabilities (Security Update 2005-009)
  • NASL familyWeb Servers
    NASL idAPACHE_2_0_55.NASL
    descriptionThe remote host appears to be running a version of Apache that is prior to 2.0.55. It is, therefore affected by multiple vulnerabilities : - A security issue exists where
    last seen2020-06-01
    modified2020-06-02
    plugin id31656
    published2008-03-26
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31656
    titleApache < 2.0.55 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-358.NASL
    descriptionUpdated exim packages that fix a security issue in PCRE and a free space computation on large file system bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Exim is a mail transport agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. An integer overflow flaw was found in PCRE, a Perl-compatible regular expression library included within Exim. A local user could create a maliciously crafted regular expression in such as way that they could gain the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id19672
    published2005-09-12
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19672
    titleRHEL 4 : exim (RHSA-2005:358)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200508-17.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200508-17 (libpcre: Heap integer overflow) libpcre fails to check certain quantifier values in regular expressions for sane values. Impact : An attacker could possibly exploit this vulnerability to execute arbitrary code by sending specially crafted regular expressions to applications making use of the libpcre library. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id19537
    published2005-08-30
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19537
    titleGLSA-200508-17 : libpcre: Heap integer overflow
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0197.NASL
    descriptionUpdated Python packages are now available to correct a security issue. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was found in Python
    last seen2020-06-01
    modified2020-06-02
    plugin id21890
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21890
    titleCentOS 3 / 4 : python (CESA-2006:0197)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2005_048.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2005:048 (pcre). A vulnerability was found in the PCRE regular expression handling library which allows an attacker to crash or overflow a buffer in the program by specifying a special regular expression. Since this library is used in a large number of packages, including apache2, php4, exim, postfix and similar, a remote attack could be possible. This is tracked by the Mitre CVE ID CVE-2005-2491.
    last seen2019-10-28
    modified2005-10-05
    plugin id19927
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19927
    titleSUSE-SA:2005:048: pcre
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-151.NASL
    descriptionInteger overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The updated packages have been patched to correct this problem.
    last seen2020-06-01
    modified2020-06-02
    plugin id19907
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19907
    titleMandrake Linux Security Advisory : pcre (MDKSA-2005:151)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2005-242-01.NASL
    descriptionNew PCRE packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue. A buffer overflow could be triggered by a specially crafted regular expression. Any applications that use PCRE to process untrusted regular expressions may be exploited to run arbitrary code as the user running the application. The PCRE library is also provided in an initial installation by the aaa_elflibs package, so if your system has a /usr/lib/libpcre.so.0 symlink, then you should install this updated package even if the PCRE package itself is not installed on the system.
    last seen2020-06-01
    modified2020-06-02
    plugin id19858
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19858
    titleSlackware 10.0 / 10.1 / 8.1 / 9.0 / 9.1 / current : PCRE library (SSA:2005-242-01)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-173-4.NASL
    descriptionUSN-173-1 fixed a buffer overflow vulnerability in the PCRE library. However, it was found that the various python packages and gnumeric contain static copies of the library code, so these packages need to be updated as well. In gnumeric this bug could be exploited to execute arbitrary code with the privileges of the user if the user was tricked into opening a specially crafted spreadsheet document. In python, the impact depends on the particular application that uses python
    last seen2020-06-01
    modified2020-06-02
    plugin id20583
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20583
    titleUbuntu 4.10 / 5.04 : python2.1, python2.2, python2.3, gnumeric vulnerabilities (USN-173-4)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-358.NASL
    descriptionUpdated exim packages that fix a security issue in PCRE and a free space computation on large file system bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Exim is a mail transport agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. An integer overflow flaw was found in PCRE, a Perl-compatible regular expression library included within Exim. A local user could create a maliciously crafted regular expression in such as way that they could gain the privileges of the
    last seen2020-06-01
    modified2020-06-02
    plugin id21927
    published2006-07-05
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21927
    titleCentOS 4 : exim (CESA-2005:358)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-761.NASL
    descriptionUpdated pcre packages are now available to correct a security issue. This update has been rated as having moderate security impact by the Red Hat Security Response Team PCRE is a Perl-compatible regular expression library. An integer overflow flaw was found in PCRE, triggered by a maliciously crafted regular expression. On systems that accept arbitrary regular expressions from untrusted users, this could be exploited to execute arbitrary code with the privileges of the application using the library. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2491 to this issue. The security impact of this issue varies depending on the way that applications make use of PCRE. For example, the Apache web server uses the system PCRE library in order to parse regular expressions, but this flaw would only allow a user who already has the ability to write .htaccess files to gain
    last seen2020-06-01
    modified2020-06-02
    plugin id21854
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21854
    titleCentOS 3 / 4 : pcre (CESA-2005:761)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2005-242-02.NASL
    descriptionNew PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix security issues. PHP has been relinked with the shared PCRE library to fix an overflow issue with PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id19859
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19859
    titleSlackware 10.0 / 10.1 / 8.1 / 9.0 / 9.1 / current : PHP (SSA:2005-242-02)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-817.NASL
    descriptionAn integer overflow with a subsequent buffer overflow has been detected in PCRE, the Perl Compatible Regular Expressions library, which allows an attacker to execute arbitrary code, and is also present in Python. Exploiting this vulnerability requires an attacker to specify the used regular expression.
    last seen2020-06-01
    modified2020-06-02
    plugin id19786
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19786
    titleDebian DSA-817-1 : python2.2 - integer overflow
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200509-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200509-08 (Python: Heap overflow in the included PCRE library) The
    last seen2020-06-01
    modified2020-06-02
    plugin id19687
    published2005-09-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19687
    titleGLSA-200509-08 : Python: Heap overflow in the included PCRE library
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-153.NASL
    descriptionInteger overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The gnumeric packages use a private copy of pcre code. The updated packages have been patched to correct this problem.
    last seen2020-06-01
    modified2020-06-02
    plugin id19909
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19909
    titleMandrake Linux Security Advisory : gnumeric (MDKSA-2005:153)

Oval

  • accepted2013-04-29T04:14:32.292-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    descriptionInteger overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
    familyunix
    idoval:org.mitre.oval:def:11516
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleInteger overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
    version28
  • accepted2007-10-02T08:08:09.337-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameTodd Dolinsky
      organizationOpsware, Inc.
    descriptionInteger overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
    familyunix
    idoval:org.mitre.oval:def:1496
    statusaccepted
    submitted2006-03-18T07:24:00.000-04:00
    titleWebproxy Integer Overflow in pcre_compile
    version36
  • accepted2007-10-02T08:08:10.207-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameTodd Dolinsky
      organizationOpsware, Inc.
    descriptionInteger overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
    familyunix
    idoval:org.mitre.oval:def:1659
    statusaccepted
    submitted2006-03-18T07:24:00.000-04:00
    titleVirusVault Integer Overflow in pcre_compile
    version36
  • accepted2006-01-25T07:30:00.000-04:00
    classvulnerability
    contributors
    nameRobert L. Hollis
    organizationThreatGuard, Inc.
    descriptionInteger overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
    familyunix
    idoval:org.mitre.oval:def:735
    statusaccepted
    submitted2005-11-30T12:00:00.000-04:00
    titleApache Integer Overflow in pcre_compile.c
    version35

Redhat

advisories
  • bugzilla
    id166335
    titleCVE-2005-2491 PCRE heap overflow
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commentpython is earlier than 0:2.3.4-14.2
            ovaloval:com.redhat.rhsa:tst:20060197001
          • commentpython is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060197002
        • AND
          • commentpython-docs is earlier than 0:2.3.4-14.2
            ovaloval:com.redhat.rhsa:tst:20060197003
          • commentpython-docs is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060197004
        • AND
          • commentpython-tools is earlier than 0:2.3.4-14.2
            ovaloval:com.redhat.rhsa:tst:20060197005
          • commentpython-tools is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060197006
        • AND
          • commentpython-devel is earlier than 0:2.3.4-14.2
            ovaloval:com.redhat.rhsa:tst:20060197007
          • commentpython-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060197008
        • AND
          • commenttkinter is earlier than 0:2.3.4-14.2
            ovaloval:com.redhat.rhsa:tst:20060197009
          • commenttkinter is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060197010
    rhsa
    idRHSA-2006:0197
    released2006-03-09
    severityModerate
    titleRHSA-2006:0197: python security update (Moderate)
  • rhsa
    idRHSA-2005:358
  • rhsa
    idRHSA-2005:761
rpms
  • exim-0:4.43-1.RHEL4.5
  • exim-debuginfo-0:4.43-1.RHEL4.5
  • exim-doc-0:4.43-1.RHEL4.5
  • exim-mon-0:4.43-1.RHEL4.5
  • exim-sa-0:4.43-1.RHEL4.5
  • pcre-0:3.9-10.2
  • pcre-0:4.5-3.2.RHEL4
  • pcre-debuginfo-0:3.9-10.2
  • pcre-debuginfo-0:4.5-3.2.RHEL4
  • pcre-devel-0:3.9-10.2
  • pcre-devel-0:4.5-3.2.RHEL4
  • python-0:2.2.3-6.2
  • python-0:2.3.4-14.2
  • python-debuginfo-0:2.2.3-6.2
  • python-debuginfo-0:2.3.4-14.2
  • python-devel-0:2.2.3-6.2
  • python-devel-0:2.3.4-14.2
  • python-docs-0:2.3.4-14.2
  • python-tools-0:2.2.3-6.2
  • python-tools-0:2.3.4-14.2
  • tkinter-0:2.2.3-6.2
  • tkinter-0:2.3.4-14.2

Statements

contributorMark J Cox
lastmodified2008-07-02
organizationApache
statementFixed in Apache 2.0.55: http://httpd.apache.org/security/vulnerabilities_20.html

References