USN-173-2: PCRE vulnerability

25 August 2005

pcre3, apache2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description

Details

USN-173-1 fixed a buffer overflow vulnerability in the PCRE library. However, it was determined that this did not suffice to prevent all possible overflows, so another update is necessary.

In addition, it was found that the Ubuntu 4.10 version of Apache 2 contains a static copy of the library code, so this package needs to be updated as well. In Ubuntu 5.04, Apache 2 uses the external library from the libpcre3 package.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.04
apache2
apache2-mpm-perchild
apache2-mpm-prefork
apache2-mpm-threadpool
apache2-mpm-worker
libpcre3
Ubuntu 4.10
apache2
apache2-mpm-perchild
apache2-mpm-prefork
apache2-mpm-threadpool
apache2-mpm-worker
libpcre3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References