Package name
gnumeric
Date
2005-08-26
Advisory ID
MDKSA-2005:153
Affected versions
10.2 x86_64 , 10.2 i586 , 10.1 i586 , CS3.0 x86_64 , CS3.0 i586 , 10.1 x86_64

Problem description

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The gnumeric packages use a private copy of pcre code. The updated packages have been patched to correct this problem.

Updated packages

10.2 x86_64

 ebf2b9f3573524f8a956f6697f08efc9  x86_64/10.2/RPMS/gnumeric-1.4.2-1.1.102mdk.x86_64.rpm
de0c185642dea43227c2bd8d04b05c19  x86_64/10.2/SRPMS/gnumeric-1.4.2-1.1.102mdk.src.rpm

10.2 i586

 9ce2fee0efdaac36d6f84374da737f61  10.2/RPMS/gnumeric-1.4.2-1.1.102mdk.i586.rpm
de0c185642dea43227c2bd8d04b05c19  10.2/SRPMS/gnumeric-1.4.2-1.1.102mdk.src.rpm

10.1 i586

 0886c3abe93a6f99e9c388a2057678e2  10.1/RPMS/gnumeric-1.2.13-3.1.101mdk.i586.rpm
1f4b803c3a19763710cfb56b141fe4d2  10.1/SRPMS/gnumeric-1.2.13-3.1.101mdk.src.rpm

CS3.0 x86_64

 58aedcd44337210db29fa0ee7123f7e0  x86_64/corporate/3.0/RPMS/gnumeric-1.2.6-1.1.C30mdk.x86_64.rpm
b296c5410c6bc28c2e5774d5024d3e43  x86_64/corporate/3.0/SRPMS/gnumeric-1.2.6-1.1.C30mdk.src.rpm

CS3.0 i586

 3510cf943ed010540a3659d23627f912  corporate/3.0/RPMS/gnumeric-1.2.6-1.1.C30mdk.i586.rpm
b296c5410c6bc28c2e5774d5024d3e43  corporate/3.0/SRPMS/gnumeric-1.2.6-1.1.C30mdk.src.rpm

10.1 x86_64

 e6371dd0e84c22a47d2be3146f6efe1e  x86_64/10.1/RPMS/gnumeric-1.2.13-3.1.101mdk.x86_64.rpm
1f4b803c3a19763710cfb56b141fe4d2  x86_64/10.1/SRPMS/gnumeric-1.2.13-3.1.101mdk.src.rpm

References