Lucene search

K
vmwareVMwareVMSA-2008-0007
HistoryApr 15, 2008 - 12:00 a.m.

Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus

2008-04-1500:00:00
www.vmware.com
19

0.794 High

EPSS

Percentile

98.3%

a. Updated pcre Service Console package addresses several security issues
The pcre package contains the Perl-Compatible Regular Expression library.
pcre is used by various Service Console utilities.

Several security issues were discovered in the way PCRE handles regular expressions. If an application linked against PCRE parsed a malicious regular expression, it may have been possible to run arbitrary code as the user running the application.

VMware would like to thank Ludwig Nussel for reporting these issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-7228 and CVE-2007-1660 to these issues.

RPM Updated:
pcre-3.9-10.4.i386.rpm

VMware ESX 3.5 patch ESX350-200803214-UG(pcre, net-snmp)

VMware ESX 3.0.2 patch ESX-1004217(pcre)
VMware ESX 3.0.1 patch ESX-1004187(pcre)