Mandrake Linux Security Advisory : gnumeric (MDKSA-2005:153)
High Nessus Plugin ID 19909
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionInteger overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
The gnumeric packages use a private copy of pcre code.
The updated packages have been patched to correct this problem.
SolutionUpdate the affected gnumeric package.