Skip to navigation

Security Advisory Low: boost security and bug fix update

Advisory: RHSA-2012:0305-3
Type: Security Advisory
Severity: Low
Issued on: 2012-02-21
Last updated on: 2012-02-21
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2008-0171
CVE-2008-0172

Details

Updated boost packages that fix two security issues and two bugs are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

The boost packages provide free, peer-reviewed, portable C++ source
libraries with emphasis on libraries which work well with the C++ Standard
Library.

Invalid pointer dereference flaws were found in the way the Boost regular
expression library processed certain, invalid expressions. An attacker able
to make an application using the Boost library process a specially-crafted
regular expression could cause that application to crash or, potentially,
execute arbitrary code with the privileges of the user running the
application. (CVE-2008-0171)

NULL pointer dereference flaws were found in the way the Boost regular
expression library processed certain, invalid expressions. An attacker able
to make an application using the Boost library process a specially-crafted
regular expression could cause that application to crash. (CVE-2008-0172)

Red Hat would like to thank Will Drewry for reporting these issues.

This update also fixes the following bugs:

* Prior to this update, the construction of a regular expression object
could fail when several regular expression objects were created
simultaneously, such as in a multi-threaded program. With this update, the
object variables have been moved from the shared memory to the stack. Now,
the constructing function is thread safe. (BZ#472384)

* Prior to this update, header files in several Boost libraries contained
preprocessor directives that the GNU Compiler Collection (GCC) 4.4 could
not handle. This update instead uses equivalent constructs that are
standard C. (BZ#567722)

All users of boost are advised to upgrade to these updated packages, which
fix these issues.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
boost-1.33.1-15.el5.src.rpm
File outdated by:  RHSA-2013:0668
    MD5: 55d9f7cab8fab7a2183d967d02b14a3b
SHA-256: 2f70527606dd116ad538948d6da6b3cdb5a83b4f1dd2d6341a7f6586aee4cb92
 
IA-32:
boost-debuginfo-1.33.1-15.el5.i386.rpm
File outdated by:  RHSA-2013:0668
    MD5: 5858642668dd599367edecfb80b41e5d
SHA-256: d9e0dfe178f432f9f6a19c31265b7ad2681490848c8f0c9e582c3c70ac2686d4
boost-devel-1.33.1-15.el5.i386.rpm
File outdated by:  RHSA-2013:0668
    MD5: 2e121c5d54d3f8a1fb868f05033cdebd
SHA-256: dcad10ee45908b36a9ec4e5b298b72967623dd9a943668c8e46c7a742a672bcb
 
x86_64:
boost-debuginfo-1.33.1-15.el5.i386.rpm
File outdated by:  RHSA-2013:0668
    MD5: 5858642668dd599367edecfb80b41e5d
SHA-256: d9e0dfe178f432f9f6a19c31265b7ad2681490848c8f0c9e582c3c70ac2686d4
boost-debuginfo-1.33.1-15.el5.x86_64.rpm
File outdated by:  RHSA-2013:0668
    MD5: 4a1bf33a6a901c6bb3785a356f258462
SHA-256: 4145e0d36fb91f46520aa07e6f4032d1c774b42d179866ac269e195156e35336
boost-devel-1.33.1-15.el5.i386.rpm
File outdated by:  RHSA-2013:0668
    MD5: 2e121c5d54d3f8a1fb868f05033cdebd
SHA-256: dcad10ee45908b36a9ec4e5b298b72967623dd9a943668c8e46c7a742a672bcb
boost-devel-1.33.1-15.el5.x86_64.rpm
File outdated by:  RHSA-2013:0668
    MD5: 339059a8697d70885f438a427014fe9b
SHA-256: e599d4bfd51a449dab87047090b598febd4b8b35e83e4db8c1c30b3901d5abfe
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
boost-1.33.1-15.el5.src.rpm
File outdated by:  RHSA-2013:0668
    MD5: 55d9f7cab8fab7a2183d967d02b14a3b
SHA-256: 2f70527606dd116ad538948d6da6b3cdb5a83b4f1dd2d6341a7f6586aee4cb92
 
IA-32:
boost-1.33.1-15.el5.i386.rpm
File outdated by:  RHSA-2013:0668
    MD5: 1e5a0f99ff9653fb0bc8ceb99e619e65
SHA-256: 0a7b5cb796e962078ec6af70e3252e9edbc488da65cce0fdc5c62f96b171f6d3
boost-debuginfo-1.33.1-15.el5.i386.rpm
File outdated by:  RHSA-2013:0668
    MD5: 5858642668dd599367edecfb80b41e5d
SHA-256: d9e0dfe178f432f9f6a19c31265b7ad2681490848c8f0c9e582c3c70ac2686d4
boost-devel-1.33.1-15.el5.i386.rpm
File outdated by:  RHSA-2013:0668
    MD5: 2e121c5d54d3f8a1fb868f05033cdebd
SHA-256: dcad10ee45908b36a9ec4e5b298b72967623dd9a943668c8e46c7a742a672bcb
boost-doc-1.33.1-15.el5.i386.rpm
File outdated by:  RHSA-2013:0668
    MD5: cb81cbbb970d9704bc56dbc742d996d7
SHA-256: 4ba264175ec3c44fd6782c1504326edf04df55688b9e0236736e95eef3319491
 
IA-64:
boost-1.33.1-15.el5.ia64.rpm
File outdated by:  RHSA-2013:0668
    MD5: 7f3dfd178aa8e9e82061ef9b77c58e5f
SHA-256: 0d26c4e6272ed12c236099acc52dfe2425ed2910078a57c1631912097b462609
boost-debuginfo-1.33.1-15.el5.ia64.rpm
File outdated by:  RHSA-2013:0668
    MD5: 818c72bd3145a6c2536bd24e92fe7c0c
SHA-256: 9f660b7ff6bfddd1ff2afe713ef26ee8277741228d1a77b6cc02df75122e5de1
boost-devel-1.33.1-15.el5.ia64.rpm
File outdated by:  RHSA-2013:0668
    MD5: 5f99534546fd685096e4dbc3d341936a
SHA-256: 4eef08c8fcfba0ff3b458df7eba8cfcdfdd2d3106570675fe786b49c662971a7
boost-doc-1.33.1-15.el5.ia64.rpm
File outdated by:  RHSA-2013:0668
    MD5: 9f171c50cf8f79d5efe8c891491a2f17
SHA-256: 10038fe0c3f63f468370ba9625bca92b51e3a96aec60cdf6e972ecc197a11818
 
PPC:
boost-1.33.1-15.el5.ppc.rpm
File outdated by:  RHSA-2013:0668
    MD5: 64f69a7b4f7de9fe206a756a2cf53551
SHA-256: 23acaacee21d46c02d04a7a4278a3a69aea574e7071484b3acd371669188e155
boost-1.33.1-15.el5.ppc64.rpm
File outdated by:  RHSA-2013:0668
    MD5: 38e5f2ab577f5fe6fd84deccc92ff73b
SHA-256: a9208837c298db4ecf316ed0267dfe95173a498a033d1aefc57b2e6729628a95
boost-debuginfo-1.33.1-15.el5.ppc.rpm
File outdated by:  RHSA-2013:0668
    MD5: 3f10ea63f674bdfd32309c6836706b37
SHA-256: d2c7519120a32d8839ef78ead5f80ed107cad27a7f813560ff8c28d576f4b6df
boost-debuginfo-1.33.1-15.el5.ppc64.rpm
File outdated by:  RHSA-2013:0668
    MD5: 68ba2f6eb32e89689921d18c23f9fe54
SHA-256: ed4b71caac4fd062fa5def7925ce19903ed00cf40dd9135516fbcd688c621293
boost-devel-1.33.1-15.el5.ppc.rpm
File outdated by:  RHSA-2013:0668
    MD5: 73b270a1103d4cb7e6aea41985de6540
SHA-256: fb028a80d15d68468340b583fa3aab0f86c21f520eb4cc57ef06524123c6a61c
boost-devel-1.33.1-15.el5.ppc64.rpm
File outdated by:  RHSA-2013:0668
    MD5: 656731964ccb84afe7175bcd4c6ae941
SHA-256: d6f01ab547258309d9b400f38abac7d26270befe408a9ac6f1abeb3e2f87d125
boost-doc-1.33.1-15.el5.ppc.rpm
File outdated by:  RHSA-2013:0668
    MD5: 91e34eb29f6b3d5d00144c4f270ff344
SHA-256: 32a90420a322b94827b805e4421f02bf7dcc0f4a61fbea5ab7b1987f064717c0
 
s390x:
boost-1.33.1-15.el5.s390.rpm
File outdated by:  RHSA-2013:0668
    MD5: d205d4cf66f8feb70e7035f0d8737e11
SHA-256: 7c4e6b29859e34cf015bd61969addf40877a32d4dc1e43e8650a96a4ac52f776
boost-1.33.1-15.el5.s390x.rpm
File outdated by:  RHSA-2013:0668
    MD5: 425676077311b8168c4310b8922506f7
SHA-256: 27e08e1f7540af2630488c75c6b532fd3a60706a8a5b853c27152c2e980ba2a5
boost-debuginfo-1.33.1-15.el5.s390.rpm
File outdated by:  RHSA-2013:0668
    MD5: 81c92268b9db55357df1147c97bd2359
SHA-256: 46df889964d8c627c6a1c9d715132b9a390359fe4c364426ba3a4d4ea54b9559
boost-debuginfo-1.33.1-15.el5.s390x.rpm
File outdated by:  RHSA-2013:0668
    MD5: ce4a3006be036449f4b1820e5bde5d4c
SHA-256: 15adf632b34970b4865077f2f22bab622f41db539e529f851a32714ffe9cb71b
boost-devel-1.33.1-15.el5.s390.rpm
File outdated by:  RHSA-2013:0668
    MD5: 9bd0026ac8dfe5aafdf072243714303a
SHA-256: 1cd7bd8c6e6c8ad42b6e17e9e32635790ececbf4f9d11c5c61e0f3cfeeabbcac
boost-devel-1.33.1-15.el5.s390x.rpm
File outdated by:  RHSA-2013:0668
    MD5: 791e4d5112ac1f1c2147d60d5111abed
SHA-256: 79da9e17e6e98447fa0d44f330534342b83bf22aba23589aefd10ff9f0327044
boost-doc-1.33.1-15.el5.s390x.rpm
File outdated by:  RHSA-2013:0668
    MD5: 3d73eb537e1bbb1af603d51f34e1c7d4
SHA-256: a923ad91895597158bc20d32c58a50ca7e865f7eeb1c7ee97cda81d9b0551f14
 
x86_64:
boost-1.33.1-15.el5.i386.rpm
File outdated by:  RHSA-2013:0668
    MD5: 1e5a0f99ff9653fb0bc8ceb99e619e65
SHA-256: 0a7b5cb796e962078ec6af70e3252e9edbc488da65cce0fdc5c62f96b171f6d3
boost-1.33.1-15.el5.x86_64.rpm
File outdated by:  RHSA-2013:0668
    MD5: ddfead07bc19b099333c63c358e31f03
SHA-256: 4a2a3fcf3f80c4c234d70065572dc237fdf54a7e3da2544c0ea18f6973146ad4
boost-debuginfo-1.33.1-15.el5.i386.rpm
File outdated by:  RHSA-2013:0668
    MD5: 5858642668dd599367edecfb80b41e5d
SHA-256: d9e0dfe178f432f9f6a19c31265b7ad2681490848c8f0c9e582c3c70ac2686d4
boost-debuginfo-1.33.1-15.el5.x86_64.rpm
File outdated by:  RHSA-2013:0668
    MD5: 4a1bf33a6a901c6bb3785a356f258462
SHA-256: 4145e0d36fb91f46520aa07e6f4032d1c774b42d179866ac269e195156e35336
boost-devel-1.33.1-15.el5.i386.rpm
File outdated by:  RHSA-2013:0668
    MD5: 2e121c5d54d3f8a1fb868f05033cdebd
SHA-256: dcad10ee45908b36a9ec4e5b298b72967623dd9a943668c8e46c7a742a672bcb
boost-devel-1.33.1-15.el5.x86_64.rpm
File outdated by:  RHSA-2013:0668
    MD5: 339059a8697d70885f438a427014fe9b
SHA-256: e599d4bfd51a449dab87047090b598febd4b8b35e83e4db8c1c30b3901d5abfe
boost-doc-1.33.1-15.el5.x86_64.rpm
File outdated by:  RHSA-2013:0668
    MD5: d6bce041c752698ad2e18bbf524f63a4
SHA-256: 37cdb81d3551d96ef11e02a678a130dac7301f0945c36a4bfe789e0c897f48c8
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
boost-1.33.1-15.el5.src.rpm
File outdated by:  RHSA-2013:0668
    MD5: 55d9f7cab8fab7a2183d967d02b14a3b
SHA-256: 2f70527606dd116ad538948d6da6b3cdb5a83b4f1dd2d6341a7f6586aee4cb92
 
IA-32:
boost-1.33.1-15.el5.i386.rpm
File outdated by:  RHSA-2013:0668
    MD5: 1e5a0f99ff9653fb0bc8ceb99e619e65
SHA-256: 0a7b5cb796e962078ec6af70e3252e9edbc488da65cce0fdc5c62f96b171f6d3
boost-debuginfo-1.33.1-15.el5.i386.rpm
File outdated by:  RHSA-2013:0668
    MD5: 5858642668dd599367edecfb80b41e5d
SHA-256: d9e0dfe178f432f9f6a19c31265b7ad2681490848c8f0c9e582c3c70ac2686d4
boost-doc-1.33.1-15.el5.i386.rpm
File outdated by:  RHSA-2013:0668
    MD5: cb81cbbb970d9704bc56dbc742d996d7
SHA-256: 4ba264175ec3c44fd6782c1504326edf04df55688b9e0236736e95eef3319491
 
x86_64:
boost-1.33.1-15.el5.i386.rpm
File outdated by:  RHSA-2013:0668
    MD5: 1e5a0f99ff9653fb0bc8ceb99e619e65
SHA-256: 0a7b5cb796e962078ec6af70e3252e9edbc488da65cce0fdc5c62f96b171f6d3
boost-1.33.1-15.el5.x86_64.rpm
File outdated by:  RHSA-2013:0668
    MD5: ddfead07bc19b099333c63c358e31f03
SHA-256: 4a2a3fcf3f80c4c234d70065572dc237fdf54a7e3da2544c0ea18f6973146ad4
boost-debuginfo-1.33.1-15.el5.i386.rpm
File outdated by:  RHSA-2013:0668
    MD5: 5858642668dd599367edecfb80b41e5d
SHA-256: d9e0dfe178f432f9f6a19c31265b7ad2681490848c8f0c9e582c3c70ac2686d4
boost-debuginfo-1.33.1-15.el5.x86_64.rpm
File outdated by:  RHSA-2013:0668
    MD5: 4a1bf33a6a901c6bb3785a356f258462
SHA-256: 4145e0d36fb91f46520aa07e6f4032d1c774b42d179866ac269e195156e35336
boost-doc-1.33.1-15.el5.x86_64.rpm
File outdated by:  RHSA-2013:0668
    MD5: d6bce041c752698ad2e18bbf524f63a4
SHA-256: 37cdb81d3551d96ef11e02a678a130dac7301f0945c36a4bfe789e0c897f48c8
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

428316 - CVE-2008-0171 boost regular expression memory corruption flaws
428320 - CVE-2008-0172 boost regular expression NULL dereference flaw
472384 - Thread-safety bug in Boost.Regex-1.33.x
567722 - g++4.4 incompatible with numeric/ublas/matrix_sparse.hpp


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/