exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2008-032

Mandriva Linux Security Advisory 2008-032
Posted Feb 3, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Tavis Ormandy and Will Drewry found that the bost library did not properly perform input validation on regular expressions. An attacker could exploit this by sening a specially crafted regular expression to an application linked against boost and cause a denial of service via an application crash.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2008-0171, CVE-2008-0172
SHA-256 | 163e8e008d1c94c33974ee04a432d6ad84565fb27b5cd2d5d7b15efd6c25a285

Mandriva Linux Security Advisory 2008-032

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:032
http://www.mandriva.com/security/
_______________________________________________________________________

Package : boost
Date : February 1, 2008
Affected: 2007.0, 2007.1, 2008.0
_______________________________________________________________________

Problem Description:

Tavis Ormandy and Will Drewry found that the bost library did not
properly perform input validation on regular expressions. An attacker
could exploit this by sening a specially crafted regular expression
to an application linked against boost and cause a denial of service
via an application crash.

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0172
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
050747f9a2c9557d33977d9bd51184b2 2007.0/i586/libboost1-1.33.1-3.1mdv2007.0.i586.rpm
447ac5fc34d29669c8a21b7abd677413 2007.0/i586/libboost1-devel-1.33.1-3.1mdv2007.0.i586.rpm
4b4b7ff3d032516cd2f22af208ef7d3b 2007.0/i586/libboost1-examples-1.33.1-3.1mdv2007.0.i586.rpm
b084ed15b24c16e41ea2660732d1fa53 2007.0/i586/libboost1-static-devel-1.33.1-3.1mdv2007.0.i586.rpm
4b9252988703c7360d91138aa1b738b7 2007.0/SRPMS/boost-1.33.1-3.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
9b983d8a118824218998792630a93368 2007.0/x86_64/lib64boost1-1.33.1-3.1mdv2007.0.x86_64.rpm
f975c8790f99728dd3635b0a79a2b639 2007.0/x86_64/lib64boost1-devel-1.33.1-3.1mdv2007.0.x86_64.rpm
8349cb46e64007d854902abe784278d8 2007.0/x86_64/lib64boost1-examples-1.33.1-3.1mdv2007.0.x86_64.rpm
8781b8e9cac3079e22be542dc89679e0 2007.0/x86_64/lib64boost1-static-devel-1.33.1-3.1mdv2007.0.x86_64.rpm
4b9252988703c7360d91138aa1b738b7 2007.0/SRPMS/boost-1.33.1-3.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
4e2b108f19e9e77cacd23f950a287c1a 2007.1/i586/libboost1-1.33.1-5.1mdv2007.1.i586.rpm
953ecb0bb51516d5a860947c6ec3cca3 2007.1/i586/libboost1-devel-1.33.1-5.1mdv2007.1.i586.rpm
cec00f6e2461c188e12248ec1085b64a 2007.1/i586/libboost1-examples-1.33.1-5.1mdv2007.1.i586.rpm
7f3150b483155ba9ddc5ce9b9c6a24b1 2007.1/i586/libboost1-static-devel-1.33.1-5.1mdv2007.1.i586.rpm
0133bec4e45c53c26b59fe599b0c2ef3 2007.1/SRPMS/boost-1.33.1-5.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
55150e1ce05e3d3385815648cd4924ba 2007.1/x86_64/lib64boost1-1.33.1-5.1mdv2007.1.x86_64.rpm
93d7474def1e122c4ddf5fab1e81dfd6 2007.1/x86_64/lib64boost1-devel-1.33.1-5.1mdv2007.1.x86_64.rpm
59dd3438007e7d383d3cbaa1b2eacb38 2007.1/x86_64/lib64boost1-examples-1.33.1-5.1mdv2007.1.x86_64.rpm
a213a0ee7cdc1b75fbbde6835a7295db 2007.1/x86_64/lib64boost1-static-devel-1.33.1-5.1mdv2007.1.x86_64.rpm
0133bec4e45c53c26b59fe599b0c2ef3 2007.1/SRPMS/boost-1.33.1-5.1mdv2007.1.src.rpm

Mandriva Linux 2008.0:
e184b23843e35d7365033cc6cb45f2dd 2008.0/i586/libboost1-1.33.1-6.1mdv2008.0.i586.rpm
6fa2ca96cb71d8bd3e54aa2f05118017 2008.0/i586/libboost1-devel-1.33.1-6.1mdv2008.0.i586.rpm
aa82d51548030d03ad1e86a174013333 2008.0/i586/libboost1-examples-1.33.1-6.1mdv2008.0.i586.rpm
42d0e230fca8ac7b094f9d159e9d8758 2008.0/i586/libboost1-static-devel-1.33.1-6.1mdv2008.0.i586.rpm
e4b3da7cdfb5210d65c5b60556e9744e 2008.0/SRPMS/boost-1.33.1-6.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
af70bbe3671b92f97d09e845682609ca 2008.0/x86_64/lib64boost1-1.33.1-6.1mdv2008.0.x86_64.rpm
3597c04eea3dea15c278cdb3f0bbcc8e 2008.0/x86_64/lib64boost1-devel-1.33.1-6.1mdv2008.0.x86_64.rpm
65468c84027dbe61a43146a82a5a76e8 2008.0/x86_64/lib64boost1-examples-1.33.1-6.1mdv2008.0.x86_64.rpm
3a6b5ed6fffb8d18358729afb1f9ebc1 2008.0/x86_64/lib64boost1-static-devel-1.33.1-6.1mdv2008.0.x86_64.rpm
e4b3da7cdfb5210d65c5b60556e9744e 2008.0/SRPMS/boost-1.33.1-6.1mdv2008.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHo3O/mqjQ0CJFipgRAozdAJ0Qe58yTq1/ixDFIv1agB1CsHNDTQCgzkD0
ElZ73niXQ2YtpGfyYZP4y2g=
=5OJm
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close