Scientific Linux Security Update : boost on SL5.x i386/x86_64

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

The boost packages provide free, peer-reviewed, portable C++ source
libraries with emphasis on libraries which work well with the C++
Standard Library.

Invalid pointer dereference flaws were found in the way the Boost
regular expression library processed certain, invalid expressions. An
attacker able to make an application using the Boost library process a
specially crafted regular expression could cause that application to
crash or, potentially, execute arbitrary code with the privileges of
the user running the application. (CVE-2008-0171)

NULL pointer dereference flaws were found in the way the Boost regular
expression library processed certain, invalid expressions. An attacker
able to make an application using the Boost library process a
specially crafted regular expression could cause that application to
crash. (CVE-2008-0172)

This update also fixes the following bugs :

- Prior to this update, the construction of a regular
expression object could fail when several regular
expression objects were created simultaneously, such as
in a multi-threaded program. With this update, the
object variables have been moved from the shared memory
to the stack. Now, the constructing function is thread
safe.

- Prior to this update, header files in several Boost
libraries contained preprocessor directives that the GNU
Compiler Collection (GCC) 4.4 could not handle. This
update instead uses equivalent constructs that are
standard C.

All users of boost are advised to upgrade to these updated packages,
which fix these issues.

See also :

http://www.nessus.org/u?c18b9ced

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 61256 ()

Bugtraq ID:

CVE ID: CVE-2008-0171
CVE-2008-0172