Referenced CVEs:
CVE-2008-0171, CVE-2008-0172
Description:
=========================================================== Ubuntu Security Notice USN-570-1 January 16, 2008boost vulnerabilitiesCVE-2008-0171, CVE-2008-0172===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 6.10Ubuntu 7.04Ubuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libboost-regex1.33.1 1.33.1-2ubuntu0.1Ubuntu 6.10: libboost-regex1.33.1 1.33.1-7ubuntu1.1Ubuntu 7.04: libboost-regex1.33.1 1.33.1-9ubuntu3.1Ubuntu 7.10: libboost-regex1.34.1 1.34.1-2ubuntu1.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Will Drewry and Tavis Ormandy discovered that the boost library did not properly perform input validation on regular expressions.An attacker could send a specially crafted regular expression toan application linked against boost and cause a denial of servicevia application crash.
More...
