Upstream information

CVE-2008-0171 at MITRE

Description

regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entry: 353180 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • boost-license >= 1.36.0-11.17
  • libboost_program_options1_36_0 >= 1.36.0-11.17
  • libboost_regex1_36_0 >= 1.36.0-11.17
  • libboost_signals1_36_0 >= 1.36.0-11.17
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA boost-license
SUSE Linux Enterprise Server 11 SP2
  • boost-license >= 1.36.0-11.17
  • libboost_program_options1_36_0 >= 1.36.0-11.17
  • libboost_regex1_36_0 >= 1.36.0-11.17
  • libboost_signals1_36_0 >= 1.36.0-11.17
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA boost-license
SUSE Linux Enterprise Server 11 SP3
  • boost-license >= 1.36.0-12.3.1
  • libboost_program_options1_36_0 >= 1.36.0-12.3.1
  • libboost_regex1_36_0 >= 1.36.0-12.3.1
  • libboost_signals1_36_0 >= 1.36.0-12.3.1
  • libboost_thread1_36_0 >= 1.36.0-12.3.1
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA boost-license
SUSE Linux Enterprise Server 11 SP4
  • boost-license >= 1.36.0-12.6.49
  • boost-license1_49_0 >= 1.49.0-0.13.3
  • libboost_program_options1_36_0 >= 1.36.0-12.6.49
  • libboost_regex1_36_0 >= 1.36.0-12.6.49
  • libboost_signals1_36_0 >= 1.36.0-12.6.49
  • libboost_system1_49_0 >= 1.49.0-0.13.3
  • libboost_thread1_36_0 >= 1.36.0-12.6.49
  • libboost_thread1_49_0 >= 1.49.0-0.13.3
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA boost-license
SUSE Linux Enterprise Software Development Kit 11 SP4
  • boost-devel >= 1.36.0-12.6.49
  • boost-devel-32bit >= 1.36.0-12.6.49
  • boost-doc >= 1.36.0-12.6.49
  • libboost_date_time1_36_0 >= 1.36.0-12.6.49
  • libboost_date_time1_36_0-32bit >= 1.36.0-12.6.49
  • libboost_filesystem1_36_0 >= 1.36.0-12.6.49
  • libboost_filesystem1_36_0-32bit >= 1.36.0-12.6.49
  • libboost_graph1_36_0 >= 1.36.0-12.6.49
  • libboost_graph1_36_0-32bit >= 1.36.0-12.6.49
  • libboost_iostreams1_36_0 >= 1.36.0-12.6.49
  • libboost_iostreams1_36_0-32bit >= 1.36.0-12.6.49
  • libboost_math1_36_0 >= 1.36.0-12.6.49
  • libboost_math1_36_0-32bit >= 1.36.0-12.6.49
  • libboost_mpi1_36_0 >= 1.36.0-12.6.49
  • libboost_program_options1_36_0 >= 1.36.0-12.6.49
  • libboost_program_options1_36_0-32bit >= 1.36.0-12.6.49
  • libboost_python1_36_0 >= 1.36.0-12.6.49
  • libboost_python1_36_0-32bit >= 1.36.0-12.6.49
  • libboost_regex1_36_0 >= 1.36.0-12.6.49
  • libboost_regex1_36_0-32bit >= 1.36.0-12.6.49
  • libboost_serialization1_36_0 >= 1.36.0-12.6.49
  • libboost_serialization1_36_0-32bit >= 1.36.0-12.6.49
  • libboost_signals1_36_0-32bit >= 1.36.0-12.6.49
  • libboost_system1_36_0 >= 1.36.0-12.6.49
  • libboost_system1_36_0-32bit >= 1.36.0-12.6.49
  • libboost_test1_36_0 >= 1.36.0-12.6.49
  • libboost_test1_36_0-32bit >= 1.36.0-12.6.49
  • libboost_thread1_36_0 >= 1.36.0-12.6.49
  • libboost_thread1_36_0-32bit >= 1.36.0-12.6.49
  • libboost_wave1_36_0 >= 1.36.0-12.6.49
  • libboost_wave1_36_0-32bit >= 1.36.0-12.6.49
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA boost-devel
SUSE LINUX 10.1
  • boost >= 1.33.1-17.7
  • boost-64bit >= 1.33.1-17.7
  • boost-devel >= 1.33.1-17.7
  • boost-devel-64bit >= 1.33.1-17.7
  • boost-doc >= 1.33.1-17.7