Will Drewry reported several flaws in boost's regular expression library. These
malformed regular expressions could possibly lead to arbitrary code execution.
Public in upstream SVN, lifting embargo:
boost-1.34.1-7.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update boost'
boost-1.34.1-7.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue did not affect the version of boost as shipped with Red Hat Enterprise Linux 4 and 6. This issue was addressed in boost packages in Red Hat Enterprise Linux 5 via RHSA-2012:0305.
Red Hat would like to thank Will Drewry for reporting these issues.
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2012:0305 https://rhn.redhat.com/errata/RHSA-2012-0305.html