From Mageia wiki
Jump to: navigation, search

MGASA-2013-0061

Date: February 21st, 2013
Affected releases: 2
Media: Core


Description:
Boost.Locale library in Boost 1.48 to 1.52 including has a security flaw
(CVE-2013-0252): boost::locale::utf::utf_traits accepted some invalid
UTF-8 sequences. Applications that used these functions for UTF-8 input
validation could expose themselves to security threats as invalid UTF-8
sequece would be considered as valid.

The package has been patched to fix above security flaw.


Updated Packages:
i586:
boost-devel-doc-1.48.0-9.2.mga2.noarch.rpm
boost-examples-1.48.0-9.2.mga2.noarch.rpm
libboost_chrono1.48.0-1.48.0-9.2.mga2.i586.rpm
libboost_date_time1.48.0-1.48.0-9.2.mga2.i586.rpm
libboost-devel-1.48.0-9.2.mga2.i586.rpm
libboost_filesystem1.48.0-1.48.0-9.2.mga2.i586.rpm
libboost_graph1.48.0-1.48.0-9.2.mga2.i586.rpm
libboost_iostreams1.48.0-1.48.0-9.2.mga2.i586.rpm
libboost_locale1.48.0-1.48.0-9.2.mga2.i586.rpm
libboost_math1.48.0-1.48.0-9.2.mga2.i586.rpm
libboost_prg_exec_monitor1.48.0-1.48.0-9.2.mga2.i586.rpm
libboost_program_options1.48.0-1.48.0-9.2.mga2.i586.rpm
libboost_python1.48.0-1.48.0-9.2.mga2.i586.rpm
libboost_random1.48.0-1.48.0-9.2.mga2.i586.rpm
libboost_regex1.48.0-1.48.0-9.2.mga2.i586.rpm
libboost_serialization1.48.0-1.48.0-9.2.mga2.i586.rpm
libboost_signals1.48.0-1.48.0-9.2.mga2.i586.rpm
libboost-static-devel-1.48.0-9.2.mga2.i586.rpm
libboost_system1.48.0-1.48.0-9.2.mga2.i586.rpm
libboost_thread1.48.0-1.48.0-9.2.mga2.i586.rpm
libboost_timer1.48.0-1.48.0-9.2.mga2.i586.rpm
libboost_unit_test_framework1.48.0-1.48.0-9.2.mga2.i586.rpm
libboost_wave1.48.0-1.48.0-9.2.mga2.i586.rpm
libboost_wserialization1.48.0-1.48.0-9.2.mga2.i586.rpm
boost-debug-1.48.0-9.2.mga2.i586.rpm

x86_64:
boost-devel-doc-1.48.0-9.2.mga2.noarch.rpm
boost-examples-1.48.0-9.2.mga2.noarch.rpm
lib64boost_chrono1.48.0-1.48.0-9.2.mga2.x86_64.rpm
lib64boost_date_time1.48.0-1.48.0-9.2.mga2.x86_64.rpm
lib64boost-devel-1.48.0-9.2.mga2.x86_64.rpm
lib64boost_filesystem1.48.0-1.48.0-9.2.mga2.x86_64.rpm
lib64boost_graph1.48.0-1.48.0-9.2.mga2.x86_64.rpm
lib64boost_iostreams1.48.0-1.48.0-9.2.mga2.x86_64.rpm
lib64boost_locale1.48.0-1.48.0-9.2.mga2.x86_64.rpm
lib64boost_math1.48.0-1.48.0-9.2.mga2.x86_64.rpm
lib64boost_prg_exec_monitor1.48.0-1.48.0-9.2.mga2.x86_64.rpm
lib64boost_program_options1.48.0-1.48.0-9.2.mga2.x86_64.rpm
lib64boost_python1.48.0-1.48.0-9.2.mga2.x86_64.rpm
lib64boost_random1.48.0-1.48.0-9.2.mga2.x86_64.rpm
lib64boost_regex1.48.0-1.48.0-9.2.mga2.x86_64.rpm
lib64boost_serialization1.48.0-1.48.0-9.2.mga2.x86_64.rpm
lib64boost_signals1.48.0-1.48.0-9.2.mga2.x86_64.rpm
lib64boost-static-devel-1.48.0-9.2.mga2.x86_64.rpm
lib64boost_system1.48.0-1.48.0-9.2.mga2.x86_64.rpm
lib64boost_thread1.48.0-1.48.0-9.2.mga2.x86_64.rpm
lib64boost_timer1.48.0-1.48.0-9.2.mga2.x86_64.rpm
lib64boost_unit_test_framework1.48.0-1.48.0-9.2.mga2.x86_64.rpm
lib64boost_wave1.48.0-1.48.0-9.2.mga2.x86_64.rpm
lib64boost_wserialization1.48.0-1.48.0-9.2.mga2.x86_64.rpm
boost-debug-1.48.0-9.2.mga2.x86_64.rpm

SRPMS:
boost-1.48.0-9.2.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0252
http://www.boost.org/users/news/boost_locale_security_notice.html
http://www.ubuntu.com/usn/usn-1727-1/
https://bugs.mageia.org/show_bug.cgi?id=9127

Retrieved from "https://wiki.mageia.org/mw-en/index.php?title=Support/Advisories/MGASA-2013-0061&oldid=14603"