MGASA-2012-0151
Date: | July 10th, 2012 |
Affected releases: | 1, 2 |
Description:
Updated boost packages fix security vulnerability:
A security flaw was found in the way ordered_malloc() routine
implementation in Boost, the free peer-reviewed portable C++ source
libraries, performed 'next-size' and 'max_size' parameters sanitization,
when allocating memory. If an application, using the Boost C++ source
libraries for memory allocation, was missing application-level checks
for safety of 'next_size' and 'max_size' values, a remote attacker could
provide a specially-crafted application-specific file (requiring runtime
memory allocation it to be processed correctly) that, when opened would
lead to that application crash, or, potentially arbitrary code execution
with the privileges of the user running the application (CVE-2012-2677).
Updated Packages:
Mageia 1:
lib(64)boost_date_time1.44.0-1.44.0-6.1.mga1
lib(64)boost_filesystem1.44.0-1.44.0-6.1.mga1
lib(64)boost_graph1.44.0-1.44.0-6.1.mga1
lib(64)boost_iostreams1.44.0-1.44.0-6.1.mga1
lib(64)boost_math_c99_1.44.0-1.44.0-6.1.mga1
lib(64)boost_math_c99f1.44.0-1.44.0-6.1.mga1
lib(64)boost_math_c99l1.44.0-1.44.0-6.1.mga1
lib(64)boost_math_tr1_1.44.0-1.44.0-6.1.mga1
lib(64)boost_math_tr1f1.44.0-1.44.0-6.1.mga1
lib(64)boost_math_tr1l1.44.0-1.44.0-6.1.mga1
lib(64)boost_prg_exec_monitor1.44.0-1.44.0-6.1.mga1
lib(64)boost_program_options1.44.0-1.44.0-6.1.mga1
lib(64)boost_python1.44.0-1.44.0-6.1.mga1
lib(64)boost_regex1.44.0-1.44.0-6.1.mga1
lib(64)boost_serialization1.44.0-1.44.0-6.1.mga1
lib(64)boost_signals1.44.0-1.44.0-6.1.mga1
lib(64)boost_system1.44.0-1.44.0-6.1.mga1
lib(64)boost_thread1.44.0-1.44.0-6.1.mga1
lib(64)boost_unit_test_framework1.44.0-1.44.0-6.1.mga1
lib(64)boost_wave1.44.0-1.44.0-6.1.mga1
lib(64)boost_wserialization1.44.0-1.44.0-6.1.mga1
lib(64)boost_random1.44.0-1.44.0-6.1.mga1
lib(64)boost-devel-1.44.0-6.1.mga1
lib(64)boost-devel-doc-1.44.0-6.1.mga1
lib(64)boost-static-devel-1.44.0-6.1.mga1
boost-examples-1.44.0-6.1.mga1
Mageia 2:
lib(64)boost_chrono1.48.0-1.48.0-9.1.mga2
lib(64)boost_date_time1.48.0-1.48.0-9.1.mga2
lib(64)boost_filesystem1.48.0-1.48.0-9.1.mga2
lib(64)boost_graph1.48.0-1.48.0-9.1.mga2
lib(64)boost_iostreams1.48.0-1.48.0-9.1.mga2
lib(64)boost_locale1.48.0-1.48.0-9.1.mga2
lib(64)boost_math1.48.0-1.48.0-9.1.mga2
lib(64)boost_prg_exec_monitor1.48.0-1.48.0-9.1.mga2
lib(64)boost_program_options1.48.0-1.48.0-9.1.mga2
lib(64)boost_python1.48.0-1.48.0-9.1.mga2
lib(64)boost_random1.48.0-1.48.0-9.1.mga2
lib(64)boost_regex1.48.0-1.48.0-9.1.mga2
lib(64)boost_serialization1.48.0-1.48.0-9.1.mga2
lib(64)boost_signals1.48.0-1.48.0-9.1.mga2
lib(64)boost_system1.48.0-1.48.0-9.1.mga2
lib(64)boost_thread1.48.0-1.48.0-9.1.mga2
lib(64)boost_timer1.48.0-1.48.0-9.1.mga2
lib(64)boost_unit_test_framework1.48.0-1.48.0-9.1.mga2
lib(64)boost_wave1.48.0-1.48.0-9.1.mga2
lib(64)boost_wserialization1.48.0-1.48.0-9.1.mga2
lib(64)boost-devel-1.48.0-9.1.mga2
lib(64)boost-devel-doc-1.48.0-9.1.mga2
lib(64)boost-static-devel-1.48.0-9.1.mga2
boost-examples-1.48.0-9.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2677
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082977.html
https://bugs.mageia.org/show_bug.cgi?id=6623