Wiki » Support/Advisories/MGASA-2012-0151

MGASA-2012-0151

Date:	July 10th, 2012
Affected releases:	1, 2

Description:
Updated boost packages fix security vulnerability:

A security flaw was found in the way ordered_malloc() routine
implementation in Boost, the free peer-reviewed portable C++ source
libraries, performed 'next-size' and 'max_size' parameters sanitization,
when allocating memory. If an application, using the Boost C++ source
libraries for memory allocation, was missing application-level checks
for safety of 'next_size' and 'max_size' values, a remote attacker could
provide a specially-crafted application-specific file (requiring runtime
memory allocation it to be processed correctly) that, when opened would
lead to that application crash, or, potentially arbitrary code execution
with the privileges of the user running the application (CVE-2012-2677).

Updated Packages:
Mageia 1:
lib(64)boost_date_time1.44.0-1.44.0-6.1.mga1
lib(64)boost_filesystem1.44.0-1.44.0-6.1.mga1
lib(64)boost_graph1.44.0-1.44.0-6.1.mga1
lib(64)boost_iostreams1.44.0-1.44.0-6.1.mga1
lib(64)boost_math_c99_1.44.0-1.44.0-6.1.mga1
lib(64)boost_math_c99f1.44.0-1.44.0-6.1.mga1
lib(64)boost_math_c99l1.44.0-1.44.0-6.1.mga1
lib(64)boost_math_tr1_1.44.0-1.44.0-6.1.mga1
lib(64)boost_math_tr1f1.44.0-1.44.0-6.1.mga1
lib(64)boost_math_tr1l1.44.0-1.44.0-6.1.mga1
lib(64)boost_prg_exec_monitor1.44.0-1.44.0-6.1.mga1
lib(64)boost_program_options1.44.0-1.44.0-6.1.mga1
lib(64)boost_python1.44.0-1.44.0-6.1.mga1
lib(64)boost_regex1.44.0-1.44.0-6.1.mga1
lib(64)boost_serialization1.44.0-1.44.0-6.1.mga1
lib(64)boost_signals1.44.0-1.44.0-6.1.mga1
lib(64)boost_system1.44.0-1.44.0-6.1.mga1
lib(64)boost_thread1.44.0-1.44.0-6.1.mga1
lib(64)boost_unit_test_framework1.44.0-1.44.0-6.1.mga1
lib(64)boost_wave1.44.0-1.44.0-6.1.mga1
lib(64)boost_wserialization1.44.0-1.44.0-6.1.mga1
lib(64)boost_random1.44.0-1.44.0-6.1.mga1
lib(64)boost-devel-1.44.0-6.1.mga1
lib(64)boost-devel-doc-1.44.0-6.1.mga1
lib(64)boost-static-devel-1.44.0-6.1.mga1
boost-examples-1.44.0-6.1.mga1

Mageia 2:
lib(64)boost_chrono1.48.0-1.48.0-9.1.mga2
lib(64)boost_date_time1.48.0-1.48.0-9.1.mga2
lib(64)boost_filesystem1.48.0-1.48.0-9.1.mga2
lib(64)boost_graph1.48.0-1.48.0-9.1.mga2
lib(64)boost_iostreams1.48.0-1.48.0-9.1.mga2
lib(64)boost_locale1.48.0-1.48.0-9.1.mga2
lib(64)boost_math1.48.0-1.48.0-9.1.mga2
lib(64)boost_prg_exec_monitor1.48.0-1.48.0-9.1.mga2
lib(64)boost_program_options1.48.0-1.48.0-9.1.mga2
lib(64)boost_python1.48.0-1.48.0-9.1.mga2
lib(64)boost_random1.48.0-1.48.0-9.1.mga2
lib(64)boost_regex1.48.0-1.48.0-9.1.mga2
lib(64)boost_serialization1.48.0-1.48.0-9.1.mga2
lib(64)boost_signals1.48.0-1.48.0-9.1.mga2
lib(64)boost_system1.48.0-1.48.0-9.1.mga2
lib(64)boost_thread1.48.0-1.48.0-9.1.mga2
lib(64)boost_timer1.48.0-1.48.0-9.1.mga2
lib(64)boost_unit_test_framework1.48.0-1.48.0-9.1.mga2
lib(64)boost_wave1.48.0-1.48.0-9.1.mga2
lib(64)boost_wserialization1.48.0-1.48.0-9.1.mga2
lib(64)boost-devel-1.48.0-9.1.mga2
lib(64)boost-devel-doc-1.48.0-9.1.mga2
lib(64)boost-static-devel-1.48.0-9.1.mga2
boost-examples-1.48.0-9.1.mga2

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2677
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082977.html
https://bugs.mageia.org/show_bug.cgi?id=6623

Wiki » Support/Advisories/MGASA-2012-0151

MGASA-2012-0151

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools