| |||||||||||||||||||
Mageia alert MGASA-2012-0151 (boost)
MGASA-2012-0151 Date: July 10th, 2012 Affected releases: 1, 2 Description: Updated boost packages fix security vulnerability: A security flaw was found in the way ordered_malloc() routine implementation in Boost, the free peer-reviewed portable C++ source libraries, performed 'next-size' and 'max_size' parameters sanitization, when allocating memory. If an application, using the Boost C++ source libraries for memory allocation, was missing application-level checks for safety of 'next_size' and 'max_size' values, a remote attacker could provide a specially-crafted application-specific file (requiring runtime memory allocation it to be processed correctly) that, when opened would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application (CVE-2012-2677). Updated Packages: Mageia 1: lib(64)boost_date_time1.44.0-1.44.0-6.1.mga1 lib(64)boost_filesystem1.44.0-1.44.0-6.1.mga1 lib(64)boost_graph1.44.0-1.44.0-6.1.mga1 lib(64)boost_iostreams1.44.0-1.44.0-6.1.mga1 lib(64)boost_math_c99_1.44.0-1.44.0-6.1.mga1 lib(64)boost_math_c99f1.44.0-1.44.0-6.1.mga1 lib(64)boost_math_c99l1.44.0-1.44.0-6.1.mga1 lib(64)boost_math_tr1_1.44.0-1.44.0-6.1.mga1 lib(64)boost_math_tr1f1.44.0-1.44.0-6.1.mga1 lib(64)boost_math_tr1l1.44.0-1.44.0-6.1.mga1 lib(64)boost_prg_exec_monitor1.44.0-1.44.0-6.1.mga1 lib(64)boost_program_options1.44.0-1.44.0-6.1.mga1 lib(64)boost_python1.44.0-1.44.0-6.1.mga1 lib(64)boost_regex1.44.0-1.44.0-6.1.mga1 lib(64)boost_serialization1.44.0-1.44.0-6.1.mga1 lib(64)boost_signals1.44.0-1.44.0-6.1.mga1 lib(64)boost_system1.44.0-1.44.0-6.1.mga1 lib(64)boost_thread1.44.0-1.44.0-6.1.mga1 lib(64)boost_unit_test_framework1.44.0-1.44.0-6.1.mga1 lib(64)boost_wave1.44.0-1.44.0-6.1.mga1 lib(64)boost_wserialization1.44.0-1.44.0-6.1.mga1 lib(64)boost_random1.44.0-1.44.0-6.1.mga1 lib(64)boost-devel-1.44.0-6.1.mga1 lib(64)boost-devel-doc-1.44.0-6.1.mga1 lib(64)boost-static-devel-1.44.0-6.1.mga1 boost-examples-1.44.0-6.1.mga1 Mageia 2: lib(64)boost_chrono1.48.0-1.48.0-9.1.mga2 lib(64)boost_date_time1.48.0-1.48.0-9.1.mga2 lib(64)boost_filesystem1.48.0-1.48.0-9.1.mga2 lib(64)boost_graph1.48.0-1.48.0-9.1.mga2 lib(64)boost_iostreams1.48.0-1.48.0-9.1.mga2 lib(64)boost_locale1.48.0-1.48.0-9.1.mga2 lib(64)boost_math1.48.0-1.48.0-9.1.mga2 lib(64)boost_prg_exec_monitor1.48.0-1.48.0-9.1.mga2 lib(64)boost_program_options1.48.0-1.48.0-9.1.mga2 lib(64)boost_python1.48.0-1.48.0-9.1.mga2 lib(64)boost_random1.48.0-1.48.0-9.1.mga2 lib(64)boost_regex1.48.0-1.48.0-9.1.mga2 lib(64)boost_serialization1.48.0-1.48.0-9.1.mga2 lib(64)boost_signals1.48.0-1.48.0-9.1.mga2 lib(64)boost_system1.48.0-1.48.0-9.1.mga2 lib(64)boost_thread1.48.0-1.48.0-9.1.mga2 lib(64)boost_timer1.48.0-1.48.0-9.1.mga2 lib(64)boost_unit_test_framework1.48.0-1.48.0-9.1.mga2 lib(64)boost_wave1.48.0-1.48.0-9.1.mga2 lib(64)boost_wserialization1.48.0-1.48.0-9.1.mga2 lib(64)boost-devel-1.48.0-9.1.mga2 lib(64)boost-devel-doc-1.48.0-9.1.mga2 lib(64)boost-static-devel-1.48.0-9.1.mga2 boost-examples-1.48.0-9.1.mga2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2677 http://lists.fedoraproject.org/pipermail/package-announce... https://bugs.mageia.org/show_bug.cgi?id=6623 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-... (Log in to post comments)
|
|||||||||||||||||||