This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated boost packages that fix one security issue are now available
for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having
moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.
The boost packages provide free, peer-reviewed, portable C++ source
libraries with emphasis on libraries which work well with the C++
A flaw was found in the way the ordered_malloc() routine in Boost
sanitized the 'next_size' and 'max_size' parameters when allocating
memory. If an application used the Boost C++ libraries for memory
allocation, and performed memory allocation based on user-supplied
input, an attacker could use this flaw to crash the application or,
potentially, execute arbitrary code with the privileges of the user
running the application. (CVE-2012-2677)
All users of boost are advised to upgrade to these updated packages,
which contain a backported patch to fix this issue.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0
Family: Red Hat Local Security Checks
Nessus Plugin ID: 65651 ()
CVE ID: CVE-2012-2677