Mandriva Linux Security Advisory : boost (MDVSA-2013:065)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Updated boost packages fix security vulnerability :

A security flaw was found in the way ordered_malloc() routine
implementation in Boost, the free peer-reviewed portable C++ source
libraries, performed 'next-size' and 'max_size' parameters
sanitization, when allocating memory. If an application, using the
Boost C++ source libraries for memory allocation, was missing
application-level checks for safety of 'next_size' and 'max_size'
values, a remote attacker could provide a specially crafted
application-specific file (requiring runtime memory allocation it to
be processed correctly) that, when opened would lead to that
application crash, or, potentially arbitrary code execution with the
privileges of the user running the application (CVE-2012-2677).

Boost.Locale library in Boost 1.48 to 1.52 including has a security
flaw (CVE-2013-0252): boost::locale::utf::utf_traits accepted some
invalid UTF-8 sequences. Applications that used these functions for
UTF-8 input validation could expose themselves to security threats as
invalid UTF-8 sequece would be considered as valid.

The package has been patched to fix above security flaw.

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 66079 ()

Bugtraq ID: 54233
57675

CVE ID: CVE-2012-2677
CVE-2013-0252

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now