Moderate: boost (SL5, SL6)

By Scientific Linux Team on March 21, 2013

Synopsis: Moderate: boost security update
Issue Date: 2013-03-21
CVE Numbers: CVE-2012-2677

A flaw was found in the way the ordered_malloc() routine in Boost
sanitized the ‘next_size’ and ‘max_size’ parameters when allocating
memory. If an application used the Boost C++ libraries for memory
allocation, and performed memory allocation based on user-supplied input,
an attacker could use this flaw to crash the application or, potentially,
execute arbitrary code with the privileges of the user running the
application. (CVE-2012-2677)

SL5
x86_64
boost-1.33.1-16.el5_9.i386.rpm
boost-1.33.1-16.el5_9.x86_64.rpm
boost-debuginfo-1.33.1-16.el5_9.i386.rpm
boost-debuginfo-1.33.1-16.el5_9.x86_64.rpm
boost-doc-1.33.1-16.el5_9.x86_64.rpm
boost-devel-1.33.1-16.el5_9.i386.rpm
boost-devel-1.33.1-16.el5_9.x86_64.rpm
i386
boost-1.33.1-16.el5_9.i386.rpm
boost-debuginfo-1.33.1-16.el5_9.i386.rpm
boost-doc-1.33.1-16.el5_9.i386.rpm
boost-devel-1.33.1-16.el5_9.i386.rpm
SL6
x86_64
boost-1.41.0-15.el6_4.x86_64.rpm
boost-date-time-1.41.0-15.el6_4.i686.rpm
boost-date-time-1.41.0-15.el6_4.x86_64.rpm
boost-debuginfo-1.41.0-15.el6_4.i686.rpm
boost-debuginfo-1.41.0-15.el6_4.x86_64.rpm
boost-filesystem-1.41.0-15.el6_4.i686.rpm
boost-filesystem-1.41.0-15.el6_4.x86_64.rpm
boost-graph-1.41.0-15.el6_4.i686.rpm
boost-graph-1.41.0-15.el6_4.x86_64.rpm
boost-iostreams-1.41.0-15.el6_4.i686.rpm
boost-iostreams-1.41.0-15.el6_4.x86_64.rpm
boost-program-options-1.41.0-15.el6_4.i686.rpm
boost-program-options-1.41.0-15.el6_4.x86_64.rpm
boost-python-1.41.0-15.el6_4.x86_64.rpm
boost-regex-1.41.0-15.el6_4.i686.rpm
boost-regex-1.41.0-15.el6_4.x86_64.rpm
boost-serialization-1.41.0-15.el6_4.i686.rpm
boost-serialization-1.41.0-15.el6_4.x86_64.rpm
boost-signals-1.41.0-15.el6_4.i686.rpm
boost-signals-1.41.0-15.el6_4.x86_64.rpm
boost-system-1.41.0-15.el6_4.i686.rpm
boost-system-1.41.0-15.el6_4.x86_64.rpm
boost-test-1.41.0-15.el6_4.i686.rpm
boost-test-1.41.0-15.el6_4.x86_64.rpm
boost-thread-1.41.0-15.el6_4.i686.rpm
boost-thread-1.41.0-15.el6_4.x86_64.rpm
boost-wave-1.41.0-15.el6_4.i686.rpm
boost-wave-1.41.0-15.el6_4.x86_64.rpm
boost-devel-1.41.0-15.el6_4.x86_64.rpm
boost-doc-1.41.0-15.el6_4.x86_64.rpm
boost-graph-mpich2-1.41.0-15.el6_4.x86_64.rpm
boost-graph-openmpi-1.41.0-15.el6_4.x86_64.rpm
boost-math-1.41.0-15.el6_4.x86_64.rpm
boost-mpich2-1.41.0-15.el6_4.x86_64.rpm
boost-mpich2-devel-1.41.0-15.el6_4.x86_64.rpm
boost-mpich2-python-1.41.0-15.el6_4.x86_64.rpm
boost-openmpi-1.41.0-15.el6_4.x86_64.rpm
boost-openmpi-devel-1.41.0-15.el6_4.x86_64.rpm
boost-openmpi-python-1.41.0-15.el6_4.x86_64.rpm
boost-static-1.41.0-15.el6_4.x86_64.rpm
i386
boost-1.41.0-15.el6_4.i686.rpm
boost-date-time-1.41.0-15.el6_4.i686.rpm
boost-debuginfo-1.41.0-15.el6_4.i686.rpm
boost-filesystem-1.41.0-15.el6_4.i686.rpm
boost-graph-1.41.0-15.el6_4.i686.rpm
boost-iostreams-1.41.0-15.el6_4.i686.rpm
boost-program-options-1.41.0-15.el6_4.i686.rpm
boost-python-1.41.0-15.el6_4.i686.rpm
boost-regex-1.41.0-15.el6_4.i686.rpm
boost-serialization-1.41.0-15.el6_4.i686.rpm
boost-signals-1.41.0-15.el6_4.i686.rpm
boost-system-1.41.0-15.el6_4.i686.rpm
boost-test-1.41.0-15.el6_4.i686.rpm
boost-thread-1.41.0-15.el6_4.i686.rpm
boost-wave-1.41.0-15.el6_4.i686.rpm
boost-devel-1.41.0-15.el6_4.i686.rpm
boost-doc-1.41.0-15.el6_4.i686.rpm
boost-graph-mpich2-1.41.0-15.el6_4.i686.rpm
boost-graph-openmpi-1.41.0-15.el6_4.i686.rpm
boost-math-1.41.0-15.el6_4.i686.rpm
boost-mpich2-1.41.0-15.el6_4.i686.rpm
boost-mpich2-devel-1.41.0-15.el6_4.i686.rpm
boost-mpich2-python-1.41.0-15.el6_4.i686.rpm
boost-openmpi-1.41.0-15.el6_4.i686.rpm
boost-openmpi-devel-1.41.0-15.el6_4.i686.rpm
boost-openmpi-python-1.41.0-15.el6_4.i686.rpm
boost-static-1.41.0-15.el6_4.i686.rpm

– Scientific Linux Development Team