Moderate CentOS boost Update

Metadata

medium
5.0
boost-1.33.1-16.el5_9.i386.rpm, boost-1.33.1-16.el5_9.src.rpm, boost-1.33.1-16.el5_9.x86_64.rpm, boost-1.41.0-15.el6_4.i686.rpm, boost-1.41.0-15.el6_4.src.rpm, boost-1.41.0-15.el6_4.x86_64.rpm, boost-date-time-1.41.0-15.el6_4.i686.rpm, boost-date-time-1.41.0-15.el6_4.x86_64.rpm, boost-devel-1.33.1-16.el5_9.i386.rpm, boost-devel-1.33.1-16.el5_9.x86_64.rpm, boost-devel-1.41.0-15.el6_4.i686.rpm, boost-devel-1.41.0-15.el6_4.x86_64.rpm, boost-doc-1.33.1-16.el5_9.i386.rpm, boost-doc-1.33.1-16.el5_9.x86_64.rpm, boost-doc-1.41.0-15.el6_4.i686.rpm, boost-doc-1.41.0-15.el6_4.x86_64.rpm, boost-filesystem-1.41.0-15.el6_4.i686.rpm, boost-filesystem-1.41.0-15.el6_4.x86_64.rpm, boost-graph-1.41.0-15.el6_4.i686.rpm, boost-graph-1.41.0-15.el6_4.x86_64.rpm, boost-graph-mpich2-1.41.0-15.el6_4.i686.rpm, boost-graph-mpich2-1.41.0-15.el6_4.x86_64.rpm, boost-graph-openmpi-1.41.0-15.el6_4.i686.rpm, boost-graph-openmpi-1.41.0-15.el6_4.x86_64.rpm, boost-iostreams-1.41.0-15.el6_4.i686.rpm, boost-iostreams-1.41.0-15.el6_4.x86_64.rpm, boost-math-1.41.0-15.el6_4.i686.rpm, boost-math-1.41.0-15.el6_4.x86_64.rpm, boost-mpich2-1.41.0-15.el6_4.i686.rpm, boost-mpich2-1.41.0-15.el6_4.x86_64.rpm, boost-mpich2-devel-1.41.0-15.el6_4.i686.rpm, boost-mpich2-devel-1.41.0-15.el6_4.x86_64.rpm, boost-mpich2-python-1.41.0-15.el6_4.i686.rpm, boost-mpich2-python-1.41.0-15.el6_4.x86_64.rpm, boost-openmpi-1.41.0-15.el6_4.i686.rpm, boost-openmpi-1.41.0-15.el6_4.x86_64.rpm, boost-openmpi-devel-1.41.0-15.el6_4.i686.rpm, boost-openmpi-devel-1.41.0-15.el6_4.x86_64.rpm, boost-openmpi-python-1.41.0-15.el6_4.i686.rpm, boost-openmpi-python-1.41.0-15.el6_4.x86_64.rpm, boost-program-options-1.41.0-15.el6_4.i686.rpm, boost-program-options-1.41.0-15.el6_4.x86_64.rpm, boost-python-1.41.0-15.el6_4.i686.rpm, boost-python-1.41.0-15.el6_4.x86_64.rpm, boost-regex-1.41.0-15.el6_4.i686.rpm, boost-regex-1.41.0-15.el6_4.x86_64.rpm, boost-serialization-1.41.0-15.el6_4.i686.rpm, boost-serialization-1.41.0-15.el6_4.x86_64.rpm, boost-signals-1.41.0-15.el6_4.i686.rpm, boost-signals-1.41.0-15.el6_4.x86_64.rpm, boost-static-1.41.0-15.el6_4.i686.rpm, boost-static-1.41.0-15.el6_4.x86_64.rpm, boost-system-1.41.0-15.el6_4.i686.rpm, boost-system-1.41.0-15.el6_4.x86_64.rpm, boost-test-1.41.0-15.el6_4.i686.rpm, boost-test-1.41.0-15.el6_4.x86_64.rpm, boost-thread-1.41.0-15.el6_4.i686.rpm, boost-thread-1.41.0-15.el6_4.x86_64.rpm, boost-wave-1.41.0-15.el6_4.i686.rpm, boost-wave-1.41.0-15.el6_4.x86_64.rpm
CVE-2012-2677
rhn.redhat.com, lists.centos.org, lists.centos.org
2013-04-21
2017-07-27 19:05
CVE-2012-2677 boost1.49
CVE-2012-2677
2017-04-01 19:06
2017-01-05 20:11

Description


Updated boost packages that fix one security issue are now available for
Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The boost packages provide free, peer-reviewed, portable C++ source
libraries with emphasis on libraries which work well with the C++ Standard
Library.

A flaw was found in the way the ordered_malloc() routine in Boost sanitized
the 'next_size' and 'max_size' parameters when allocating memory. If an
application used the Boost C++ libraries for memory allocation, and
performed memory allocation based on user-supplied input, an attacker could
use this flaw to crash the application or, potentially, execute arbitrary
code with the privileges of the user running the application.
(CVE-2012-2677)

All users of boost are advised to upgrade to these updated packages, which
contain a backported patch to fix this issue.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
5 boost boost-1.33.1-16.el5_9.i386.rpm
boost boost-1.33.1-16.el5_9.src.rpm
boost boost-1.33.1-16.el5_9.x86_64.rpm
boost-devel boost-devel-1.33.1-16.el5_9.i386.rpm
boost-devel boost-devel-1.33.1-16.el5_9.x86_64.rpm
boost-doc boost-doc-1.33.1-16.el5_9.i386.rpm
boost-doc boost-doc-1.33.1-16.el5_9.x86_64.rpm
6 boost boost-1.41.0-15.el6_4.i686.rpm
boost boost-1.41.0-15.el6_4.src.rpm
boost boost-1.41.0-15.el6_4.x86_64.rpm
boost-date-time boost-date-time-1.41.0-15.el6_4.i686.rpm
boost-date-time boost-date-time-1.41.0-15.el6_4.x86_64.rpm
boost-devel boost-devel-1.41.0-15.el6_4.i686.rpm
boost-devel boost-devel-1.41.0-15.el6_4.x86_64.rpm
boost-doc boost-doc-1.41.0-15.el6_4.i686.rpm
boost-doc boost-doc-1.41.0-15.el6_4.x86_64.rpm
boost-filesystem boost-filesystem-1.41.0-15.el6_4.i686.rpm
boost-filesystem boost-filesystem-1.41.0-15.el6_4.x86_64.rpm
boost-graph boost-graph-1.41.0-15.el6_4.i686.rpm
boost-graph boost-graph-1.41.0-15.el6_4.x86_64.rpm
boost-graph-mpich2 boost-graph-mpich2-1.41.0-15.el6_4.i686.rpm
boost-graph-mpich2 boost-graph-mpich2-1.41.0-15.el6_4.x86_64.rpm
boost-graph-openmpi boost-graph-openmpi-1.41.0-15.el6_4.i686.rpm
boost-graph-openmpi boost-graph-openmpi-1.41.0-15.el6_4.x86_64.rpm
boost-iostreams boost-iostreams-1.41.0-15.el6_4.i686.rpm
boost-iostreams boost-iostreams-1.41.0-15.el6_4.x86_64.rpm
boost-math boost-math-1.41.0-15.el6_4.i686.rpm
boost-math boost-math-1.41.0-15.el6_4.x86_64.rpm
boost-mpich2 boost-mpich2-1.41.0-15.el6_4.i686.rpm
boost-mpich2 boost-mpich2-1.41.0-15.el6_4.x86_64.rpm
boost-mpich2-devel boost-mpich2-devel-1.41.0-15.el6_4.i686.rpm
boost-mpich2-devel boost-mpich2-devel-1.41.0-15.el6_4.x86_64.rpm
boost-mpich2-python boost-mpich2-python-1.41.0-15.el6_4.i686.rpm
boost-mpich2-python boost-mpich2-python-1.41.0-15.el6_4.x86_64.rpm
boost-openmpi boost-openmpi-1.41.0-15.el6_4.i686.rpm
boost-openmpi boost-openmpi-1.41.0-15.el6_4.x86_64.rpm
boost-openmpi-devel boost-openmpi-devel-1.41.0-15.el6_4.i686.rpm
boost-openmpi-devel boost-openmpi-devel-1.41.0-15.el6_4.x86_64.rpm
boost-openmpi-python boost-openmpi-python-1.41.0-15.el6_4.i686.rpm
boost-openmpi-python boost-openmpi-python-1.41.0-15.el6_4.x86_64.rpm
boost-program-options boost-program-options-1.41.0-15.el6_4.i686.rpm
boost-program-options boost-program-options-1.41.0-15.el6_4.x86_64.rpm
boost-python boost-python-1.41.0-15.el6_4.i686.rpm
boost-python boost-python-1.41.0-15.el6_4.x86_64.rpm
boost-regex boost-regex-1.41.0-15.el6_4.i686.rpm
boost-regex boost-regex-1.41.0-15.el6_4.x86_64.rpm
boost-serialization boost-serialization-1.41.0-15.el6_4.i686.rpm
boost-serialization boost-serialization-1.41.0-15.el6_4.x86_64.rpm
boost-signals boost-signals-1.41.0-15.el6_4.i686.rpm
boost-signals boost-signals-1.41.0-15.el6_4.x86_64.rpm
boost-static boost-static-1.41.0-15.el6_4.i686.rpm
boost-static boost-static-1.41.0-15.el6_4.x86_64.rpm
boost-system boost-system-1.41.0-15.el6_4.i686.rpm
boost-system boost-system-1.41.0-15.el6_4.x86_64.rpm
boost-test boost-test-1.41.0-15.el6_4.i686.rpm
boost-test boost-test-1.41.0-15.el6_4.x86_64.rpm
boost-thread boost-thread-1.41.0-15.el6_4.i686.rpm
boost-thread boost-thread-1.41.0-15.el6_4.x86_64.rpm
boost-wave boost-wave-1.41.0-15.el6_4.i686.rpm
boost-wave boost-wave-1.41.0-15.el6_4.x86_64.rpm