{"cve": [{"lastseen": "2016-09-03T16:40:05", "bulletinFamily": "NVD", "description": "Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected.", "modified": "2013-12-05T00:14:10", "published": "2012-07-25T15:55:03", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2677", "id": "CVE-2012-2677", "title": "CVE-2012-2677", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "f5": [{"lastseen": "2019-02-20T21:07:40", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 416372 (BIG-IP and BIG-IQ), ID 530267 (Enterprise Manager), and LRS-55554 (LineRate) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H532538 on the **Diagnostics **> **Identified **> **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 HF1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.1 HF1 \n11.5.4 HF2| Low| boost memory allocator \nBIG-IP AAM| 11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 HF1| 12.0.0 \n11.6.1 HF1 \n11.5.4 HF2| Low| boost memory allocator \nBIG-IP AFM| 11.6.0 - 11.6.1 \n11.3.0 - 11.5.4 HF1| 12.0.0 \n11.6.1 HF1 \n11.5.4 HF2| Low| boost memory allocator \nBIG-IP Analytics| 11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 HF1| 12.0.0 \n11.6.1 HF1 \n11.5.4 HF2| Low| boost memory allocator \nBIG-IP APM| 11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 HF1 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 HF1 \n11.5.4 HF2| Low| boost memory allocator \nBIG-IP ASM| 11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 HF1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.1 HF1 \n11.5.4 HF2| Low| boost memory allocator \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| boost memory allocator \nBIG-IP GTM| 11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 HF1 \n10.0.0 - 10.2.4| 11.6.1 HF1 \n11.5.4 HF2| Low| boost memory allocator \nBIG-IP Link Controller| 11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 HF1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.1 HF1 \n11.5.4 HF2| Low| boost memory allocator \nBIG-IP PEM| 11.6.0 - 11.6.1 \n11.3.0 - 11.5.4 HF1| 12.0.0 \n11.6.1 HF1 \n11.5.4 HF2| Low| boost memory allocator \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| None| Low| boost memory allocator \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| None| Low| boost memory allocator \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| None| Low| boost memory allocator \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| boost memory allocator \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| boost memory allocator \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| boost memory allocator \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| boost memory allocator \nBIG-IQ ADC| 4.5.0| None| Low| boost memory allocator \nLineRate| 2.5.0 - 2.6.0| None| Low| boost memory allocator \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the **Severity **value. Security Advisory articles published before this date do not list a **Severity** value.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n", "modified": "2018-06-10T01:58:00", "published": "2015-07-10T21:52:00", "id": "F5:K16946", "href": "https://support.f5.com/csp/article/K16946", "title": "Boost memory allocator vulnerability CVE-2012-2677", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:19", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL4602: Overview of the F5 security vulnerability response policy\n", "modified": "2016-09-01T00:00:00", "published": "2015-07-10T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/900/sol16946.html", "id": "SOL16946", "title": "SOL16946 - Boost memory allocator vulnerability CVE-2012-2677", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-01-02T10:57:40", "bulletinFamily": "scanner", "description": "Check for the Version of boost", "modified": "2017-12-27T00:00:00", "published": "2012-08-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864496", "id": "OPENVAS:864496", "title": "Fedora Update for boost FEDORA-2012-9818", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for boost FEDORA-2012-9818\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"boost on Fedora 17\";\ntag_insight = \"Boost provides free peer-reviewed portable C++ source libraries. The\n emphasis is on libraries which work well with the C++ Standard\n Library, in the hopes of establishing "existing practice" for\n extensions and providing reference implementations so that the Boost\n libraries are suitable for eventual standardization. (Some of the\n libraries have already been proposed for inclusion in the C++\n Standards Committee's upcoming C++ Standard Library Technical Report.)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082977.html\");\n script_id(864496);\n script_cve_id(\"CVE-2012-2677\");\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:35:00 +0530 (Thu, 30 Aug 2012)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-9818\");\n script_name(\"Fedora Update for boost FEDORA-2012-9818\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of boost\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"boost\", rpm:\"boost~1.48.0~13.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-26T11:10:29", "bulletinFamily": "scanner", "description": "Check for the Version of boost", "modified": "2018-01-25T00:00:00", "published": "2013-03-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870968", "id": "OPENVAS:870968", "title": "RedHat Update for boost RHSA-2013:0668-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for boost RHSA-2013:0668-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The boost packages provide free, peer-reviewed, portable C++ source\n libraries with emphasis on libraries which work well with the C++ Standard\n Library.\n\n A flaw was found in the way the ordered_malloc() routine in Boost sanitized\n the 'next_size' and 'max_size' parameters when allocating memory. If an\n application used the Boost C++ libraries for memory allocation, and\n performed memory allocation based on user-supplied input, an attacker could\n use this flaw to crash the application or, potentially, execute arbitrary\n code with the privileges of the user running the application.\n (CVE-2012-2677)\n\n All users of boost are advised to upgrade to these updated packages, which\n contain a backported patch to fix this issue.\";\n\n\ntag_affected = \"boost on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-March/msg00061.html\");\n script_id(870968);\n script_version(\"$Revision: 8526 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 07:57:37 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-22 10:40:04 +0530 (Fri, 22 Mar 2013)\");\n script_cve_id(\"CVE-2012-2677\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2013:0668-01\");\n script_name(\"RedHat Update for boost RHSA-2013:0668-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of boost\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"boost\", rpm:\"boost~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-date-time\", rpm:\"boost-date-time~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-debuginfo\", rpm:\"boost-debuginfo~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-devel\", rpm:\"boost-devel~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-filesystem\", rpm:\"boost-filesystem~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-graph\", rpm:\"boost-graph~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-iostreams\", rpm:\"boost-iostreams~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-program-options\", rpm:\"boost-program-options~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-python\", rpm:\"boost-python~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-regex\", rpm:\"boost-regex~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-serialization\", rpm:\"boost-serialization~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-signals\", rpm:\"boost-signals~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-system\", rpm:\"boost-system~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-test\", rpm:\"boost-test~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-thread\", rpm:\"boost-thread~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-wave\", rpm:\"boost-wave~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"boost\", rpm:\"boost~1.33.1~16.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-debuginfo\", rpm:\"boost-debuginfo~1.33.1~16.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-devel\", rpm:\"boost-devel~1.33.1~16.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-doc\", rpm:\"boost-doc~1.33.1~16.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:09:34", "bulletinFamily": "scanner", "description": "Check for the Version of boost", "modified": "2018-01-17T00:00:00", "published": "2013-03-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881694", "id": "OPENVAS:881694", "title": "CentOS Update for boost CESA-2013:0668 centos5 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for boost CESA-2013:0668 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The boost packages provide free, peer-reviewed, portable C++ source\n libraries with emphasis on libraries which work well with the C++ Standard\n Library.\n\n A flaw was found in the way the ordered_malloc() routine in Boost sanitized\n the 'next_size' and 'max_size' parameters when allocating memory. If an\n application used the Boost C++ libraries for memory allocation, and\n performed memory allocation based on user-supplied input, an attacker could\n use this flaw to crash the application or, potentially, execute arbitrary\n code with the privileges of the user running the application.\n (CVE-2012-2677)\n\n All users of boost are advised to upgrade to these updated packages, which\n contain a backported patch to fix this issue.\";\n\n\ntag_affected = \"boost on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019659.html\");\n script_id(881694);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-22 10:40:36 +0530 (Fri, 22 Mar 2013)\");\n script_cve_id(\"CVE-2012-2677\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2013:0668\");\n script_name(\"CentOS Update for boost CESA-2013:0668 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of boost\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"boost\", rpm:\"boost~1.33.1~16.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-devel\", rpm:\"boost-devel~1.33.1~16.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-doc\", rpm:\"boost-doc~1.33.1~16.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:02:14", "bulletinFamily": "scanner", "description": "Check for the Version of boost", "modified": "2018-02-05T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:1361412562310864496", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864496", "title": "Fedora Update for boost FEDORA-2012-9818", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for boost FEDORA-2012-9818\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"boost on Fedora 17\";\ntag_insight = \"Boost provides free peer-reviewed portable C++ source libraries. The\n emphasis is on libraries which work well with the C++ Standard\n Library, in the hopes of establishing "existing practice" for\n extensions and providing reference implementations so that the Boost\n libraries are suitable for eventual standardization. (Some of the\n libraries have already been proposed for inclusion in the C++\n Standards Committee's upcoming C++ Standard Library Technical Report.)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082977.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864496\");\n script_cve_id(\"CVE-2012-2677\");\n script_version(\"$Revision: 8671 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-05 17:38:48 +0100 (Mon, 05 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:35:00 +0530 (Thu, 30 Aug 2012)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-9818\");\n script_name(\"Fedora Update for boost FEDORA-2012-9818\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of boost\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"boost\", rpm:\"boost~1.48.0~13.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:58:00", "bulletinFamily": "scanner", "description": "Check for the Version of boost", "modified": "2018-04-06T00:00:00", "published": "2013-03-22T00:00:00", "id": "OPENVAS:1361412562310881694", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881694", "title": "CentOS Update for boost CESA-2013:0668 centos5 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for boost CESA-2013:0668 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The boost packages provide free, peer-reviewed, portable C++ source\n libraries with emphasis on libraries which work well with the C++ Standard\n Library.\n\n A flaw was found in the way the ordered_malloc() routine in Boost sanitized\n the 'next_size' and 'max_size' parameters when allocating memory. If an\n application used the Boost C++ libraries for memory allocation, and\n performed memory allocation based on user-supplied input, an attacker could\n use this flaw to crash the application or, potentially, execute arbitrary\n code with the privileges of the user running the application.\n (CVE-2012-2677)\n\n All users of boost are advised to upgrade to these updated packages, which\n contain a backported patch to fix this issue.\";\n\n\ntag_affected = \"boost on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019659.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881694\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-22 10:40:36 +0530 (Fri, 22 Mar 2013)\");\n script_cve_id(\"CVE-2012-2677\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2013:0668\");\n script_name(\"CentOS Update for boost CESA-2013:0668 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of boost\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"boost\", rpm:\"boost~1.33.1~16.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-devel\", rpm:\"boost-devel~1.33.1~16.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-doc\", rpm:\"boost-doc~1.33.1~16.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:57:49", "bulletinFamily": "scanner", "description": "Check for the Version of boost", "modified": "2018-04-06T00:00:00", "published": "2013-03-22T00:00:00", "id": "OPENVAS:1361412562310881695", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881695", "title": "CentOS Update for boost CESA-2013:0668 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for boost CESA-2013:0668 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The boost packages provide free, peer-reviewed, portable C++ source\n libraries with emphasis on libraries which work well with the C++ Standard\n Library.\n\n A flaw was found in the way the ordered_malloc() routine in Boost sanitized\n the 'next_size' and 'max_size' parameters when allocating memory. If an\n application used the Boost C++ libraries for memory allocation, and\n performed memory allocation based on user-supplied input, an attacker could\n use this flaw to crash the application or, potentially, execute arbitrary\n code with the privileges of the user running the application.\n (CVE-2012-2677)\n\n All users of boost are advised to upgrade to these updated packages, which\n contain a backported patch to fix this issue.\";\n\n\ntag_affected = \"boost on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019661.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881695\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-22 10:40:39 +0530 (Fri, 22 Mar 2013)\");\n script_cve_id(\"CVE-2012-2677\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2013:0668\");\n script_name(\"CentOS Update for boost CESA-2013:0668 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of boost\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"boost\", rpm:\"boost~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-date-time\", rpm:\"boost-date-time~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-devel\", rpm:\"boost-devel~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-doc\", rpm:\"boost-doc~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-filesystem\", rpm:\"boost-filesystem~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-graph\", rpm:\"boost-graph~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-graph-mpich2\", rpm:\"boost-graph-mpich2~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-graph-openmpi\", rpm:\"boost-graph-openmpi~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-iostreams\", rpm:\"boost-iostreams~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-math\", rpm:\"boost-math~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-mpich2\", rpm:\"boost-mpich2~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-mpich2-devel\", rpm:\"boost-mpich2-devel~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-mpich2-python\", rpm:\"boost-mpich2-python~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-openmpi\", rpm:\"boost-openmpi~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-openmpi-devel\", rpm:\"boost-openmpi-devel~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-openmpi-python\", rpm:\"boost-openmpi-python~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-program-options\", rpm:\"boost-program-options~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-python\", rpm:\"boost-python~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-regex\", rpm:\"boost-regex~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-serialization\", rpm:\"boost-serialization~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-signals\", rpm:\"boost-signals~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-static\", rpm:\"boost-static~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-system\", rpm:\"boost-system~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-test\", rpm:\"boost-test~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-thread\", rpm:\"boost-thread~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-wave\", rpm:\"boost-wave~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:09:25", "bulletinFamily": "scanner", "description": "Check for the Version of boost", "modified": "2018-01-18T00:00:00", "published": "2013-03-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881695", "id": "OPENVAS:881695", "title": "CentOS Update for boost CESA-2013:0668 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for boost CESA-2013:0668 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The boost packages provide free, peer-reviewed, portable C++ source\n libraries with emphasis on libraries which work well with the C++ Standard\n Library.\n\n A flaw was found in the way the ordered_malloc() routine in Boost sanitized\n the 'next_size' and 'max_size' parameters when allocating memory. If an\n application used the Boost C++ libraries for memory allocation, and\n performed memory allocation based on user-supplied input, an attacker could\n use this flaw to crash the application or, potentially, execute arbitrary\n code with the privileges of the user running the application.\n (CVE-2012-2677)\n\n All users of boost are advised to upgrade to these updated packages, which\n contain a backported patch to fix this issue.\";\n\n\ntag_affected = \"boost on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019661.html\");\n script_id(881695);\n script_version(\"$Revision: 8456 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 07:58:40 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-22 10:40:39 +0530 (Fri, 22 Mar 2013)\");\n script_cve_id(\"CVE-2012-2677\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2013:0668\");\n script_name(\"CentOS Update for boost CESA-2013:0668 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of boost\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"boost\", rpm:\"boost~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-date-time\", rpm:\"boost-date-time~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-devel\", rpm:\"boost-devel~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-doc\", rpm:\"boost-doc~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-filesystem\", rpm:\"boost-filesystem~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-graph\", rpm:\"boost-graph~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-graph-mpich2\", rpm:\"boost-graph-mpich2~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-graph-openmpi\", rpm:\"boost-graph-openmpi~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-iostreams\", rpm:\"boost-iostreams~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-math\", rpm:\"boost-math~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-mpich2\", rpm:\"boost-mpich2~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-mpich2-devel\", rpm:\"boost-mpich2-devel~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-mpich2-python\", rpm:\"boost-mpich2-python~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-openmpi\", rpm:\"boost-openmpi~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-openmpi-devel\", rpm:\"boost-openmpi-devel~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-openmpi-python\", rpm:\"boost-openmpi-python~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-program-options\", rpm:\"boost-program-options~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-python\", rpm:\"boost-python~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-regex\", rpm:\"boost-regex~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-serialization\", rpm:\"boost-serialization~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-signals\", rpm:\"boost-signals~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-static\", rpm:\"boost-static~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-system\", rpm:\"boost-system~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-test\", rpm:\"boost-test~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-thread\", rpm:\"boost-thread~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-wave\", rpm:\"boost-wave~1.41.0~15.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-23T15:15:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2013-03-22T00:00:00", "id": "OPENVAS:1361412562310870968", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870968", "title": "RedHat Update for boost RHSA-2013:0668-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for boost RHSA-2013:0668-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-March/msg00061.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870968\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-22 10:40:04 +0530 (Fri, 22 Mar 2013)\");\n script_cve_id(\"CVE-2012-2677\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"RHSA\", value:\"2013:0668-01\");\n script_name(\"RedHat Update for boost RHSA-2013:0668-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'boost'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n script_tag(name:\"affected\", value:\"boost on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The boost packages provide free, peer-reviewed, portable C++ source\n libraries with emphasis on libraries which work well with the C++ Standard\n Library.\n\n A flaw was found in the way the ordered_malloc() routine in Boost sanitized\n the 'next_size' and 'max_size' parameters when allocating memory. If an\n application used the Boost C++ libraries for memory allocation, and\n performed memory allocation based on user-supplied input, an attacker could\n use this flaw to crash the application or, potentially, execute arbitrary\n code with the privileges of the user running the application.\n (CVE-2012-2677)\n\n All users of boost are advised to upgrade to these updated packages, which\n contain a backported patch to fix this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"boost\", rpm:\"boost~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-date-time\", rpm:\"boost-date-time~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-debuginfo\", rpm:\"boost-debuginfo~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-devel\", rpm:\"boost-devel~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-filesystem\", rpm:\"boost-filesystem~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-graph\", rpm:\"boost-graph~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-iostreams\", rpm:\"boost-iostreams~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-program-options\", rpm:\"boost-program-options~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-python\", rpm:\"boost-python~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-regex\", rpm:\"boost-regex~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-serialization\", rpm:\"boost-serialization~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-signals\", rpm:\"boost-signals~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-system\", rpm:\"boost-system~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-test\", rpm:\"boost-test~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-thread\", rpm:\"boost-thread~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-wave\", rpm:\"boost-wave~1.41.0~15.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"boost\", rpm:\"boost~1.33.1~16.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-debuginfo\", rpm:\"boost-debuginfo~1.33.1~16.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-devel\", rpm:\"boost-devel~1.33.1~16.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"boost-doc\", rpm:\"boost-doc~1.33.1~16.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:59:24", "bulletinFamily": "scanner", "description": "Check for the Version of boost", "modified": "2018-04-06T00:00:00", "published": "2012-07-06T00:00:00", "id": "OPENVAS:1361412562310864531", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864531", "title": "Fedora Update for boost FEDORA-2012-9029", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for boost FEDORA-2012-9029\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"boost on Fedora 16\";\ntag_insight = \"Boost provides free peer-reviewed portable C++ source libraries. The\n emphasis is on libraries which work well with the C++ Standard\n Library, in the hopes of establishing "existing practice" for\n extensions and providing reference implementations so that the Boost\n libraries are suitable for eventual standardization. (Some of the\n libraries have already been proposed for inclusion in the C++\n Standards Committee's upcoming C++ Standard Library Technical Report.)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083416.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864531\");\n script_cve_id(\"CVE-2012-2677\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-06 09:58:31 +0530 (Fri, 06 Jul 2012)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-9029\");\n script_name(\"Fedora Update for boost FEDORA-2012-9029\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of boost\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"boost\", rpm:\"boost~1.47.0~7.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-06T13:06:49", "bulletinFamily": "scanner", "description": "Check for the Version of boost", "modified": "2018-01-05T00:00:00", "published": "2012-07-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864531", "id": "OPENVAS:864531", "title": "Fedora Update for boost FEDORA-2012-9029", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for boost FEDORA-2012-9029\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"boost on Fedora 16\";\ntag_insight = \"Boost provides free peer-reviewed portable C++ source libraries. The\n emphasis is on libraries which work well with the C++ Standard\n Library, in the hopes of establishing "existing practice" for\n extensions and providing reference implementations so that the Boost\n libraries are suitable for eventual standardization. (Some of the\n libraries have already been proposed for inclusion in the C++\n Standards Committee's upcoming C++ Standard Library Technical Report.)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083416.html\");\n script_id(864531);\n script_cve_id(\"CVE-2012-2677\");\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-06 09:58:31 +0530 (Fri, 06 Jul 2012)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-9029\");\n script_name(\"Fedora Update for boost FEDORA-2012-9029\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of boost\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"boost\", rpm:\"boost~1.47.0~7.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:45:41", "bulletinFamily": "unix", "description": "[1.41.0-15]\n- Add in explicit dependences between some boost subpackages\n[1.41.0-14]\n- Build with -fno-strict-aliasing\n[1.41.0-13]\n- In Boost.Pool, be careful not to overflow allocated chunk size\n (boost-1.41.0-pool.patch)\n[1.41.0-12]\n- Add an upstream patch that fixes computation of CRC in zlib streams.\n- Resolves: #707624", "modified": "2013-03-21T00:00:00", "published": "2013-03-21T00:00:00", "id": "ELSA-2013-0668", "href": "http://linux.oracle.com/errata/ELSA-2013-0668.html", "title": "boost security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:19:42", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2013:0668 :\n\nUpdated boost packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library.\n\nA flaw was found in the way the ordered_malloc() routine in Boost sanitized the 'next_size' and 'max_size' parameters when allocating memory. If an application used the Boost C++ libraries for memory allocation, and performed memory allocation based on user-supplied input, an attacker could use this flaw to crash the application or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2677)\n\nAll users of boost are advised to upgrade to these updated packages, which contain a backported patch to fix this issue.", "modified": "2016-05-06T00:00:00", "id": "ORACLELINUX_ELSA-2013-0668.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68794", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 / 6 : boost (ELSA-2013-0668)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0668 and \n# Oracle Linux Security Advisory ELSA-2013-0668 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68794);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2016/05/06 17:02:15 $\");\n\n script_cve_id(\"CVE-2012-2677\");\n script_bugtraq_id(54233);\n script_xref(name:\"RHSA\", value:\"2013:0668\");\n\n script_name(english:\"Oracle Linux 5 / 6 : boost (ELSA-2013-0668)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0668 :\n\nUpdated boost packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe boost packages provide free, peer-reviewed, portable C++ source\nlibraries with emphasis on libraries which work well with the C++\nStandard Library.\n\nA flaw was found in the way the ordered_malloc() routine in Boost\nsanitized the 'next_size' and 'max_size' parameters when allocating\nmemory. If an application used the Boost C++ libraries for memory\nallocation, and performed memory allocation based on user-supplied\ninput, an attacker could use this flaw to crash the application or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2012-2677)\n\nAll users of boost are advised to upgrade to these updated packages,\nwhich contain a backported patch to fix this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-March/003379.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-March/003381.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected boost packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost-date-time\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost-graph\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost-graph-mpich2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost-graph-openmpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost-iostreams\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost-math\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost-mpich2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost-mpich2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost-mpich2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost-openmpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost-openmpi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost-openmpi-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost-program-options\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost-regex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost-serialization\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost-signals\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost-thread\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:boost-wave\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"boost-1.33.1-16.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"boost-devel-1.33.1-16.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"boost-doc-1.33.1-16.el5_9\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"boost-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"boost-date-time-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"boost-devel-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"boost-doc-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"boost-filesystem-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"boost-graph-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"boost-graph-mpich2-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"boost-graph-openmpi-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"boost-iostreams-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"boost-math-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"boost-mpich2-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"boost-mpich2-devel-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"boost-mpich2-python-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"boost-openmpi-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"boost-openmpi-devel-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"boost-openmpi-python-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"boost-program-options-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"boost-python-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"boost-regex-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"boost-serialization-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"boost-signals-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"boost-static-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"boost-system-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"boost-test-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"boost-thread-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"boost-wave-1.41.0-15.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"boost / boost-date-time / boost-devel / boost-doc / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:25:04", "bulletinFamily": "scanner", "description": "Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected. (CVE-2012-2677)", "modified": "2019-01-04T00:00:00", "id": "F5_BIGIP_SOL16946.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85954", "published": "2015-09-16T00:00:00", "title": "F5 Networks BIG-IP : Boost memory allocator vulnerability (K16946)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K16946.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85954);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2012-2677\");\n script_bugtraq_id(54233);\n\n script_name(english:\"F5 Networks BIG-IP : Boost memory allocator vulnerability (K16946)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Integer overflow in the ordered_malloc function in boost/pool/pool.hpp\nin Boost Pool before 3.9 makes it easier for context-dependent\nattackers to perform memory-related attacks such as buffer overflows\nvia a large memory chunk size value, which causes less memory to be\nallocated than expected. (CVE-2012-2677)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K16946\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K16946.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K16946\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.6.0-11.6.1\",\"11.3.0-11.5.4HF1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1HF1\",\"11.5.4HF2\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.6.0-11.6.1\",\"11.4.0-11.5.4HF1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1HF1\",\"11.5.4HF2\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.6.0-11.6.1\",\"11.0.0-11.5.4HF1\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1HF1\",\"11.5.4HF2\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.6.0-11.6.1\",\"11.0.0-11.5.4HF1\",\"10.0.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1HF1\",\"11.5.4HF2\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.6.0-11.6.1\",\"11.0.0-11.5.4HF1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1HF1\",\"11.5.4HF2\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.6.0-11.6.1\",\"11.0.0-11.5.4HF1\",\"10.0.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.1HF1\",\"11.5.4HF2\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.6.0-11.6.1\",\"11.0.0-11.5.4HF1\",\"10.0.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1HF1\",\"11.5.4HF2\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.6.0-11.6.1\",\"11.0.0-11.5.4HF1\",\"10.0.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1HF1\",\"11.5.4HF2\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.6.0-11.6.1\",\"11.3.0-11.5.4HF1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1HF1\",\"11.5.4HF2\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:16:54", "bulletinFamily": "scanner", "description": "- This update fixes a bug in Boost.Pool, which could under certain circumstances overflow allocated chunk size.\n This could have security implications for applications that use Boost pool without sanitizing pool parameters.\n\n - Boost.Locale library now contains backend code, which was left out before by mistake.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-20T00:00:00", "id": "FEDORA_2012-9818.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59745", "published": "2012-06-28T00:00:00", "title": "Fedora 17 : boost-1.48.0-13.fc17 (2012-9818)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-9818.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59745);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2015/10/20 23:02:22 $\");\n\n script_cve_id(\"CVE-2012-2677\");\n script_xref(name:\"FEDORA\", value:\"2012-9818\");\n\n script_name(english:\"Fedora 17 : boost-1.48.0-13.fc17 (2012-9818)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - This update fixes a bug in Boost.Pool, which could under\n certain circumstances overflow allocated chunk size.\n This could have security implications for applications\n that use Boost pool without sanitizing pool parameters.\n\n - Boost.Locale library now contains backend code, which\n was left out before by mistake.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=828857\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=832265\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/082977.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0430cc84\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected boost package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:boost\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"boost-1.48.0-13.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"boost\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:16:55", "bulletinFamily": "scanner", "description": "- This update fixes a bug in Boost.Pool, which could under certain circumstances overflow allocated chunk size.\n This could have security implications for applications that use Boost pool without sanitizing pool parameters.\n\n - Add a sub-package boost-math with math-related bits from Boost.TR1. This was left out by mistake.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2016-05-09T00:00:00", "id": "FEDORA_2012-9029.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59840", "published": "2012-07-05T00:00:00", "title": "Fedora 16 : boost-1.47.0-7.fc16 (2012-9029)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-9029.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59840);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2016/05/09 15:36:31 $\");\n\n script_cve_id(\"CVE-2012-2677\");\n script_bugtraq_id(54233);\n script_xref(name:\"FEDORA\", value:\"2012-9029\");\n\n script_name(english:\"Fedora 16 : boost-1.47.0-7.fc16 (2012-9029)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - This update fixes a bug in Boost.Pool, which could under\n certain circumstances overflow allocated chunk size.\n This could have security implications for applications\n that use Boost pool without sanitizing pool parameters.\n\n - Add a sub-package boost-math with math-related bits\n from Boost.TR1. This was left out by mistake.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=771370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=828857\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-July/083416.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dc1ebb5b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected boost package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:boost\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"boost-1.47.0-7.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"boost\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:18:44", "bulletinFamily": "scanner", "description": "Updated boost packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library.\n\nA flaw was found in the way the ordered_malloc() routine in Boost sanitized the 'next_size' and 'max_size' parameters when allocating memory. If an application used the Boost C++ libraries for memory allocation, and performed memory allocation based on user-supplied input, an attacker could use this flaw to crash the application or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2677)\n\nAll users of boost are advised to upgrade to these updated packages, which contain a backported patch to fix this issue.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2013-0668.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65644", "published": "2013-03-22T00:00:00", "title": "CentOS 5 / 6 : boost (CESA-2013:0668)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0668 and \n# CentOS Errata and Security Advisory 2013:0668 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65644);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:30\");\n\n script_cve_id(\"CVE-2012-2677\");\n script_xref(name:\"RHSA\", value:\"2013:0668\");\n\n script_name(english:\"CentOS 5 / 6 : boost (CESA-2013:0668)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated boost packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe boost packages provide free, peer-reviewed, portable C++ source\nlibraries with emphasis on libraries which work well with the C++\nStandard Library.\n\nA flaw was found in the way the ordered_malloc() routine in Boost\nsanitized the 'next_size' and 'max_size' parameters when allocating\nmemory. If an application used the Boost C++ libraries for memory\nallocation, and performed memory allocation based on user-supplied\ninput, an attacker could use this flaw to crash the application or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2012-2677)\n\nAll users of boost are advised to upgrade to these updated packages,\nwhich contain a backported patch to fix this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019659.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cf29c22d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019661.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?578b6b5d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected boost packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost-date-time\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost-graph\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost-graph-mpich2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost-graph-openmpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost-iostreams\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost-math\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost-mpich2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost-mpich2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost-mpich2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost-openmpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost-openmpi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost-openmpi-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost-program-options\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost-regex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost-serialization\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost-signals\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost-thread\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:boost-wave\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"boost-1.33.1-16.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"boost-devel-1.33.1-16.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"boost-doc-1.33.1-16.el5_9\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-date-time-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-devel-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-doc-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-filesystem-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-graph-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-graph-mpich2-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-graph-openmpi-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-iostreams-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-math-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-mpich2-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-mpich2-devel-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-mpich2-python-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-openmpi-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-openmpi-devel-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-openmpi-python-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-program-options-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-python-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-regex-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-serialization-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-signals-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-static-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-system-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-test-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-thread-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"boost-wave-1.41.0-15.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:18:44", "bulletinFamily": "scanner", "description": "A flaw was found in the way the ordered_malloc() routine in Boost sanitized the 'next_size' and 'max_size' parameters when allocating memory. If an application used the Boost C++ libraries for memory allocation, and performed memory allocation based on user-supplied input, an attacker could use this flaw to crash the application or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2677)", "modified": "2018-12-31T00:00:00", "id": "SL_20130321_BOOST_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65653", "published": "2013-03-22T00:00:00", "title": "Scientific Linux Security Update : boost on SL5.x, SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65653);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/12/31 11:35:01\");\n\n script_cve_id(\"CVE-2012-2677\");\n\n script_name(english:\"Scientific Linux Security Update : boost on SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way the ordered_malloc() routine in Boost\nsanitized the 'next_size' and 'max_size' parameters when allocating\nmemory. If an application used the Boost C++ libraries for memory\nallocation, and performed memory allocation based on user-supplied\ninput, an attacker could use this flaw to crash the application or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2012-2677)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1303&L=scientific-linux-errata&T=0&P=5520\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5f3ec990\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"boost-1.33.1-16.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"boost-debuginfo-1.33.1-16.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"boost-devel-1.33.1-16.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"boost-doc-1.33.1-16.el5_9\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"boost-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-date-time-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-debuginfo-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-devel-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-doc-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-filesystem-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-graph-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-graph-mpich2-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-graph-openmpi-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-iostreams-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-math-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-mpich2-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-mpich2-devel-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-mpich2-python-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-openmpi-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-openmpi-devel-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-openmpi-python-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-program-options-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-python-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-regex-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-serialization-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-signals-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-static-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-system-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-test-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-thread-1.41.0-15.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"boost-wave-1.41.0-15.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:16:57", "bulletinFamily": "scanner", "description": "Two problems have been fixed in the boost library :\n\n - boost::pool's ordered_malloc could have overflowed when calculating the allocation size. (CVE-2012-2677)\n\n - fully qualify the the boost::date_time::dst_adjustment_offsets (non security).", "modified": "2012-07-27T00:00:00", "id": "SUSE_BOOST-8210.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59983", "published": "2012-07-17T00:00:00", "title": "SuSE 10 Security Update : boost (ZYPP Patch Number 8210)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59983);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2012/07/27 10:51:00 $\");\n\n script_cve_id(\"CVE-2012-2677\");\n\n script_name(english:\"SuSE 10 Security Update : boost (ZYPP Patch Number 8210)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two problems have been fixed in the boost library :\n\n - boost::pool's ordered_malloc could have overflowed when\n calculating the allocation size. (CVE-2012-2677)\n\n - fully qualify the the\n boost::date_time::dst_adjustment_offsets (non security).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2677.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8210.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"boost-1.33.1-17.15.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"boost-32bit-1.33.1-17.15.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"boost-1.33.1-17.15.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"boost-devel-1.33.1-17.15.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"boost-doc-1.33.1-17.15.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"boost-32bit-1.33.1-17.15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:18:44", "bulletinFamily": "scanner", "description": "Updated boost packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library.\n\nA flaw was found in the way the ordered_malloc() routine in Boost sanitized the 'next_size' and 'max_size' parameters when allocating memory. If an application used the Boost C++ libraries for memory allocation, and performed memory allocation based on user-supplied input, an attacker could use this flaw to crash the application or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2677)\n\nAll users of boost are advised to upgrade to these updated packages, which contain a backported patch to fix this issue.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2013-0668.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65651", "published": "2013-03-22T00:00:00", "title": "RHEL 5 / 6 : boost (RHSA-2013:0668)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0668. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65651);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:52\");\n\n script_cve_id(\"CVE-2012-2677\");\n script_xref(name:\"RHSA\", value:\"2013:0668\");\n\n script_name(english:\"RHEL 5 / 6 : boost (RHSA-2013:0668)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated boost packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe boost packages provide free, peer-reviewed, portable C++ source\nlibraries with emphasis on libraries which work well with the C++\nStandard Library.\n\nA flaw was found in the way the ordered_malloc() routine in Boost\nsanitized the 'next_size' and 'max_size' parameters when allocating\nmemory. If an application used the Boost C++ libraries for memory\nallocation, and performed memory allocation based on user-supplied\ninput, an attacker could use this flaw to crash the application or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2012-2677)\n\nAll users of boost are advised to upgrade to these updated packages,\nwhich contain a backported patch to fix this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2677\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-date-time\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-graph\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-graph-mpich2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-graph-openmpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-iostreams\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-math\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-mpich2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-mpich2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-mpich2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-openmpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-openmpi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-openmpi-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-program-options\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-regex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-serialization\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-signals\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-thread\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:boost-wave\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0668\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"boost-1.33.1-16.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"boost-debuginfo-1.33.1-16.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"boost-devel-1.33.1-16.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"boost-doc-1.33.1-16.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"boost-doc-1.33.1-16.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"boost-doc-1.33.1-16.el5_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"boost-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"boost-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"boost-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"boost-date-time-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"boost-debuginfo-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"boost-devel-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"boost-devel-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"boost-devel-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"boost-doc-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"boost-doc-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"boost-doc-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"boost-filesystem-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"boost-graph-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"boost-graph-mpich2-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"boost-graph-mpich2-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"boost-graph-openmpi-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"boost-graph-openmpi-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"boost-iostreams-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"boost-math-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"boost-math-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"boost-math-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"boost-mpich2-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"boost-mpich2-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"boost-mpich2-devel-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"boost-mpich2-devel-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"boost-mpich2-python-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"boost-mpich2-python-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"boost-openmpi-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"boost-openmpi-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"boost-openmpi-devel-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"boost-openmpi-devel-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"boost-openmpi-python-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"boost-openmpi-python-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"boost-program-options-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"boost-python-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"boost-python-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"boost-python-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"boost-regex-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"boost-serialization-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"boost-signals-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"boost-static-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"boost-static-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"boost-static-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"boost-system-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"boost-test-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"boost-thread-1.41.0-15.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"boost-wave-1.41.0-15.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"boost / boost-date-time / boost-debuginfo / boost-devel / boost-doc / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:18:50", "bulletinFamily": "scanner", "description": "Updated boost packages fix security vulnerability :\n\nA security flaw was found in the way ordered_malloc() routine implementation in Boost, the free peer-reviewed portable C++ source libraries, performed 'next-size' and 'max_size' parameters sanitization, when allocating memory. If an application, using the Boost C++ source libraries for memory allocation, was missing application-level checks for safety of 'next_size' and 'max_size' values, a remote attacker could provide a specially crafted application-specific file (requiring runtime memory allocation it to be processed correctly) that, when opened would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application (CVE-2012-2677).\n\nBoost.Locale library in Boost 1.48 to 1.52 including has a security flaw (CVE-2013-0252): boost::locale::utf::utf_traits accepted some invalid UTF-8 sequences. Applications that used these functions for UTF-8 input validation could expose themselves to security threats as invalid UTF-8 sequece would be considered as valid.\n\nThe package has been patched to fix above security flaw.", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2013-065.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=66079", "published": "2013-04-20T00:00:00", "title": "Mandriva Linux Security Advisory : boost (MDVSA-2013:065)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:065. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66079);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/19 20:59:18\");\n\n script_cve_id(\"CVE-2012-2677\", \"CVE-2013-0252\");\n script_bugtraq_id(54233, 57675);\n script_xref(name:\"MDVSA\", value:\"2013:065\");\n script_xref(name:\"MGASA\", value:\"2012-0151\");\n script_xref(name:\"MGASA\", value:\"2013-0061\");\n\n script_name(english:\"Mandriva Linux Security Advisory : boost (MDVSA-2013:065)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated boost packages fix security vulnerability :\n\nA security flaw was found in the way ordered_malloc() routine\nimplementation in Boost, the free peer-reviewed portable C++ source\nlibraries, performed 'next-size' and 'max_size' parameters\nsanitization, when allocating memory. If an application, using the\nBoost C++ source libraries for memory allocation, was missing\napplication-level checks for safety of 'next_size' and 'max_size'\nvalues, a remote attacker could provide a specially crafted\napplication-specific file (requiring runtime memory allocation it to\nbe processed correctly) that, when opened would lead to that\napplication crash, or, potentially arbitrary code execution with the\nprivileges of the user running the application (CVE-2012-2677).\n\nBoost.Locale library in Boost 1.48 to 1.52 including has a security\nflaw (CVE-2013-0252): boost::locale::utf::utf_traits accepted some\ninvalid UTF-8 sequences. Applications that used these functions for\nUTF-8 input validation could expose themselves to security threats as\ninvalid UTF-8 sequece would be considered as valid.\n\nThe package has been patched to fix above security flaw.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:boost-devel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:boost-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64boost-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64boost-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64boost_chrono1.48.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64boost_date_time1.48.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64boost_filesystem1.48.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64boost_graph1.48.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64boost_iostreams1.48.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64boost_locale1.48.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64boost_math1.48.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64boost_prg_exec_monitor1.48.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64boost_program_options1.48.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64boost_python1.48.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64boost_random1.48.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64boost_regex1.48.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64boost_serialization1.48.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64boost_signals1.48.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64boost_system1.48.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64boost_thread1.48.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64boost_timer1.48.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64boost_unit_test_framework1.48.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64boost_wave1.48.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64boost_wserialization1.48.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"boost-devel-doc-1.48.0-10.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"boost-examples-1.48.0-10.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64boost-devel-1.48.0-10.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64boost-static-devel-1.48.0-10.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64boost_chrono1.48.0-1.48.0-10.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64boost_date_time1.48.0-1.48.0-10.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64boost_filesystem1.48.0-1.48.0-10.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64boost_graph1.48.0-1.48.0-10.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64boost_iostreams1.48.0-1.48.0-10.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64boost_locale1.48.0-1.48.0-10.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64boost_math1.48.0-1.48.0-10.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64boost_prg_exec_monitor1.48.0-1.48.0-10.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64boost_program_options1.48.0-1.48.0-10.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64boost_python1.48.0-1.48.0-10.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64boost_random1.48.0-1.48.0-10.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64boost_regex1.48.0-1.48.0-10.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64boost_serialization1.48.0-1.48.0-10.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64boost_signals1.48.0-1.48.0-10.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64boost_system1.48.0-1.48.0-10.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64boost_thread1.48.0-1.48.0-10.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64boost_timer1.48.0-1.48.0-10.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64boost_unit_test_framework1.48.0-1.48.0-10.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64boost_wave1.48.0-1.48.0-10.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64boost_wserialization1.48.0-1.48.0-10.2.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T19:40:42", "bulletinFamily": "unix", "description": "The boost packages provide free, peer-reviewed, portable C++ source\nlibraries with emphasis on libraries which work well with the C++ Standard\nLibrary.\n\nA flaw was found in the way the ordered_malloc() routine in Boost sanitized\nthe 'next_size' and 'max_size' parameters when allocating memory. If an\napplication used the Boost C++ libraries for memory allocation, and\nperformed memory allocation based on user-supplied input, an attacker could\nuse this flaw to crash the application or, potentially, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2012-2677)\n\nAll users of boost are advised to upgrade to these updated packages, which\ncontain a backported patch to fix this issue.\n", "modified": "2018-06-06T20:24:22", "published": "2013-03-21T04:00:00", "id": "RHSA-2013:0668", "href": "https://access.redhat.com/errata/RHSA-2013:0668", "type": "redhat", "title": "(RHSA-2013:0668) Moderate: boost security update", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:25:02", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2013:0668\n\n\nThe boost packages provide free, peer-reviewed, portable C++ source\nlibraries with emphasis on libraries which work well with the C++ Standard\nLibrary.\n\nA flaw was found in the way the ordered_malloc() routine in Boost sanitized\nthe 'next_size' and 'max_size' parameters when allocating memory. If an\napplication used the Boost C++ libraries for memory allocation, and\nperformed memory allocation based on user-supplied input, an attacker could\nuse this flaw to crash the application or, potentially, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2012-2677)\n\nAll users of boost are advised to upgrade to these updated packages, which\ncontain a backported patch to fix this issue.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019659.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019661.html\n\n**Affected packages:**\nboost\nboost-date-time\nboost-devel\nboost-doc\nboost-filesystem\nboost-graph\nboost-graph-mpich2\nboost-graph-openmpi\nboost-iostreams\nboost-math\nboost-mpich2\nboost-mpich2-devel\nboost-mpich2-python\nboost-openmpi\nboost-openmpi-devel\nboost-openmpi-python\nboost-program-options\nboost-python\nboost-regex\nboost-serialization\nboost-signals\nboost-static\nboost-system\nboost-test\nboost-thread\nboost-wave\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0668.html", "modified": "2013-03-21T22:37:55", "published": "2013-03-21T19:01:31", "href": "http://lists.centos.org/pipermail/centos-announce/2013-March/019659.html", "id": "CESA-2013:0668", "title": "boost security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}