Gentoo FoundationMGASA-2014-0460Updated boinc-client packages fix security vulnerability
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.008 Low
EPSS
Percentile
81.6%
Multiple stack overflow flaws were found in the way the XML parser of boinc-client, a Berkeley Open Infrastructure for Network Computing (BOINC) client for distributed computing, performed processing of certain XML files. A rogue BOINC server could provide a specially-crafted XML file that, when processed would lead to boinc-client executable crash (CVE-2013-2298). Issues preventing the boinc-client service from working immediately after installation have been fixed as well.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 3 | noarch | boinc-client | < 7.2.42-1.2 | boinc-client-7.2.42-1.2.mga3 |
| Mageia | 4 | noarch | boinc-client | < 7.2.42-1.2 | boinc-client-7.2.42-1.2.mga4 |
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.008 Low
EPSS
Percentile
81.6%