The boost packages provide free, peer-reviewed, portable C++ source
libraries with emphasis on libraries which work well with the C++ Standard
Library.
A flaw was found in the way the ordered_malloc() routine in Boost sanitized
the ‘next_size’ and ‘max_size’ parameters when allocating memory. If an
application used the Boost C++ libraries for memory allocation, and
performed memory allocation based on user-supplied input, an attacker could
use this flaw to crash the application or, potentially, execute arbitrary
code with the privileges of the user running the application.
(CVE-2012-2677)
All users of boost are advised to upgrade to these updated packages, which
contain a backported patch to fix this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | x86_64 | boost-system | < 1.41.0-15.el6_4 | boost-system-1.41.0-15.el6_4.x86_64.rpm |
RedHat | 6 | i686 | boost-doc | < 1.41.0-15.el6_4 | boost-doc-1.41.0-15.el6_4.i686.rpm |
RedHat | 5 | x86_64 | boost | < 1.33.1-16.el5_9 | boost-1.33.1-16.el5_9.x86_64.rpm |
RedHat | 5 | s390x | boost-devel | < 1.33.1-16.el5_9 | boost-devel-1.33.1-16.el5_9.s390x.rpm |
RedHat | 5 | i386 | boost-devel | < 1.33.1-16.el5_9 | boost-devel-1.33.1-16.el5_9.i386.rpm |
RedHat | 6 | s390x | boost-python | < 1.41.0-15.el6_4 | boost-python-1.41.0-15.el6_4.s390x.rpm |
RedHat | 5 | i386 | boost-doc | < 1.33.1-16.el5_9 | boost-doc-1.33.1-16.el5_9.i386.rpm |
RedHat | 6 | s390x | boost-iostreams | < 1.41.0-15.el6_4 | boost-iostreams-1.41.0-15.el6_4.s390x.rpm |
RedHat | 6 | i686 | boost-iostreams | < 1.41.0-15.el6_4 | boost-iostreams-1.41.0-15.el6_4.i686.rpm |
RedHat | 6 | s390x | boost-wave | < 1.41.0-15.el6_4 | boost-wave-1.41.0-15.el6_4.s390x.rpm |