Updated boinc-client packages fix security vulnerability
Publication date: 21 Nov 2014Modification date: 21 Nov 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-2298
Description
Multiple stack overflow flaws were found in the way the XML parser of boinc-client, a Berkeley Open Infrastructure for Network Computing (BOINC) client for distributed computing, performed processing of certain XML files. A rogue BOINC server could provide a specially-crafted XML file that, when processed would lead to boinc-client executable crash (CVE-2013-2298). Issues preventing the boinc-client service from working immediately after installation have been fixed as well.
References
SRPMS
4/core
- boinc-client-7.2.42-1.2.mga4
3/core
- boinc-client-7.2.42-1.2.mga3