Advisories ยป MGASA-2014-0460

Updated boinc-client packages fix security vulnerability

Publication date: 21 Nov 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-2298

Description

Multiple stack overflow flaws were found in the way the XML parser of
boinc-client, a Berkeley Open Infrastructure for Network Computing (BOINC)
client for distributed computing, performed processing of certain XML files.
A rogue BOINC server could provide a specially-crafted XML file that, when
processed would lead to boinc-client executable crash (CVE-2013-2298).

Issues preventing the boinc-client service from working immediately after
installation have been fixed as well.
                

References

SRPMS

3/core

4/core