Red Hat Bugzilla – Bug 957775
CVE-2013-2019 boinc-client: Stack-overflow by processing XML element with multiple file signatures
Last modified: 2015-07-31 03:05:50 EDT
A stack overflow flaw was found in the way boinc-client, a Berkeley Open Infrastructure for Network Computing (BOINC) client for distributed computing, performed processing of file signatures in certain cases. A rogue BOINC server could provide a specially-crafted file information XML element (containing multiple file signatures) that, when processed would lead to the boinc-client executable crash.
Relevant upstream patch:
This issue did NOT affect the versions of the boinc-client package, as shipped with Fedora release of 17 and 18.
This issue affects the version of the boinc-client package, as shipped with Fedora EPEL-6. Please schedule an update.
Created boinc-client tracking bugs for this issue
Affects: epel-6 [bug 957812]
this was assigned CVE-2013-2019
boinc-client-7.2.33-3.git1994cc8.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.