A stack overflow flaw was found in the way boinc-client, a Berkeley Open Infrastructure for Network Computing (BOINC) client for distributed computing, performed processing of file signatures in certain cases. A rogue BOINC server could provide a specially-crafted file information XML element (containing multiple file signatures) that, when processed would lead to the boinc-client executable crash. References: [1] http://www.openwall.com/lists/oss-security/2013/04/28/3 Relevant upstream patch: [2] http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=9a4140ae30a72e5175f3f31646d91f2d58df7156
This issue did NOT affect the versions of the boinc-client package, as shipped with Fedora release of 17 and 18. -- This issue affects the version of the boinc-client package, as shipped with Fedora EPEL-6. Please schedule an update.
Created boinc-client tracking bugs for this issue Affects: epel-6 [bug 957812]
As per: http://www.openwall.com/lists/oss-security/2013/04/29/11 this was assigned CVE-2013-2019
boinc-client-7.2.33-3.git1994cc8.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.