Advisories ยป MGASA-2018-0325

Updated wesnoth packages fix security vulnerability

Publication date: 25 Jul 2018
Modification date: 25 Jul 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1999023

Description

The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code
Injection vulnerability in the Lua scripting engine that can result in code
execution outside the sandbox. This attack appear to be exploitable via
Loading specially-crafted saved games, networked games, replays, and player
content (CVE-2018-1999023).

This is fixed in version 1.14.4, together with several non-security-related
bug fixes and enhancements.
                

References

SRPMS

6/core