Advisories » MGASA-2013-0164

Updated flightgear package fixes security vulnerability

Publication date: 06 Jun 2013
Modification date: 06 Jun 2013
Type: security
Affected Mageia releases : 2 , 3

Description

It was reported that FlightGear suffers from improper handling of format
strings when FlightGear is started with allowances for remote access (via
the --props or --telnet commandline arguments).  If a remote attacker were
able to connect to FlightGear and set special parameters related with clouds,
it could cause FlightGear to crash.
                

References

• http://kuronosec.blogspot.ca/2013/04/flightgear-remote-format-string.html
• http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106922.html
• https://bugs.mageia.org/show_bug.cgi?id=10351

SRPMS

3/core

• flightgear-2.10.0-1.3.mga3

2/core

• flightgear-2.6.0-2.3.mga2