Advisories » MGASA-2015-0034

Updated freeciv packages fix a security vulnerability

Publication date: 21 Jan 2015
Modification date: 21 Jan 2015
Type: security
Affected Mageia releases : 4

Description

Updated freeciv packages to latest bugfix version, also fixing security vulnerability

Freeciv 2.4.1 in Mageia 4 was built against an embedded version of lua 5.1,
vulnerable to the following security issue:

A heap-based overflow vulnerability was found in the way Lua handles varargs
functions with many fixed parameters called with few arguments, leading to
application crashes or, potentially, arbitrary code execution (CVE-2014-5461,
mga#14038).

As of this update, Freeciv is now built against the patched system version
of lua 5.1.

This update also provides Freeciv 2.4.4, a maintenance release in the 2.4.x
stable branch with numerous bug fixes and minor new features.
See the referenced release notes for details.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15038
• https://bugs.mageia.org/show_bug.cgi?id=14038
• http://freeciv.wikia.com/wiki/NEWS-2.4.2
• http://freeciv.wikia.com/wiki/NEWS-2.4.3
• http://freeciv.wikia.com/wiki/NEWS-2.4.4

SRPMS

4/core

• freeciv-2.4.4-1.mga4