Advisories ยป MGASA-2015-0034

Updated freeciv packages fix a security vulnerability

Publication date: 21 Jan 2015
Type: security
Affected Mageia releases : 4


Updated freeciv packages to latest bugfix version, also fixing security vulnerability

Freeciv 2.4.1 in Mageia 4 was built against an embedded version of lua 5.1,
vulnerable to the following security issue:

A heap-based overflow vulnerability was found in the way Lua handles varargs
functions with many fixed parameters called with few arguments, leading to
application crashes or, potentially, arbitrary code execution (CVE-2014-5461,

As of this update, Freeciv is now built against the patched system version
of lua 5.1.

This update also provides Freeciv 2.4.4, a maintenance release in the 2.4.x
stable branch with numerous bug fixes and minor new features.
See the referenced release notes for details.