Updated freeciv packages fix a security vulnerabilityPublication date: 21 Jan 2015
Affected Mageia releases : 4
Updated freeciv packages to latest bugfix version, also fixing security vulnerability Freeciv 2.4.1 in Mageia 4 was built against an embedded version of lua 5.1, vulnerable to the following security issue: A heap-based overflow vulnerability was found in the way Lua handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution (CVE-2014-5461, mga#14038). As of this update, Freeciv is now built against the patched system version of lua 5.1. This update also provides Freeciv 2.4.4, a maintenance release in the 2.4.x stable branch with numerous bug fixes and minor new features. See the referenced release notes for details.