Updated flightgear packages fix security vulnerability
Publication date: 09 Oct 2017Modification date: 09 Oct 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-13709
Description
In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger
subsystem allows one to overwrite any file via a resource that affects
the contents of the global Property Tree.
Mageia provides 2017.3.1 version as a security and bugfix update,
allowing to connect to latest multiplayer servers.
References
- https://bugs.mageia.org/show_bug.cgi?id=21623
- http://openwall.com/lists/oss-security/2017/08/27/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WUJXZ4XJWAFRNHBRBSX3GHY4VKXCJUQ7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Y2V6NPR2KZKFONPHWPGYGEU4FLVNXCZZ/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13709
SRPMS
5/core
- flightgear-2017.3.1-1.mga5
- flightgear-data-2017.3.1-1.mga5
- simgear-2017.3.1-1.mga5
6/core
- flightgear-2017.3.1-1.mga6
- flightgear-data-2017.3.1-1.mga6
- simgear-2017.3.1-1.mga6