Mageia Advisory: MGASA-2018-0278 - Updated scummvm packages fix security vulnerability

Updated scummvm packages fix security vulnerability

Publication date: 14 Jun 2018
Modification date: 14 Jun 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-17528

Description

Updated scummvm package fixes security vulnerability

ScummVM 1.8.1's POSIX backend does not validate strings before launching the
program specified by the BROWSER environment variable, which might allow remote
attackers to conduct argument-injection attacks via a crafted URL
(CVE-2017-17528).

This update fixes it, and updates ScummVM to the latest 2.0.0 upstream release,
adding support for 23 new games, and several bug fixes.

References

https://bugs.mageia.org/show_bug.cgi?id=23126
https://bugzilla.novell.com/show_bug.cgi?id=1073248
https://www.scummvm.org/news/20171217/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17528

SRPMS

6/core

scummvm-2.0.0-1.mga6

Advisories » MGASA-2018-0278

Updated scummvm packages fix security vulnerability

Description

References

SRPMS

6/core