Advisories » MGASA-2018-0325

Updated wesnoth packages fix security vulnerability

Publication date: 25 Jul 2018
Modification date: 25 Jul 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1999023

Description

The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code
Injection vulnerability in the Lua scripting engine that can result in code
execution outside the sandbox. This attack appear to be exploitable via
Loading specially-crafted saved games, networked games, replays, and player
content (CVE-2018-1999023).

This is fixed in version 1.14.4, together with several non-security-related
bug fixes and enhancements.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23338
• https://github.com/wesnoth/wesnoth/blob/1.14.4/changelog.md
• http://openwall.com/lists/oss-security/2018/07/22/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1999023

SRPMS

6/core

• wesnoth-1.14.4-1.mga6