Advisories » MGASA-2021-0250

Updated gnuchess package fix a security vulnerability

Publication date: 13 Jun 2021
Modification date: 13 Jun 2021
Type: security
Affected Mageia releases : 7 , 8
CVE: CVE-2021-30184

Description

GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN 
(Portable Game Notation) data. This is related to a buffer overflow in the 
use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay 
functions in frontend/cmd.cc. (CVE-2021-30184).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=29026
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QC74RWMDLSQGV6Z3ZABNTPABB33S4YNF/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30184

SRPMS

7/core

• gnuchess-6.2.6-1.1.mga7

8/core

• gnuchess-6.2.7-1.1.mga8