Updated gnuchess package fix a security vulnerability
Publication date: 13 Jun 2021Modification date: 13 Jun 2021
Type: security
Affected Mageia releases : 7 , 8
CVE: CVE-2021-30184
Description
GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc. (CVE-2021-30184).
References
SRPMS
7/core
- gnuchess-6.2.6-1.1.mga7
8/core
- gnuchess-6.2.7-1.1.mga8