Advisories ยป MGASA-2023-0005

Updated minetest packages fix security vulnerability

Publication date: 13 Jan 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-35978


This update provides minetest 5.6.1, the latest stable release of the open
source voxel game. This updates provides a number of feature and bug fix
changes compared to the previous version 5.4.0 provided in Mageia 8. See
the linked release notes and changelogs for details.

The update also improves compatibility with hosted game servers, which
typically run and expect the latest stable release.

The update also fixes a security vulnerability affecting single player
with malicious mods (GHSA-663q-pcjw-27cc)

In single player, a mod could set a global setting that controls the Lua
script loaded to display the main menu. The script would be loaded as soon
as the game session is exited. The Lua environment the menu runs in was
not sandboxed and could directly  interfere with the user's system.