LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

FlightGear: multiple vulnerabilities

Package(s):FlightGear CVE #(s):CVE-2012-2090 CVE-2012-2091
Created:June 11, 2012 Updated:August 3, 2012
Description: From the Red Hat bugzilla: [1], [2]:

[1] Multiple format string flaws were reported in the way Flight Gear, the flight simulator, and SimGear, a simulation library components performed retrieval of various data chunk values from XML aircraft (FlightGear) or scene graph (SimGear) model data files. A remote attacker could provide a specially-crafted XML model file, which once opened by a local, unsuspecting user in FlightGear / in an application linked against SimGear, would lead to that particular executable crash.

[2] A potential out-of stack-based buffer bounds write flaw was reported in the way Flight Gear, the flight simulator, retrieved rotor name for certain rotor models. A remote attacker could provide a specially-crafted rotor model XML data file, which once opened by a local, unsuspecting user in FlightGear would lead to 'fgfs' executable crash.

Alerts:
Fedora FEDORA-2012-8650 2012-06-08
Fedora FEDORA-2012-8647 2012-06-08
Fedora FEDORA-2012-8615 2012-06-09
Fedora FEDORA-2012-8650 2012-06-08
Fedora FEDORA-2012-8647 2012-06-08
Fedora FEDORA-2012-8615 2012-06-09
Mageia MGASA-2012-0191 2012-08-02
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds