Mageia alert MGASA-2015-0034 (freeciv)

From:
    	     
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	     
 
updates-announce@ml.mageia.org 
Subject:
    	     
 
[updates-announce] MGASA-2015-0034: Updated freeciv packages fix a security vulnerability 
Date:
    	     
 
Wed, 21 Jan 2015 18:15:45 +0100
Message-ID:
    	     
 
<20150121171545.9DF5941F2C@valstar.mageia.org>
MGASA-2015-0034 - Updated freeciv packages fix a security vulnerability

Publication date: 21 Jan 2015
URL: http://advisories.mageia.org/MGASA-2015-0034.html
Type: security
Affected Mageia releases: 4

Description:
Updated freeciv packages to latest bugfix version, also fixing security vulnerability

Freeciv 2.4.1 in Mageia 4 was built against an embedded version of lua 5.1,
vulnerable to the following security issue:

A heap-based overflow vulnerability was found in the way Lua handles varargs
functions with many fixed parameters called with few arguments, leading to
application crashes or, potentially, arbitrary code execution (CVE-2014-5461,
mga#14038).

As of this update, Freeciv is now built against the patched system version
of lua 5.1.

This update also provides Freeciv 2.4.4, a maintenance release in the 2.4.x
stable branch with numerous bug fixes and minor new features.
See the referenced release notes for details.

References:
- https://bugs.mageia.org/show_bug.cgi?id=15038
- https://bugs.mageia.org/show_bug.cgi?id=14038
- http://freeciv.wikia.com/wiki/NEWS-2.4.2
- http://freeciv.wikia.com/wiki/NEWS-2.4.3
- http://freeciv.wikia.com/wiki/NEWS-2.4.4

SRPMS:
- 4/core/freeciv-2.4.4-1.mga4