|
|
Subscribe / Log in / New account

Mageia alert MGASA-2015-0154 (wesnoth)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2015-0154: Updated wesnoth packages fix CVE-2015-0844 


Date:
    	      Wed, 15 Apr 2015 11:02:02 +0200


Message-ID:
    	      <20150415090202.AF31B4894B@valstar.mageia.org>


MGASA-2015-0154 - Updated wesnoth packages fix CVE-2015-0844

Publication date: 15 Apr 2015
URL: http://advisories.mageia.org/MGASA-2015-0154.html
Type: security
Affected Mageia releases: 4
CVE: CVE-2015-0844

Description:
Updated wesnoth packages fix security vulnerability

A severe security vulnerability in Battle of Wesnoth's game client was found
which could allow a malicious user to obtain personal files and information
from other players in networked multiplayer games using the built-in WML/Lua
API on any platform (CVE-2015-0844).

Upstream announces that all content currently on the official Wesnoth.org
add-ons server (add-ons.wesnoth.org) has been inspected to confirm that none
of it exploits this vulnerability.

References:
- https://bugs.mageia.org/show_bug.cgi?id=15685
- http://forums.wesnoth.org/viewtopic.php?t=41872
- https://github.com/wesnoth/wesnoth/commit/af61f9fdd15cd43...
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0844

SRPMS:
- 4/core/wesnoth-1.10.7-2.1.mga4
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds