| Summary: | Update candidate: freeciv 2.4.4: bug fixes and fix for CVE-2014-5461 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Rémi Verschelde <rverschelde> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | lists.jjorge, sysadmin-bugs, wilcal.int |
| Version: | 4 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/610398/ | ||
| Whiteboard: | has_procedure advisory MGA4-32-OK MGA4-64-OK | ||
| Source RPM: | freeciv-2.4.1-1.mga4 | CVE: | |
| Status comment: | |||
|
Description
Rémi Verschelde
2015-01-13 22:20:23 CET
Suggested advisory: =================== Updated freeciv packages to latest bugfix version, also fixing security vulnerability Freeciv 2.4.1 in Mageia 4 was built against an embedded version of lua 5.1, vulnerable to the following security issue: A heap-based overflow vulnerability was found in the way Lua handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution (CVE-2014-5461, mga#14038). As of this update, Freeciv is now built against the patched system version of lua 5.1. This update also provides Freeciv 2.4.4, a maintenance release in the 2.4.x stable branch with numerous bug fixes and minor new features. See the referenced release notes for details. References: - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5461 - https://bugs.mageia.org/show_bug.cgi?id=14038 - http://freeciv.wikia.com/wiki/NEWS-2.4.2 - http://freeciv.wikia.com/wiki/NEWS-2.4.3 - http://freeciv.wikia.com/wiki/NEWS-2.4.4 RPMS in core/updates_testing: ============================= freeciv-client-2.4.4-1.mga4 freeciv-data-2.4.4-1.mga4.noarch freeciv-server-2.4.4-1.mga4 from SRPM: freeciv-2.4.4-1.mga4 CC:
(none) =>
lists.jjorge Lua was already updated and pushed so it's sufficient to test this game is still working with the update installed. Whiteboard:
(none) =>
has_procedure In VirtualBox, M4, KDE, 32-bit Package(s) under test: freeciv-server freeciv-client default install of freeciv-server & freeciv-client [root@localhost wilcal]# urpmi freeciv-client Package freeciv-client-2.4.1-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi freeciv-server Package freeciv-server-2.4.1-1.mga4.i586 is already installed install creates Menu -> Games -> Freeciv & Freeciv server launch icons Launching Freeciv I can play the game. Launching Freeciv server then launching Freeciv I can connect to the freeciv server at localhost:5556 and start a game. install freeciv-server & freeciv-client from updates_testing [root@localhost wilcal]# urpmi freeciv-client Package freeciv-client-2.4.4-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi freeciv-server Package freeciv-server-2.4.4-1.mga4.i586 is already installed Launching Freeciv I can play the game. Launching Freeciv server then launching Freeciv I can connect to the freeciv server at localhost:5556 and start a game. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64 Whiteboard:
has_procedure =>
has_procedure MGA4-32-OK In VirtualBox, M4, KDE, 64-bit Package(s) under test: freeciv-server freeciv-client default install of freeciv-server & freeciv-client [root@localhost wilcal]# urpmi freeciv-client Package freeciv-client-2.4.1-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi freeciv-server Package freeciv-server-2.4.1-1.mga4.x86_64 is already installed install creates Menu -> Games -> Freeciv & Freeciv server launch icons Launching Freeciv I can play the game. Launching Freeciv server then launching Freeciv I can connect to the freeciv server at localhost:5556 and start a game. install freeciv-server & freeciv-client from updates_testing [root@localhost wilcal]# urpmi freeciv-client Package freeciv-client-2.4.4-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi freeciv-server Package freeciv-server-2.4.4-1.mga4.x86_64 is already installed Launching Freeciv I can play the game. Launching Freeciv server then launching Freeciv I can connect to the freeciv server at localhost:5556 and start a game. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64 This update works fine. Testing complete for mga4 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push this to updates. Thanks CC:
(none) =>
sysadmin-bugs Advisory uploaded. Whiteboard:
has_procedure MGA4-32-OK MGA4-64-OK =>
has_procedure advisory MGA4-32-OK MGA4-64-OK An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0034.html Status:
NEW =>
RESOLVED
David Walser
2015-01-22 18:23:00 CET
URL:
(none) =>
http://lwn.net/Vulnerabilities/610398/ |