| Summary: | gnuchess new security issue CVE-2015-8972 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, marja11, panasum, sysadmin-bugs |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/706844/ | ||
| Whiteboard: | MGA5-64-OK advisory | ||
| Source RPM: | gnuchess-6.1.1-3.mga5.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2016-11-14 21:56:27 CET
David Walser
2016-11-14 21:56:37 CET
CC:
(none) =>
rverschelde Assigning to all packagers collectively, since there is no registered maintainer for this package. CC:
(none) =>
marja11 Patched package uploaded for Mageia 5. Advisory: ======================== Updated gnuchess package fixes security vulnerability: gnuchess before 6.2.4 is vulnerable to a stack buffer overflow related to user move input, where 160 characters of input can crash gnuchess (CVE-2015-8972). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8972 http://openwall.com/lists/oss-security/2016/11/14/12 ======================== Updated packages in core/updates_testing: ======================== gnuchess-6.1.1-3.1.mga5 from gnuchess-6.1.1-3.1.mga5.src.rpm CC:
rverschelde =>
(none) Tested on a 64 bits Mageia 5 installation, real hardware. Using xboard front-end played a game gnuchess vs. gnuchess, before and after the update. The game finished with both versions. CC:
(none) =>
panasum
Dave Hodgins
2016-11-17 20:33:14 CET
Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0390.html Status:
NEW =>
RESOLVED
David Walser
2016-11-18 17:30:00 CET
URL:
(none) =>
http://lwn.net/Vulnerabilities/706844/ |