| Summary: | gnuchess new security issue CVE-2019-15767 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, brtians1, geiger.david68210, sysadmin-bugs, tmb |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | gnuchess-6.2.5-3.mga7.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2020-04-28 03:46:39 CEST
David Walser
2020-04-28 03:46:52 CEST
Status comment:
(none) =>
Fixed upstream in 6.2.6 Done for mga7! Advisory: ======================== Updated gnuchess package fixes security vulnerability: A vulnerability was found in GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file (CVE-2019-15767). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15767 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TB4FURVE4C35UDXGAAHJL5NIHJQ3WDZT/ ======================== Updated packages in core/updates_testing: ======================== gnuchess-6.2.6-1.mga7 from gnuchess-6.2.6-1.mga7.src.rpm CC:
(none) =>
geiger.david68210 Installed was able to start it at the command line. installed xboard - that worked as well. good enough to me. CC:
(none) =>
brtians1
Brian Rockwell
2020-04-29 14:43:19 CEST
Whiteboard:
(none) =>
MGA7-64-OK Validating. Advisory in Comment 2. Keywords:
(none) =>
validated_update
Thomas Backlund
2020-05-05 11:36:35 CEST
CC:
(none) =>
tmb An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0194.html Resolution:
(none) =>
FIXED |