| Summary: | gnuchess new security issue CVE-2021-30184 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, geiger.david68210, hdetavernier, nicolas.salguero, ouaurelien, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7TOO MGA7-64-OK MGA8-64-OK | ||
| Source RPM: | gnuchess-6.2.7-1.mga8.src.rpm | CVE: | CVE-2021-30184 |
| Status comment: | |||
|
Description
David Walser
2021-05-29 22:30:57 CEST
David Walser
2021-05-29 22:31:16 CEST
Whiteboard:
(none) =>
MGA8TOO, MGA7TOO This SRPM has various committeres, so assigning the bug globally. DavidG already CC'd. Assignee:
bugsquad =>
pkg-bugs Suggested advisory: ======================== The updated package fixes a security vulnerability: GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc. (CVE-2021-30184) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30184 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QC74RWMDLSQGV6Z3ZABNTPABB33S4YNF/ ======================== Updated package in 7/core/updates_testing: ======================== gnuchess-6.2.6-1.1.mga7 from SRPM: gnuchess-6.2.6-1.1.mga7.src.rpm Updated package in 8/core/updates_testing: ======================== gnuchess-6.2.7-1.1.mga8 from SRPM: gnuchess-6.2.7-1.1.mga8.src.rpm Status:
NEW =>
ASSIGNED Mga 8 x64 KDE No installation issues. Name : gnuchess Version : 6.2.7 Release : 1.1.mga8 Group : Games/Boards Size : 3636222 Architecture: x86_64 Tested with xboard Name : xboard Version : 4.9.1 Release : 6.mga8 Group : Games/Boards Size : 4427031 Architecture: x86_64 No problems detected. CC:
(none) =>
hdetavernier Mga7-64 Plasma in VirtualBox. No installation issues. tested with xboard, seemed good. Giving this two OKs, and validating. Advisory in Comment 2. Whiteboard:
MGA7TOO =>
MGA7TOO MGA7-64-OK MGA8-64-OK
Aurelien Oudelet
2021-06-13 21:51:26 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0250.html Resolution:
(none) =>
FIXED |