Fedora has issued an advisory on May 21: http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106922.html Mageia 2 and 3 are affected. Patches can be found in Fedora GIT. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO, MGA2TOO
I have uploaded a patched/updated package for Mageia 2 and 3. As the patch is simply copied from Fedora, and I have found no exploit for it, I suggest to only ensure Flightgear still works lauching it with fgfs. Be carefull as it needs at least 2GB RAM and a good 3D video card. Suggested advisory: ======================== Updated flightgear packages fix security vulnerabilities: It was reported [1] that FlightGear suffers from improper handling of format strings when FlightGear is started with allowances for remote access (via the --props or --telnet commandline arguments). If a remote attacker were able to connect to FlightGear and set special parameters related with clouds, it could cause FlightGear to crash. References: http://lwn.net/Vulnerabilities/552175/ http://pkgs.fedoraproject.org/cgit/FlightGear.git/commit/?id=0c3bbb0f10bb7f313d3ae627b6fbcccfbbc224c3 ======================== Updated packages in core/updates_testing: ======================== MGA3 flightgear-2.10.0-1.1.mga3 MGA2 flightgear-2.6.0-2.3.mga2 Source RPMs: MGA3 flightgear-2.10.0-1.1.mga3 MGA2 flightgear-2.6.0-2.3.mga2
Status: NEW => ASSIGNED
Assignee: lists.jjorge => qa-bugs
Thanks José! The FlightGear blog post has an exploit. Just tweaking the advisory a bit (removing [1], adding line endings, and fixing references). Suggested advisory: ======================== Updated flightgear package fixes security vulnerability: It was reported that FlightGear suffers from improper handling of format strings when FlightGear is started with allowances for remote access (via the --props or --telnet commandline arguments). If a remote attacker were able to connect to FlightGear and set special parameters related with clouds, it could cause FlightGear to crash. References: http://kuronosec.blogspot.ca/2013/04/flightgear-remote-format-string.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106922.html ======================== Updated packages in core/updates_testing: ======================== MGA3 flightgear-2.10.0-1.1.mga3 MGA2 flightgear-2.6.0-2.3.mga2 Source RPMs: MGA3 flightgear-2.10.0-1.1.mga3 MGA2 flightgear-2.6.0-2.3.mga2
Version: Cauldron => 3Whiteboard: MGA3TOO, MGA2TOO => MGA2TOO
CC: (none) => lists.jjorge
Sorry, the following package cannot be selected: - flightgear-2.10.0-1.1.mga3.x86_64 (due to unsatisfied flightgear-base[== 2.10.0-1.1.mga3]) $ rpm -qa | grep flightgear flightgear-2.10.0-1.mga3 flightgear-data-2.10.0-1.mga3
Indeed, line 27 in this change is incorrect: http://svnweb.mageia.org/packages/cauldron/flightgear/current/SPECS/flightgear.spec?r1=389214&r2=399096 You can't require %{version}-%{release} if it's coming from a different SRPM (flightgear-base is provided by flightgear-data). You should just require %{version} at most. Is there a specific reason it's using flightgear-base instead of flightgear-data for the require? That just seems pointless and confusing.
Looking at the svnweb link, it seems it also changes the rpm group to Games/Other from Games/Simulation
(In reply to claire robinson from comment #5) > Looking at the svnweb link, it seems it also changes the rpm group to > Games/Other from Games/Simulation Oh yes, this category did not exist for in our rpm groups policy at the time. I bring it back. So this is now 3 subrel, 1 and 2 are to be removed. flightgear-2.10.0-1.3.mga3
Thanks José. Updating the subrel in the packages. Suggested advisory: ======================== Updated flightgear package fixes security vulnerability: It was reported that FlightGear suffers from improper handling of format strings when FlightGear is started with allowances for remote access (via the --props or --telnet commandline arguments). If a remote attacker were able to connect to FlightGear and set special parameters related with clouds, it could cause FlightGear to crash. References: http://kuronosec.blogspot.ca/2013/04/flightgear-remote-format-string.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106922.html ======================== Updated packages in core/updates_testing: ======================== MGA3 flightgear-2.10.0-1.3.mga3 MGA2 flightgear-2.6.0-2.3.mga2 Source RPMs: MGA3 flightgear-2.10.0-1.3.mga3 MGA2 flightgear-2.6.0-2.3.mga2
Testing completed mga3 32 Just followed the in game tutorial a bit.
Whiteboard: MGA2TOO => MGA2TOO mga3-32-ok
Testing complete Mageia 3 x86_64, Mageia 2 i586 and x86_64. Could someone from the sysadmin team push the srpm flightgear-2.10.0-1.3.mga3 from Mageia 3 Core Updates Testing to Core Updates and the srpm flightgear-2.6.0-2.3.mga2 from Mageia 2 Core Updates Testing to Core Updates. Advisory: Updated flightgear package fixes security vulnerability: It was reported that FlightGear suffers from improper handling of format strings when FlightGear is started with allowances for remote access (via the --props or --telnet commandline arguments). If a remote attacker were able to connect to FlightGear and set special parameters related with clouds, it could cause FlightGear to crash. References: http://kuronosec.blogspot.ca/2013/04/flightgear-remote-format-string.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106922.html https://bugs.mageia.org/show_bug.cgi?id=10351
Keywords: (none) => validated_updateWhiteboard: MGA2TOO mga3-32-ok => MGA2TOO mga3-32-ok MGA3-64-OK MGA2-64-OK MGA2-32-OKCC: (none) => davidwhodgins, sysadmin-bugs
Packages have been pushed to updates.
Status: ASSIGNED => RESOLVEDCC: (none) => boklmResolution: (none) => FIXED
CC: boklm => (none)