Freeciv 2.4.4 has been released with bug fixes and a security fix for CVE-2014-5461 in its embedded lua5.1 copy. Freeciv can actually be built against the system lua5.1 version (which has already been patched for the security flaw), but this was not done for Freeciv 2.4.1 in Mageia 4. So since an update must be made, I also include the numerous bug fixes and minor new features of the 2.4.x stable branch.
Suggested advisory: =================== Updated freeciv packages to latest bugfix version, also fixing security vulnerability Freeciv 2.4.1 in Mageia 4 was built against an embedded version of lua 5.1, vulnerable to the following security issue: A heap-based overflow vulnerability was found in the way Lua handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution (CVE-2014-5461, mga#14038). As of this update, Freeciv is now built against the patched system version of lua 5.1. This update also provides Freeciv 2.4.4, a maintenance release in the 2.4.x stable branch with numerous bug fixes and minor new features. See the referenced release notes for details. References: - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5461 - https://bugs.mageia.org/show_bug.cgi?id=14038 - http://freeciv.wikia.com/wiki/NEWS-2.4.2 - http://freeciv.wikia.com/wiki/NEWS-2.4.3 - http://freeciv.wikia.com/wiki/NEWS-2.4.4 RPMS in core/updates_testing: ============================= freeciv-client-2.4.4-1.mga4 freeciv-data-2.4.4-1.mga4.noarch freeciv-server-2.4.4-1.mga4 from SRPM: freeciv-2.4.4-1.mga4
CC: (none) => lists.jjorgeSource RPM: (none) => freeciv-2.4.1-1.mga4Assignee: bugsquad => qa-bugsComponent: RPM Packages => Security
Lua was already updated and pushed so it's sufficient to test this game is still working with the update installed.
Whiteboard: (none) => has_procedure
In VirtualBox, M4, KDE, 32-bit Package(s) under test: freeciv-server freeciv-client default install of freeciv-server & freeciv-client [root@localhost wilcal]# urpmi freeciv-client Package freeciv-client-2.4.1-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi freeciv-server Package freeciv-server-2.4.1-1.mga4.i586 is already installed install creates Menu -> Games -> Freeciv & Freeciv server launch icons Launching Freeciv I can play the game. Launching Freeciv server then launching Freeciv I can connect to the freeciv server at localhost:5556 and start a game. install freeciv-server & freeciv-client from updates_testing [root@localhost wilcal]# urpmi freeciv-client Package freeciv-client-2.4.4-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi freeciv-server Package freeciv-server-2.4.4-1.mga4.i586 is already installed Launching Freeciv I can play the game. Launching Freeciv server then launching Freeciv I can connect to the freeciv server at localhost:5556 and start a game. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
Whiteboard: has_procedure => has_procedure MGA4-32-OKCC: (none) => wilcal.int
In VirtualBox, M4, KDE, 64-bit Package(s) under test: freeciv-server freeciv-client default install of freeciv-server & freeciv-client [root@localhost wilcal]# urpmi freeciv-client Package freeciv-client-2.4.1-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi freeciv-server Package freeciv-server-2.4.1-1.mga4.x86_64 is already installed install creates Menu -> Games -> Freeciv & Freeciv server launch icons Launching Freeciv I can play the game. Launching Freeciv server then launching Freeciv I can connect to the freeciv server at localhost:5556 and start a game. install freeciv-server & freeciv-client from updates_testing [root@localhost wilcal]# urpmi freeciv-client Package freeciv-client-2.4.4-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi freeciv-server Package freeciv-server-2.4.4-1.mga4.x86_64 is already installed Launching Freeciv I can play the game. Launching Freeciv server then launching Freeciv I can connect to the freeciv server at localhost:5556 and start a game. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
This update works fine. Testing complete for mga4 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push this to updates. Thanks
CC: (none) => sysadmin-bugsWhiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK MGA4-64-OKKeywords: (none) => validated_update
Advisory uploaded.
Whiteboard: has_procedure MGA4-32-OK MGA4-64-OK => has_procedure advisory MGA4-32-OK MGA4-64-OK
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0034.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/610398/