Bug 23188 - freedink-dfarc new security issue CVE-2018-0496
Summary: freedink-dfarc new security issue CVE-2018-0496
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard: MGA6-64-OK
Keywords: advisory, has_procedure, validated_update
Depends on:
Blocks:
 
Reported: 2018-06-15 19:06 CEST by David Walser
Modified: 2018-06-17 23:27 CEST (History)
2 users (show)

See Also:
Source RPM: freedink-dfarc-3.12-6.mga6.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2018-06-15 19:06:14 CEST
Fedora has issued an advisory today (June 15):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/X3XW5S2QDOYDDASTBE6GBXO7SQK45NHF/

The issue is fixed upstream in 3.14.

Mageia 5 and Mageia 6 are also affected.
David Walser 2018-06-15 19:06:32 CEST

Whiteboard: (none) => MGA6TOO

Comment 1 Rémi Verschelde 2018-06-15 22:53:43 CEST
freedink-dfarc-3.14-1.mga7 pushed to Cauldron.

freedink-dfarc-3.14-1.mga6 pushed to Mageia 6 core/updates_testing.

Advisory:
=========

Updated freedink-dfarc package fixes security vulnerability

  Sylvain Beucler and Dan Walma discovered several directory traversal issues
  in DFArc (as well as in the RTsoft's Dink Smallwood HD / ProtonSDK version),
  allowing an attacker to overwrite arbitrary files on the user's system
  (CVE-2018-0496).

  This release fixes it, and brings translation updates.

References:

 - https://savannah.gnu.org/forum/forum.php?forum_id=9169


RPM in core/updates_testing:
============================

freedink-dfarc-3.14-1.mga6

SRPM in core/updates_testing:
=============================

freedink-dfarc-3.14-1.mga6

Assignee: rverschelde => qa-bugs
Version: Cauldron => 6
Whiteboard: MGA6TOO => (none)

Comment 2 Rémi Verschelde 2018-06-15 23:00:42 CEST
Advisory uploaded.

Testing procedure:
==================

freedink-dfarc is a launcher for the game FreeDink (package 'freedink'), which lets you install, manage and edit "D-Mods", which are downloadable data packs to play alternative campaigns with the FreeDink engine.

Installing freedink-dfarc should pull in the freedink game and data, and running /usr/bin/freedink-dfarc should let you start the game with the "Dink Smallwood v1.08" data pack installed by default.

You can download D-Mods on http://www.dinknetwork.com/files/category_dmod/ (link available from DFArc) and use File > Open to copy them in DFArc's games path. The installed D-Mod can then be played, edited or repacked into a new D-Mod after edition.

Keywords: (none) => advisory, has_procedure

Comment 3 Rémi Verschelde 2018-06-15 23:39:09 CEST
I did a quick functionality test of freedink-dfarc-3.14-1.mga6 on Mageia 6 x86_64 and it seems working. The map editor doesn't seem very easy to use, but then it's a relatively old game :)

I did not check how to reproduce the CVE and confirm that it was fixed, but since this package is a leaf application and potential regressions would not impact any critical workflow, I think it can be validated as is - but I'll let another QA member decide, as I did both the packaging and the testing so far.

Whiteboard: (none) => MGA6-64-OK

Comment 4 Len Lawrence 2018-06-17 13:09:47 CEST
Thanks for your tests Rémi.
Had a go myself.  Checked the CVE but could not find any screen with "Package" on it, nor in Map-Edit.

Updated and launched the game.
Smallwood went looking for the pigsty, in the wrong direction and had to reverse.  Found them and managed to persuade one pig to come out but could not figure out how to feed it.  It does look as though it is working though.  Seconding the OK and validating.

Whiteboard: MGA6-64-OK => MGA6-64-OK
Keywords: (none) => validated_update
CC: (none) => tarazed25, sysadmin-bugs

Comment 5 Mageia Robot 2018-06-17 23:27:16 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0287.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.