23338 – wesnoth new security issue CVE-2018-1999023

Bug 23338 - wesnoth new security issue CVE-2018-1999023

Summary: wesnoth new security issue CVE-2018-1999023

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	6
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA6-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2018-07-22 18:09 CEST by David Walser
Modified:	2018-07-25 10:25 CEST (History)
CC List:	2 users (show)

See Also:
Source RPM:	wesnoth-1.14.3-1.mga6
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2018-07-22 18:09:18 CEST

A security issue in wesnoth has been fixed and assigned a CVE:
http://openwall.com/lists/oss-security/2018/07/22/1

The issue was fixed upstream in 1.14.4.

I don't know if any other games are affected (it sounds like it could be a more general problem with lua scripting engines) like corsixth (whose author apparently reported the issue).

Mageia 5 and Mageia 6 are also affected.

David Walser 2018-07-22 18:09:32 CEST

CC: (none) => stormi-mageia
Whiteboard: (none) => MGA6TOO

Comment 1 Rémi Verschelde 2018-07-23 18:40:46 CEST

wesnoth-1.14.4-1.mga7 pushed to Cauldron, wesnoth-1.14.4-1.mga7 to 6 core/updates_testing.

> I don't know if any other games are affected (it sounds like it could be 
> a more general problem with lua scripting engines) like corsixth (whose author
> apparently reported the issue).

I'll do some research about this.

Advisory:
=========

Updated wesnoth packages fix security vulnerability

  The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code
  Injection vulnerability in the Lua scripting engine that can result in code
  execution outside the sandbox. This attack appear to be exploitable via
  Loading specially-crafted saved games, networked games, replays, and player
  content (CVE-2018-1999023).

  This is fixed in version 1.14.4, together with several non-security-related
  bug fixes and enhancements.

References:
 - https://github.com/wesnoth/wesnoth/blob/1.14.4/changelog.md
 - http://openwall.com/lists/oss-security/2018/07/22/1
 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1999023


RPMs in core/updates_testing:
=============================

wesnoth-1.14.4-1.mga6
wesnoth-data-1.14.4-1.mga6.noarch
wesnoth-server-1.14.4-1.mga6

SRPM in core/updates_testing:
=============================

wesnoth-1.14.4-1.mga6

Version: Cauldron => 6
Source RPM: wesnoth-1.14.3-1.mga7.src.rpm => wesnoth-1.14.3-1.mga6
Whiteboard: MGA6TOO => (none)

Rémi Verschelde 2018-07-23 18:42:03 CEST

Assignee: rverschelde => qa-bugs

Comment 2 Rémi Verschelde 2018-07-24 09:33:21 CEST

Tested OK on Mageia 6 x86_64, the game runs fine and could still load my saved games from an earlier version.

Whiteboard: (none) => MGA6-64-OK

Comment 3 Rémi Verschelde 2018-07-24 09:34:27 CEST

Advisory uploaded, validating.

Keywords: (none) => advisory, validated_update
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2018-07-25 10:25:37 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0325.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.