A security issue in wesnoth has been fixed and assigned a CVE: http://openwall.com/lists/oss-security/2018/07/22/1 The issue was fixed upstream in 1.14.4. I don't know if any other games are affected (it sounds like it could be a more general problem with lua scripting engines) like corsixth (whose author apparently reported the issue). Mageia 5 and Mageia 6 are also affected.
CC: (none) => stormi-mageiaWhiteboard: (none) => MGA6TOO
wesnoth-1.14.4-1.mga7 pushed to Cauldron, wesnoth-1.14.4-1.mga7 to 6 core/updates_testing. > I don't know if any other games are affected (it sounds like it could be > a more general problem with lua scripting engines) like corsixth (whose author > apparently reported the issue). I'll do some research about this. Advisory: ========= Updated wesnoth packages fix security vulnerability The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and player content (CVE-2018-1999023). This is fixed in version 1.14.4, together with several non-security-related bug fixes and enhancements. References: - https://github.com/wesnoth/wesnoth/blob/1.14.4/changelog.md - http://openwall.com/lists/oss-security/2018/07/22/1 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1999023 RPMs in core/updates_testing: ============================= wesnoth-1.14.4-1.mga6 wesnoth-data-1.14.4-1.mga6.noarch wesnoth-server-1.14.4-1.mga6 SRPM in core/updates_testing: ============================= wesnoth-1.14.4-1.mga6
Version: Cauldron => 6Source RPM: wesnoth-1.14.3-1.mga7.src.rpm => wesnoth-1.14.3-1.mga6Whiteboard: MGA6TOO => (none)
Assignee: rverschelde => qa-bugs
Tested OK on Mageia 6 x86_64, the game runs fine and could still load my saved games from an earlier version.
Whiteboard: (none) => MGA6-64-OK
Advisory uploaded, validating.
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0325.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED