Gentoo FoundationMGASA-2015-0034Updated freeciv packages fix a security vulnerability
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.003 Low
EPSS
Percentile
69.6%
Updated freeciv packages to latest bugfix version, also fixing security vulnerability Freeciv 2.4.1 in Mageia 4 was built against an embedded version of lua 5.1, vulnerable to the following security issue: A heap-based overflow vulnerability was found in the way Lua handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution (CVE-2014-5461, mga#14038). As of this update, Freeciv is now built against the patched system version of lua 5.1. This update also provides Freeciv 2.4.4, a maintenance release in the 2.4.x stable branch with numerous bug fixes and minor new features. See the referenced release notes for details.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 4 | noarch | freeciv | <Â 2.4.4-1 | freeciv-2.4.4-1.mga4 |
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.003 Low
EPSS
Percentile
69.6%