Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in ScummVM
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in ScummVM
ID: FEDORA-2018-9a85d5af21
Distribution: Fedora
Plattformen: Fedora 28
Datum: Sa, 5. Mai 2018, 23:40
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17528
Applikationen: ScummVM

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2018-9a85d5af21
2018-05-05 20:25:39.988805
-------------------------------------------------------------------------------
-

Name : scummvm
Product : Fedora 28
Version : 2.0.0
Release : 1.fc28
URL : http://www.scummvm.org/
Summary : Interpreter for several adventure games
Description :
ScummVM is a program which allows you to run certain classic graphical
point-and-click adventure games, provided you already have their
data files.

ScummVM supports many adventure games, including LucasArts SCUMM games
(such as Monkey Island 1-3, Day of the Tentacle, Sam & Max, ...),
many of Sierra's AGI and SCI games (such as King's Quest 1-6,
Space Quest 1-5, ...), Discworld 1 and 2, Simon the Sorcerer 1 and 2,
Beneath A Steel Sky, Lure of the Temptress, Broken Sword 1 and 2,
Flight of the Amazon Queen, Gobliiins 1-3, The Legend of Kyrandia 1-3,
many of Humongous Entertainment's children's SCUMM games (including
Freddi Fish and Putt Putt games) and many more.

The complete list can be found on ScummVM's compatibility page:
http://scummvm.org/compatibility/2.0.0/

-------------------------------------------------------------------------------
-
Update Information:

Update to 2.0.0 release. * Fixes CVE-2017-17528.
-------------------------------------------------------------------------------
-
ChangeLog:

* Sun Apr 8 2018 Christian Krause <chkr@fedoraproject.org> - 2.0.0-1
- update to latest upstream (BZ 1536755)
- add upstream patch for CVE-2017-17528 (and one follow-up patch, BZ 1528426,
BZ 1528425)
- turn off virtual keyboard (the keyboard pack files are not installed
and scummvm doesn't have a global search path for them on platform
sdl/posix)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1528425 - CVE-2017-17528 scummvm: Command injection in
backends/platform/sdl/posix/posix.cpp
https://bugzilla.redhat.com/show_bug.cgi?id=1528425
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-9a85d5af21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung