Sicherheit: Ausführen beliebiger Kommandos in ScummVM
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in ScummVM
ID: FEDORA-2018-d275e6ff0c
Distribution: Fedora
Plattformen: Fedora 27
Datum: So, 6. Mai 2018, 11:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17528
Applikationen: ScummVM


Fedora Update Notification
2018-05-05 22:24:26.609481

Name : scummvm
Product : Fedora 27
Version : 2.0.0
Release : 1.fc27
URL : http://www.scummvm.org/
Summary : Interpreter for several adventure games
Description :
ScummVM is a program which allows you to run certain classic graphical
point-and-click adventure games, provided you already have their
data files.

ScummVM supports many adventure games, including LucasArts SCUMM games
(such as Monkey Island 1-3, Day of the Tentacle, Sam & Max, ...),
many of Sierra's AGI and SCI games (such as King's Quest 1-6,
Space Quest 1-5, ...), Discworld 1 and 2, Simon the Sorcerer 1 and 2,
Beneath A Steel Sky, Lure of the Temptress, Broken Sword 1 and 2,
Flight of the Amazon Queen, Gobliiins 1-3, The Legend of Kyrandia 1-3,
many of Humongous Entertainment's children's SCUMM games (including
Freddi Fish and Putt Putt games) and many more.

The complete list can be found on ScummVM's compatibility page:

Update Information:

Update to 2.0.0 release. * Fixes CVE-2017-17528.

* Sun Apr 8 2018 Christian Krause <chkr@fedoraproject.org> - 2.0.0-1
- update to latest upstream (BZ 1536755)
- add upstream patch for CVE-2017-17528 (and one follow-up patch, BZ 1528426,
BZ 1528425)
- turn off virtual keyboard (the keyboard pack files are not installed
and scummvm doesn't have a global search path for them on platform

[ 1 ] Bug #1528425 - CVE-2017-17528 scummvm: Command injection in

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-d275e6ff0c' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux @Twitter
Neue Nachrichten