-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:205 http://www.mandriva.com/security/ _______________________________________________________________________ Package : freeciv Date : October 15, 2010 Affected: 2010.0, 2010.1 _______________________________________________________________________ Problem Description: A vulnerability was discovered and corrected in freeciv: freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions (CVE-2010-2445). The updated packages have been upgraded to v2.2.1 which is not vulnerable to this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2445 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.0: f2e462016bfa51641c707193f15050b4 2010.0/i586/freeciv-client-2.2.1-0.1mdv2010.0.i586.rpm 7e28a7979376addeac1ece3abcd00865 2010.0/i586/freeciv-data-2.2.1-0.1mdv2010.0.i586.rpm ed7806f924cc1ecaf780ab6a73484b86 2010.0/i586/freeciv-server-2.2.1-0.1mdv2010.0.i586.rpm 9447db00f5008ab4373bd4c03af7bc4b 2010.0/SRPMS/freeciv-2.2.1-0.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 8f268efc340ce284141c20a1fb345df8 2010.0/x86_64/freeciv-client-2.2.1-0.1mdv2010.0.x86_64.rpm eaeb56096e20284e194ee28f212deb05 2010.0/x86_64/freeciv-data-2.2.1-0.1mdv2010.0.x86_64.rpm aa1376b65f2c4e2577dfcebbb6818894 2010.0/x86_64/freeciv-server-2.2.1-0.1mdv2010.0.x86_64.rpm 9447db00f5008ab4373bd4c03af7bc4b 2010.0/SRPMS/freeciv-2.2.1-0.1mdv2010.0.src.rpm Mandriva Linux 2010.1: 2d1e4377d45abcc5665c26f02d4307aa 2010.1/i586/freeciv-client-2.2.1-0.1mdv2010.1.i586.rpm 3ca4f6fc9f371c8d5582a1b8ad4b6287 2010.1/i586/freeciv-data-2.2.1-0.1mdv2010.1.i586.rpm 374b4e4171e1616443c9c02bf6fbfe6d 2010.1/i586/freeciv-server-2.2.1-0.1mdv2010.1.i586.rpm 00d1331c2e1cf23b38fb97fb461d2329 2010.1/SRPMS/freeciv-2.2.1-0.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: 745e0b2e0766e83df352579cc233aae4 2010.1/x86_64/freeciv-client-2.2.1-0.1mdv2010.1.x86_64.rpm c6d9f073d456bb7970a27352eb613d6b 2010.1/x86_64/freeciv-data-2.2.1-0.1mdv2010.1.x86_64.rpm d4557ce2c4772e5da2457f6f38a8b37a 2010.1/x86_64/freeciv-server-2.2.1-0.1mdv2010.1.x86_64.rpm 00d1331c2e1cf23b38fb97fb461d2329 2010.1/SRPMS/freeciv-2.2.1-0.1mdv2010.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMuCVXmqjQ0CJFipgRAjmyAJ9O8CcnkJ9IBNEL6rlSc2C/+H6tkwCfWsOj 4EvFV7Efhy5TCTSqyYhN9lg= =NK6h -----END PGP SIGNATURE-----