MGASA-2012-0191
| Date: | August 2nd, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated flightgear and simgear packages fix security vulnerability:
Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear
2.6 and earlier allow user-assisted remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via
a (1) long string in a rotor tag of an aircraft xml model to the
Rotor::getValueforFGSet function in src/FDM/YASim/Rotor.cpp or
(2) a crafted UDP packet to the SGSocketUDP::read function in
simgear/simgear/simgear/io/sg_socket_udp.cxx (CVE-2012-2091).
Multiple format string vulnerabilities in FlightGear 2.6 and earlier
and SimGear 2.6 and earlier allow user-assisted remote attackers to
cause a denial of service and possibly execute arbitrary code via
format string specifiers in certain data chunk values in an aircraft
xml model to (1) fgfs/flightgear/src/Cockpit/panel.cxx or
(2) fgfs/flightgear/src/Network/generic.cxx, or (3) a scene graph
model to simgear/simgear/scene/model/SGText.cxx (CVE-2012-2090).
Updated Packages:
Mageia 1:
flightgear-2.0.0-4.2.mga1
lib(64)simgear2.0.0-2.0.0-3.1.mga1
lib(64)simgear-devel-2.0.0-3.1.mga1
Mageia 2:
flightgear-2.6.0-2.1.mga2
simgear-devel-2.6.0-1.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2091
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082001.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082002.html
https://bugs.mageia.org/show_bug.cgi?id=6423
