From Mageia wiki
Jump to: navigation, search

MGASA-2012-0334

Date: November 21st, 2012
Affected releases: 1, 2


Description:
Updated plib package fixes security vulnerability:

Plib is prone to stack based Buffer overflow in the error function in
ssg/ssgParser.cxx when it loads 3d model files as X (Direct x), ASC, ASE,
ATG, and OFF, if a very long error message is passed to the function
(CVE-2012-4552).

Additionally, the torcs, flightgear, tuxkart, speed-dreams, and tux_aqfh
packages have been rebuilt to include the updated library.


Updated Packages:
Mageia 1:
plib-devel-1.8.5-3.2.mga1
flightgear-2.0.0-4.3.mga1
torcs-1.3.1-7.3.mga1
torcs-robots-base-1.3.1-7.3.mga1
torcs-robots-berniw-1.3.1-7.3.mga1
torcs-robots-bt-1.3.1-7.3.mga1
torcs-robots-olethros-1.3.1-7.3.mga1
tuxkart-0.4.0-10.2.mga1

Mageia 2:
plib-devel-1.8.5-4.1.mga2
flightgear-2.6.0-2.2.mga2
speed-dreams-2.0.0-1.1.mga2
speed-dreams-robots-hq-2.0.0-1.1.mga2
speed-dreams-robots-more-hq-2.0.0-1.1.mga2
speed-dreams-robots-wip-2.0.0-1.1.mga2
speed-dreams-devel-2.0.0-1.1.mga2
torcs-1.3.3-2.1.mga2
torcs-robots-base-1.3.3-2.1.mga2
torcs-robots-berniw-1.3.3-2.1.mga2
torcs-robots-bt-1.3.3-2.1.mga2
torcs-robots-olethros-1.3.3-2.1.mga2
tuxkart-0.4.0-11.1.mga2
tux_aqfh-1.0.14-13.1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4552
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091937.html
https://bugs.mageia.org/show_bug.cgi?id=8066