-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:205
http://www.mandriva.com/security/
_______________________________________________________________________
Package : freeciv
Date : October 15, 2010
Affected: 2010.0, 2010.1
_______________________________________________________________________
Problem Description:
A vulnerability was discovered and corrected in freeciv:
freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to
read arbitrary files or execute arbitrary commands via scenario
that contains Lua functionality, related to the (1) os, (2) io, (3)
package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8)
require modules or functions (CVE-2010-2445).
The updated packages have been upgraded to v2.2.1 which is not
vulnerable to this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2445
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.0:
f2e462016bfa51641c707193f15050b4 2010.0/i586/freeciv-client-2.2.1-0.1mdv2010.0.i586.rpm
7e28a7979376addeac1ece3abcd00865 2010.0/i586/freeciv-data-2.2.1-0.1mdv2010.0.i586.rpm
ed7806f924cc1ecaf780ab6a73484b86 2010.0/i586/freeciv-server-2.2.1-0.1mdv2010.0.i586.rpm
9447db00f5008ab4373bd4c03af7bc4b 2010.0/SRPMS/freeciv-2.2.1-0.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
8f268efc340ce284141c20a1fb345df8 2010.0/x86_64/freeciv-client-2.2.1-0.1mdv2010.0.x86_64.rpm
eaeb56096e20284e194ee28f212deb05 2010.0/x86_64/freeciv-data-2.2.1-0.1mdv2010.0.x86_64.rpm
aa1376b65f2c4e2577dfcebbb6818894 2010.0/x86_64/freeciv-server-2.2.1-0.1mdv2010.0.x86_64.rpm
9447db00f5008ab4373bd4c03af7bc4b 2010.0/SRPMS/freeciv-2.2.1-0.1mdv2010.0.src.rpm
Mandriva Linux 2010.1:
2d1e4377d45abcc5665c26f02d4307aa 2010.1/i586/freeciv-client-2.2.1-0.1mdv2010.1.i586.rpm
3ca4f6fc9f371c8d5582a1b8ad4b6287 2010.1/i586/freeciv-data-2.2.1-0.1mdv2010.1.i586.rpm
374b4e4171e1616443c9c02bf6fbfe6d 2010.1/i586/freeciv-server-2.2.1-0.1mdv2010.1.i586.rpm
00d1331c2e1cf23b38fb97fb461d2329 2010.1/SRPMS/freeciv-2.2.1-0.1mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64:
745e0b2e0766e83df352579cc233aae4 2010.1/x86_64/freeciv-client-2.2.1-0.1mdv2010.1.x86_64.rpm
c6d9f073d456bb7970a27352eb613d6b 2010.1/x86_64/freeciv-data-2.2.1-0.1mdv2010.1.x86_64.rpm
d4557ce2c4772e5da2457f6f38a8b37a 2010.1/x86_64/freeciv-server-2.2.1-0.1mdv2010.1.x86_64.rpm
00d1331c2e1cf23b38fb97fb461d2329 2010.1/SRPMS/freeciv-2.2.1-0.1mdv2010.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMuCVXmqjQ0CJFipgRAjmyAJ9O8CcnkJ9IBNEL6rlSc2C/+H6tkwCfWsOj
4EvFV7Efhy5TCTSqyYhN9lg=
=NK6h
-----END PGP SIGNATURE-----
