Fedora 27 ScummVM Command Injection Fix Critical 2018-d275e6ff0c

ScummVM is a program which allows you to run certain classic graphical

point-and-click adventure games, provided you already have their

data files.

ScummVM supports many adventure games, including LucasArts SCUMM games

(such as Monkey Island 1-3, Day of the Tentacle, Sam & Max, ...),

many of Sierra's AGI and SCI games (such as King's Quest 1-6,

Space Quest 1-5, ...), Discworld 1 and 2, Simon the Sorcerer 1 and 2,

Beneath A Steel Sky, Lure of the Temptress, Broken Sword 1 and 2,

Flight of the Amazon Queen, Gobliiins 1-3, The Legend of Kyrandia 1-3,

many of Humongous Entertainment's children's SCUMM games (including

Freddi Fish and Putt Putt games) and many more.

The complete list can be found on ScummVM's compatibility page:

https://www.scummvm.org/compatibility/2.0.0/

Update to 2.0.0 release. * Fixes CVE-2017-17528.

* Sun Apr 8 2018 Christian Krause - 2.0.0-1

- update to latest upstream (BZ 1536755)

- add upstream patch for CVE-2017-17528 (and one follow-up patch, BZ 1528426,

BZ 1528425)

- turn off virtual keyboard (the keyboard pack files are not installed

and scummvm doesn't have a global search path for them on platform sdl/posix)

[ 1 ] Bug #1528425 - CVE-2017-17528 scummvm: Command injection in backends/platform/sdl/posix/posix.cpp

https://bugzilla.redhat.com/show_bug.cgi?id=1528425

su -c 'dnf upgrade --advisory FEDORA-2018-d275e6ff0c' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org