Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Gentoo: GLSA-201603-12 Normal: FlightGear and SimGear Denial of Service

gentoo
Calendar Grey March 13, 2016
Dist Gentoo Esm H88
The Gentoo Linux Security Advisory GLSA 201603-12 reveals serious vulnerabilities in FlightGear and SimGear, leading to risks of RCE and DoS attacks affecting systems
Multiple vulnerabilities have been found in FlightGear and SimGear allowing remote attackers to cause Denial of Service and possibly execute arbitrary code

Summary

Multiple format string vulnerabilities in FlightGear and SimGear allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model.

Topics%20covered

Topics Covered

security advisory Denial of Service normal FlightGear SimGear

Resolution

All Flightgear users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=games-simulation/flightgear-3.4.0"
All Simgear users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=games-simulation/simgear-3.4.0"

References

[ 1 ] CVE-2012-2090 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2090 [ 2 ] CVE-2012-2091 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2091

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201603-12
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: Normal
Title: FlightGear, SimGear: Multiple vulnerabilities
Date: March 12, 2016
Bugs: #426502, #468106
ID: 201603-12

Topics%20covered

Topics Covered

security advisory Denial of Service normal FlightGear SimGear

Synopsis

Multiple vulnerabilities have been found in FlightGear and SimGear allowing remote attackers to cause Denial of Service and possibly execute arbitrary code.

Background

FlightGear is an open-source flight simulator. It supports a variety of popular platforms (Windows, Mac, Linux, etc.) and is developed by skilled volunteers from around the world. Source code for the entire

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 games-simulation/flightgear < 3.4.0 >= 3.4.0 2 games-simulation/simgear < 3.4.0 >= 3.4.0 ------------------------------------------------------------------- 2 affected packages

Impact

===== Remote attackers could possibly execute arbitrary code or cause Denial of Service.

Workaround

There is no known workaround at this time.

Your message here