Mageia 7 MGASA-2020-0190: Critical Crawl Remote Code Execution
mageia
May 5, 2020
Updated crawl packages fix security vulnerability crawl 0.24.0 and earlier are subject to possible remote code evaluation with lua loadstring (CVE-2020-11722)
Summary
Updated crawl packages fix security vulnerability
crawl 0.24.0 and earlier are subject to possible remote code evaluation
with lua loadstring (CVE-2020-11722).
This update fixes it, also updating crawl from version 0.23.2 to 0.24.1,
with the following main gameplay changes:
* Vampire species simplified
* Thrown weapons streamlined
* Fedhas reimagined
* Sif Muna reworked
References
- https://bugs.mageia.org/show_bug.cgi?id=26552
- - https://raw.githubusercontent.com/crawl/crawl/0.24.1/crawl-ref/docs/changelog.txt
- https://github.com/crawl/crawl/commits/a250c9d538d3db384407f7e61470e8ec65ad5b83
- https://www.cve.org/CVERecord?id=CVE-2020-11722
Resolution
SRPMS
- 7/core/crawl-0.24.1-2.ga250c9d538.1.mga7
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 05 May 2020
URL: https://advisories.mageia.org/MGASA-2020-0190.html
Type: security
CVE: CVE-2020-11722
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!