Mageia 2021-0250: gnuchess security update
Summary
GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN
(Portable Game Notation) data. This is related to a buffer overflow in the
use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay
functions in frontend/cmd.cc. (CVE-2021-30184).
References
- https://bugs.mageia.org/show_bug.cgi?id=29026
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QC74RWMDLSQGV6Z3ZABNTPABB33S4YNF/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30184
Resolution
MGASA-2021-0250 - Updated gnuchess package fix a security vulnerability
SRPMS
- 8/core/gnuchess-6.2.7-1.1.mga8
- 7/core/gnuchess-6.2.6-1.1.mga7