MGASA-2021-0250 - Updated gnuchess package fix a security vulnerability Publication date: 13 Jun 2021 URL: https://advisories.mageia.org/MGASA-2021-0250.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2021-30184 GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc. (CVE-2021-30184). References: - https://bugs.mageia.org/show_bug.cgi?id=29026 - https://lists.fedoraproject.org/archives/list/[email protected]/thread/QC74RWMDLSQGV6Z3ZABNTPABB33S4YNF/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30184 SRPMS: - 8/core/gnuchess-6.2.7-1.1.mga8 - 7/core/gnuchess-6.2.6-1.1.mga7
Mageia 2021-0250: gnuchess security update
GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data
Summary
GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN
(Portable Game Notation) data. This is related to a buffer overflow in the
use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay
functions in frontend/cmd.cc. (CVE-2021-30184).
References
- https://bugs.mageia.org/show_bug.cgi?id=29026
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/QC74RWMDLSQGV6Z3ZABNTPABB33S4YNF/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30184
Resolution
MGASA-2021-0250 - Updated gnuchess package fix a security vulnerability
SRPMS
- 8/core/gnuchess-6.2.7-1.1.mga8
- 7/core/gnuchess-6.2.6-1.1.mga7
Severity
Publication date: 13 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0250.html
Type: security
CVE: CVE-2021-30184
News
HOWTOs
Features
About Us
Powered By
