MGASA-2021-0250 - Updated gnuchess package fix a security vulnerability

Publication date: 13 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0250.html
Type: security
Affected Mageia releases: 7, 8
CVE: CVE-2021-30184

GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN 
(Portable Game Notation) data. This is related to a buffer overflow in the 
use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay 
functions in frontend/cmd.cc. (CVE-2021-30184).

References:
- https://bugs.mageia.org/show_bug.cgi?id=29026
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/QC74RWMDLSQGV6Z3ZABNTPABB33S4YNF/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30184

SRPMS:
- 8/core/gnuchess-6.2.7-1.1.mga8
- 7/core/gnuchess-6.2.6-1.1.mga7