Stay Secure with the Latest Linux Advisories

security advisorygentoobuffer overflow

Gentoo: GLSA-202107-28 Normal Severity: GNU Chess Code Execution Risk

A buffer overflow in GNU Chess might allow arbitrary code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GNU Chess: Buffer overflow Date: July 12, 2021 Bugs: #780855 ID: 202107-28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A buffer overflow in GNU Chess might allow arbitrary code execution. Background ========= GNU Chess is a console based chess interfae. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 games-board/gnuchess < 6.2.8-r1 > = 6.2.8-r1 Description ========== The cmd_pgnload() and cmd_pgnreplay() functions in cmd.cc in GNU Chess to not sufficiently validate PGN file input, potentially resulting in a buffer overflow. Impact ===== A remote attacker could entice a user to open a specially crafted PGN file using GNU Chess, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All GNU Chess users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =games-board/gnuchess-6.2.8-r1" References ========= [ 1 ] CVE-2021-30184 https://nvd.nist.gov/vuln/detail/CVE-2021-30184 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202107-28 Concerns? ======== Security is a primaryfocus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Gentoo Linux recommends updating GNU Chess in light of a buffer overflow vulnerability that may enable malicious entities to execute arbitrary code.. GNU Chess, buffer overflow, Gentoo Security Advisory, code execution, software update. . LinuxSecurity.com Team

Jul 11, 2021 Gentoo