Stay Secure with the Latest Linux Advisories

security advisorycritical issuefedora

Fedora 28: ScummVM Critical Command Injection Fix FEDORA-2019-a374e7ff1d

Update to 2.0.0 release. * Fixes CVE-2017-17528.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-d275e6ff0c 2018-05-05 22:24:26.609481 --------------------------------------------------------------------------------Name : scummvm Product : Fedora 27 Version : 2.0.0 Release : 1.fc27 URL : https://www.scummvm.org/ Summary : Interpreter for several adventure games Description : ScummVM is a program which allows you to run certain classic graphical point-and-click adventure games, provided you already have their data files. ScummVM supports many adventure games, including LucasArts SCUMM games (such as Monkey Island 1-3, Day of the Tentacle, Sam & Max, ...), many of Sierra's AGI and SCI games (such as King's Quest 1-6, Space Quest 1-5, ...), Discworld 1 and 2, Simon the Sorcerer 1 and 2, Beneath A Steel Sky, Lure of the Temptress, Broken Sword 1 and 2, Flight of the Amazon Queen, Gobliiins 1-3, The Legend of Kyrandia 1-3, many of Humongous Entertainment's children's SCUMM games (including Freddi Fish and Putt Putt games) and many more. The complete list can be found on ScummVM's compatibility page: https://www.scummvm.org/compatibility/2.0.0/ --------------------------------------------------------------------------------Update Information: Update to 2.0.0 release. * Fixes CVE-2017-17528. --------------------------------------------------------------------------------ChangeLog: * Sun Apr 8 2018 Christian Krause - 2.0.0-1 - update to latest upstream (BZ 1536755) - add upstream patch for CVE-2017-17528 (and one follow-up patch, BZ 1528426, BZ 1528425) - turn off virtual keyboard (the keyboard pack files are not installed and scummvm doesn't have a global search path for them on platform sdl/posix) --------------------------------------------------------------------------------References: [ 1 ] Bug #1528425 - CVE-2017-17528 scummvm: Command injection inbackends/platform/sdl/posix/posix.cpp https://bugzilla.redhat.com/show_bug.cgi?id=1528425 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-d275e6ff0c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . Fedora 28 introduces a critical ScummVM update addressing command injection risks and enhancing application security.. ScummVM Update, Fedora Security, Command Injection Fix. . Severity: Critical. LinuxSecurity.com Team

May 05, 2018 •Critical Fedora