Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
198
security advisoryhigh severityarbitrary code executionArch Linux: 201807-15 High Severity Advisory for Wesnoth Code Execution
The package wesnoth before version 1.14.4-1 is vulnerable to arbitrary code execution. . Arch Linux Security Advisory ASA-201807-15 ========================================= Severity: High Date : 2018-07-25 CVE-ID : CVE-2018-1999023 Package : wesnoth Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-741 Summary ====== The package wesnoth before version 1.14.4-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 1.14.4-1. # pacman -Syu "wesnoth> =1.14.4-1" The problem has been fixed upstream in version 1.14.4. Workaround ========= None. Description ========== "The Battle for Wesnoth", which allows arbitrary code execution by exploiting a vulnerability within the Lua scripting language engine which allows escaping existing sandbox measures in place and executing untrusted bytecode Impact ===== A remote attacker is able to execute arbitrary code when a user downloads game content in a multiplayer game or via a player content distribution server. References ========= https://marc.info/?l=oss-security&m=153227302330837&w=2 https://www.openwall.com/lists/oss-security/2018/07/20/1 https://github.com/wesnoth/wesnoth/commit/d911268a783467842d38eae7ac1630f1fea41318 https://security.archlinux.org/CVE-2018-1999023 . Debian Security Advisory DSA-2023-45: Critical vulnerability in gimp exposes users to arbitrary code execution threats. Prompt update is essential!. arch linux,wesnoth,security advisory,arbitrary code execution. . LinuxSecurity.com Team
Jul 28, 2018
ArchLinux
89
security advisoryfedoraupdateFedora 21: FEDORA-2015-10973 Severe: Wesnoth Authentication Disclosure
Latest upstream. https://www.openwall.com/lists/oss-security/2015/06/25/2 https://www.openwall.com/lists/oss-security/2015/06/25/2. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-10973 2015-06-30 17:58:14 -------------------------------------------------------------------------------- Name : wesnoth Product : Fedora 21 Version : 1.12.4 Release : 1.fc21 URL : http://www.wesnoth.org Summary : Turn-based strategy game with a fantasy theme Description : The Battle for Wesnoth is a turn-based strategy game with a fantasy theme. Build up a great army, gradually turning raw recruits into hardened veterans. In later games, recall your toughest warriors and form a deadly host against whom none can stand. Choose units from a large pool of specialists, and hand-pick a force with the right strengths to fight well on different terrains against all manner of opposition. Fight to regain the throne of Wesnoth, of which you are the legitimate heir, or use your dread power over the Undead to dominate the land of mortals, or lead your glorious Orcish tribe to victory against the humans who dared despoil your lands. Wesnoth has many different sagas waiting to be played out. You can create your own custom units, and write your own scenarios--or even full-blown campaigns. You can also challenge your friends--or strangers--and fight multi-player epic fantasy battles. -------------------------------------------------------------------------------- Update Information: Latest upstream. https://www.openwall.com/lists/oss-security/2015/06/25/2 https://www.openwall.com/lists/oss-security/2015/06/25/2 -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 29 2015 Jon Ciesla - 1.12.4-1 - Upstream maintenance release. * Fri Jun 26 2015 Jon Ciesla - 1.12.2-3 - Patches for CVE-2015-5069 and CVE-2015-5070. * Fri Jun 19 2015 Fedora Release Engineering - 1.12.2-2 - Rebuilt forhttps://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Mon Apr 13 2015 Jon Ciesla - 1.12.2-1 - 1.12.2, security release. * Thu Mar 26 2015 Richard Hughes - 1.12.1-3 - Add an AppData file for the software center * Tue Jan 27 2015 Petr Machata - 1.12.1-2 - Rebuild for boost 1.57.0 * Mon Jan 26 2015 Jon Ciesla - 1.12.1-1 - 1.12.1, bugfix release. * Mon Nov 24 2014 Jon Ciesla - 1.12-1 - 1.12 final. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1236011 - CVE-2015-5070 CVE-2015-5069 wesnoth: authentication information disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1236011 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update wesnoth' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Jul 13, 2015
•Critical
Fedora
198
security advisoryinformation leakremote accessArch Linux: ASA-201507-1 Low: Wesnoth Information Leak Threat
The package wesnoth before version 1.12.4-1 is vulnerable to information leakage. . Arch Linux Security Advisory ASA-201507-1 ======================================== Severity: Low Date : 2015-07-03 CVE-ID : CVE-2015-5069 CVE-2015-5070 Package : wesnoth Type : information leakage Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package wesnoth before version 1.12.4-1 is vulnerable to information leakage. Resolution ========= Upgrade to 1.12.4-1. # pacman -Syu "wesnoth> =1.12.4-1" The problem has been fixed upstream in version 1.12.4 (an incomplete fix existed in version 1.12.3). Workaround ========= None. Description ========== Wesnoth implements a text preprocessing language that is used in conjunction with its own game scripting language. It also has a built-in Lua interpreter and API. Both the Lua API and the preprocessor make use of the same function (filesystem::get_wml_location()) to resolve file paths so that only content from the user's data directory can be read. However, the function did not explicitly disallow files with the .pbl extension. The contents of these files could thus be stored in saved game files or even transmitted directly to other users in a networked game. Among the information that's compromised is a user-defined passphrase used to authenticate uploads to the game's content server. CVE-2015-5069 and CVE-2015-5070 have been assigned to this vulnerability. Version 1.12.3 included a fix for CVE-2015-5069 only, remaining vulnerable to CVE-2015-5070. Versions 1.12.4 and 1.13.1 contain a more complete fix that addresses both. Impact ===== A remote attacker might be able to get access to sensitive information, including but not limited to a user-defined passphrase used to authenticate uploads to the game's contentserver. References ========= https://access.redhat.com/security/cve/CVE-2015-5069 https://access.redhat.com/security/cve/CVE-2015-5070 https://seclists.org/oss-sec/2015/q2/793 . Debian Security Advisory DSA-201805-1 discusses minor vulnerabilities related to network exposure in wireshark versions before 2.6.4.. Arch Linux,Wesnoth,Information Leak. . Severity: Low. LinuxSecurity.com Team
Jul 03, 2015
•Low
ArchLinux
89
security advisorysecurity updateinformation leakFedora 21: Fed-2015-6295 Critical Update: Wesnoth Info Leak
. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-6295 2015-04-18 05:40:24 -------------------------------------------------------------------------------- Name : wesnoth Product : Fedora 21 Version : 1.12.2 Release : 1.fc21 URL : http://www.wesnoth.org Summary : Turn-based strategy game with a fantasy theme Description : The Battle for Wesnoth is a turn-based strategy game with a fantasy theme. Build up a great army, gradually turning raw recruits into hardened veterans. In later games, recall your toughest warriors and form a deadly host against whom none can stand. Choose units from a large pool of specialists, and hand-pick a force with the right strengths to fight well on different terrains against all manner of opposition. Fight to regain the throne of Wesnoth, of which you are the legitimate heir, or use your dread power over the Undead to dominate the land of mortals, or lead your glorious Orcish tribe to victory against the humans who dared despoil your lands. Wesnoth has many different sagas waiting to be played out. You can create your own custom units, and write your own scenarios--or even full-blown campaigns. You can also challenge your friends--or strangers--and fight multi-player epic fantasy battles. -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 13 2015 Jon Ciesla - 1.12.2-1 - 1.12.2, security release. * Thu Mar 26 2015 Richard Hughes - 1.12.1-3 - Add an AppData file for the software center * Tue Jan 27 2015 Petr Machata - 1.12.1-2 - Rebuild for boost 1.57.0 * Mon Jan 26 2015 Jon Ciesla - 1.12.1-1 - 1.12.1, bugfix release. * Mon Nov 24 2014 Jon Ciesla - 1.12-1 - 1.12 final. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1211238 - CVE-2015-0844 wesnoth: informationleak via built-in WML/Lua API [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1211238 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update wesnoth' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Apr 26, 2015
•Critical
Fedora
89
security advisorymoderateinformation leakFedora 20 Advisory FEDORA-2015-6280 Moderate: Wesnoth Information Leak
. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-6280 2015-04-18 05:39:30 -------------------------------------------------------------------------------- Name : wesnoth Product : Fedora 20 Version : 1.12.2 Release : 1.fc20 URL : http://www.wesnoth.org Summary : Turn-based strategy game with a fantasy theme Description : The Battle for Wesnoth is a turn-based strategy game with a fantasy theme. Build up a great army, gradually turning raw recruits into hardened veterans. In later games, recall your toughest warriors and form a deadly host against whom none can stand. Choose units from a large pool of specialists, and hand-pick a force with the right strengths to fight well on different terrains against all manner of opposition. Fight to regain the throne of Wesnoth, of which you are the legitimate heir, or use your dread power over the Undead to dominate the land of mortals, or lead your glorious Orcish tribe to victory against the humans who dared despoil your lands. Wesnoth has many different sagas waiting to be played out. You can create your own custom units, and write your own scenarios--or even full-blown campaigns. You can also challenge your friends--or strangers--and fight multi-player epic fantasy battles. -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 13 2015 Jon Ciesla - 1.12.2-1 - 1.12.2, security release. * Thu Mar 26 2015 Richard Hughes - 1.12.1-3 - Add an AppData file for the software center * Tue Jan 27 2015 Petr Machata - 1.12.1-2 - Rebuild for boost 1.57.0 * Mon Jan 26 2015 Jon Ciesla - 1.12.1-1 - 1.12.1, bugfix release. * Mon Nov 24 2014 Jon Ciesla - 1.12-1 - 1.12 final. * Mon Nov 10 2014 Jon Ciesla - 1.11.19-1 - 1.12 RC3. * Mon Oct 27 2014 Jon Ciesla - 1.11.18-1 - 1.12 RC2. * Thu Oct 16 2014 Jon Ciesla -1.11.17-1 - 1.12 RC1. * Mon Aug 18 2014 Fedora Release Engineering - 1.11.16-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Mon Jul 14 2014 Jon Ciesla - 1.11.16-1 - 1.12 Beta 6. * Sun Jun 8 2014 Fedora Release Engineering - 1.11.15-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Tue May 27 2014 Jon Ciesla - 1.11.15-1 - 1.12 Beta 5. - Changelog fix. * Fri May 23 2014 Petr Machata - 1.11.13-3 - Rebuild for boost 1.55.0 * Fri May 23 2014 David Tardon - 1.11.13-2 - rebuild for boost 1.55.0 * Thu Apr 24 2014 Jon Ciesla - 1.11.13-1 - 1.12 Beta 4. * Wed Mar 26 2014 Jon Ciesla - 1.11.12-1 - 1.12 Beta 3. * Fri Mar 7 2014 Jon Ciesla - 1.11.11-1 - 1.12 Beta 2. * Tue Feb 25 2014 Jon Ciesla - 1.11.10-1 - 1.12 Beta 1. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1211238 - CVE-2015-0844 wesnoth: information leak via built-in WML/Lua API [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1211238 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update wesnoth' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Apr 26, 2015
Fedora
89
security advisoryinformation leakfedoraFedora 22: 2015-6108 Critical: wesnoth Information Leak
. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-6108 2015-04-14 21:06:25 -------------------------------------------------------------------------------- Name : wesnoth Product : Fedora 22 Version : 1.12.2 Release : 1.fc22 URL : http://www.wesnoth.org Summary : Turn-based strategy game with a fantasy theme Description : The Battle for Wesnoth is a turn-based strategy game with a fantasy theme. Build up a great army, gradually turning raw recruits into hardened veterans. In later games, recall your toughest warriors and form a deadly host against whom none can stand. Choose units from a large pool of specialists, and hand-pick a force with the right strengths to fight well on different terrains against all manner of opposition. Fight to regain the throne of Wesnoth, of which you are the legitimate heir, or use your dread power over the Undead to dominate the land of mortals, or lead your glorious Orcish tribe to victory against the humans who dared despoil your lands. Wesnoth has many different sagas waiting to be played out. You can create your own custom units, and write your own scenarios--or even full-blown campaigns. You can also challenge your friends--or strangers--and fight multi-player epic fantasy battles. -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1211238 - CVE-2015-0844 wesnoth: information leak via built-in WML/Lua API [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1211238 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update wesnoth' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More detailson the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Apr 21, 2015
•Critical
Fedora
87
security advisorymoderateupdateDebian 1.10 DSA-3218-1 Moderate: Wesnoth File Disclosure Risk
Ignacio R. Morelle discovered that missing path restrictions in the "Battle of Wesnoth" game could result in the disclosure of arbitrary files in the user's home directory if malicious campaigns/maps are loaded. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3218-1
Apr 10, 2015
Debian
87
security advisoryupdatecriticalDebian DSA-1737-1 Critical: Wesnoth Remote Code Execution Issues
Several security issues have been discovered in wesnoth, a fantasy turn-based strategy game. The Common Vulnerabilities and Exposures project identifies the following problems: . - ------------------------------------------------------------------------ Debian Security Advisory DSA-1737-1
Mar 12, 2009
•Critical
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!