Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/glsa-201603-12.xml
blob: 4607a655d5b3a1d6a8142b231800bf82996fa5df (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201603-12">
  <title>FlightGear, SimGear: Multiple vulnerabilities</title>
  <synopsis>Multiple vulnerabilities have been found in FlightGear and SimGear
    allowing remote attackers to cause Denial of Service and possibly execute
    arbitrary code.
  </synopsis>
  <product type="ebuild">flightgear, simgear</product>
  <announced>2016-03-12</announced>
  <revised count="1">2016-03-12</revised>
  <bug>426502</bug>
  <bug>468106</bug>
  <access>remote</access>
  <affected>
    <package name="games-simulation/flightgear" auto="yes" arch="*">
      <unaffected range="ge">3.4.0</unaffected>
      <vulnerable range="lt">3.4.0</vulnerable>
    </package>
    <package name="games-simulation/simgear" auto="yes" arch="*">
      <unaffected range="ge">3.4.0</unaffected>
      <vulnerable range="lt">3.4.0</vulnerable>
    </package>
  </affected>
  <background>
    <p>FlightGear is an open-source flight simulator.  It supports a variety of
      popular platforms (Windows, Mac, Linux, etc.) and is developed by skilled
      volunteers from around the world.  Source code for the entire project is
      available and licensed under the GNU General Public License.
    </p>
    
    <p>SimGear is a set of open-source libraries designed to be used as
      building blocks for quickly assembling 3d simulations, games, and
      visualization applications.
    </p>
  </background>
  <description>
    <p>Multiple format string vulnerabilities in FlightGear and SimGear allow
      user-assisted remote attackers to cause a denial of service and possibly
      execute arbitrary code via format string specifiers in certain data chunk
      values in an aircraft xml model.
    </p>
  </description>
  <impact type="normal">
    <p>Remote attackers could possibly execute arbitrary code or cause Denial
      of Service.
    </p>
  </impact>
  <workaround>
    <p>There is no known workaround at this time.</p>
  </workaround>
  <resolution>
    <p>All Flightgear users should upgrade to the latest version:</p>
    
    <code>
      # emerge --sync
      # emerge --ask --oneshot --verbose
      "&gt;=games-simulation/flightgear-3.4.0"
    </code>
    
    <p>All Simgear users should upgrade to the latest version:</p>
    
    <code>
      # emerge --sync
      # emerge --ask --oneshot --verbose "&gt;=games-simulation/simgear-3.4.0"
    </code>
    
  </resolution>
  <references>
    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2090">CVE-2012-2090</uri>
    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2091">CVE-2012-2091</uri>
  </references>
  <metadata tag="requester" timestamp="2015-05-16T06:03:32Z">
    pinkbyte
  </metadata>
  <metadata tag="submitter" timestamp="2016-03-12T23:11:04Z">b-man</metadata>
</glsa>