[pkg-fgfs-crew] Bug#862689: flightgear: CVE-2017-8921
Salvatore Bonaccorso
carnil at debian.org
Mon May 15 20:05:59 UTC 2017
Source: flightgear
Version: 1:2016.4.4+dfsg-2
Severity: grave
Tags: upstream patch security
Control: found -1 3.0.0-5
Hi,
the following vulnerability was published for flightgear.
CVE-2017-8921[0]:
| In FlightGear before 2017.2.1, the FGCommand interface allows
| overwriting any file the user has write access to, but not with
| arbitrary data: only with the contents of a FlightGear flightplan
| (XML). A resource such as a malicious third-party aircraft could
| exploit this to damage files belonging to the user. Both this issue and
| CVE-2016-9956 are directory traversal vulnerabilities in
| Autopilot/route_mgr.cxx - this one exists because of an incomplete fix
| for CVE-2016-9956.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-8921
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8921
Regards,
Salvatore
More information about the pkg-fgfs-crew
mailing list