Mandriva Update For Freeciv MDVSA-2010:205 (freeciv) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability was discovered and corrected in freeciv: freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions (CVE-2010-2445). The updated packages have been upgraded to v2.2.1 which is not vulnerable to this issue.

Affected

freeciv on Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64

Severity

Classification

CVE CVE-2010-2445
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:036 (python)
Mandrake Security Advisory MDVSA-2009:076 (avahi)
Mandrake Security Advisory MDVSA-2009:169 (libtiff)
Mandrake Security Advisory MDVSA-2009:060-1 (nfs-utils)
Mandrake Security Advisory MDVSA-2009:097 (clamav)

Mandriva Update for freeciv MDVSA-2010:205 (freeciv)

Take action and discover your vulnerabilities