Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2445 to the following vulnerability: Name: CVE-2010-2445 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2445 Assigned: 20100624 Reference: MLIST:[oss-security] 20100610 CVE requests: maradns, freeciv, rbot, gitolite, gource, shib, kvirc Reference: URL: http://www.openwall.com/lists/oss-security/2010/06/09/4 Reference: MLIST:[oss-security] 20100624 Re: CVE requests: maradns, freeciv, rbot, gitolite, gource, shib, kvirc Reference: URL: http://www.openwall.com/lists/oss-security/2010/06/24/5 Reference: CONFIRM: http://gna.org/bugs/?15624 Reference: OSVDB:65192 Reference: URL: http://www.osvdb.org/65192 freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions. Freeciv in Fedora is currently vulnerable (2.2.0) whereas upstream 2.2.1 corrects the issues.
Created freeciv tracking bugs for this issue Affects: fedora-all [bug 612297]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.