Bug 811617 (CVE-2012-2090) - CVE-2012-2090 SimGear, FlightGear: Multiple format string flaws
Summary: CVE-2012-2090 SimGear, FlightGear: Multiple format string flaws
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-2090
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20120309,reported=2...
Depends On: 811634 811636
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-04-11 14:34 UTC by Jan Lieskovsky
Modified: 2019-06-08 19:06 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-05-16 15:07:39 UTC


Attachments (Terms of Use)

Description Jan Lieskovsky 2012-04-11 14:34:26 UTC
Multiple format string flaws were reported:
[1] http://sourceforge.net/mailarchive/message.php?msg_id=28957051

in the way Flight Gear, the flight simulator, and SimGear, a simulation library components performed retrieval of various data chunk values from XML aircraft (FlightGear) or scene graph (SimGear) model data files. A remote attacker could provide a specially-crafted XML model file, which once opened by a local, unsuspecting user in FlightGear / in an application linked against SimGear, would lead to that particular executable crash.

CVE Request:
[2] http://www.openwall.com/lists/oss-security/2012/04/10/9

CVE Assignment:
[3] http://www.openwall.com/lists/oss-security/2012/04/10/13

Upstream patch:
None as of right now.

Comment 1 Jan Lieskovsky 2012-04-11 15:13:30 UTC
Created FlightGear tracking bugs for this issue

Affects: fedora-all [bug 811634]

Comment 2 Jan Lieskovsky 2012-04-11 15:20:23 UTC
Created SimGear tracking bugs for this issue

Affects: fedora-all [bug 811636]

Comment 3 Fedora Update System 2012-06-08 23:56:50 UTC
FlightGear-2.4.0-2.fc16, SimGear-2.4.0-4.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 4 Fedora Update System 2012-06-08 23:58:18 UTC
FlightGear-2.6.0-2.fc17, SimGear-2.6.0-2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 5 Fedora Update System 2012-06-09 00:01:33 UTC
FlightGear-2.0.0-6.fc15, SimGear-2.0.0-6.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.