Hide Forgot
NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files. Reference: https://github.com/NetHack/NetHack/security/advisories/GHSA-3cm7-rgh5-9pq5 Upstream commits: https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47 https://github.com/NetHack/NetHack/commit/f4a840a48f4bcf11757b3d859e9d53cc9d5ef226
Created nethack tracking bugs for this issue: Affects: epel-8 [bug 1789080] Affects: fedora-all [bug 1789079]
Way ahead of you; Nethack 3.6.4 is already available everywhere: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-2a808715f1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-79b80b66d9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-1090bd0af2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-b0a5f3ab5d Is there something more that needs to be done, or can all these tickets be closed?
In reply to comment #2: > Way ahead of you; Nethack 3.6.4 is already available everywhere: > > https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-2a808715f1 > https://bodhi.fedoraproject.org/updates/FEDORA-2019-79b80b66d9 > https://bodhi.fedoraproject.org/updates/FEDORA-2019-1090bd0af2 > https://bodhi.fedoraproject.org/updates/FEDORA-2019-b0a5f3ab5d > > Is there something more that needs to be done, or can all these tickets be > closed? Thank you for letting me know that! The tickets can be closed.