MGASA-2018-0278

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0278.html

Import Source

https://advisories.mageia.org/MGASA-2018-0278.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2018-0278

Upstream

CVE-2017-17528

Published

2018-06-14T18:14:36Z

Modified

2026-04-16T06:26:08.294939855Z

Summary

Updated scummvm packages fix security vulnerability

Details

Updated scummvm package fixes security vulnerability

ScummVM 1.8.1's POSIX backend does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL (CVE-2017-17528).

This update fixes it, and updates ScummVM to the latest 2.0.0 upstream release, adding support for 23 new games, and several bug fixes.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / scummvm

Package

Name: scummvm
Purl: pkg:rpm/mageia/scummvm?arch=source&distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.0-1.mga6

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2018-0278.json"