MGASA-2019-0205

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0205.html

Import Source

https://advisories.mageia.org/MGASA-2019-0205.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2019-0205

Related

Published

2019-07-10T10:44:10Z

Modified

2019-07-10T10:03:19Z

Summary

Updated dosbox package fixes security vulnerabilities

Details

Dosbox 0.74-3 is a security release: * Fixed that a very long line inside a bat file would overflow the parsing buffer. (CVE-2019-7165 by Alexandre Bartel) * Added a basic permission system so that a program running inside DOSBox can't access the contents of /proc (e.g. /proc/self/mem) when / or /proc were (to be) mounted. (CVE-2019-12594 by Alexandre Bartel)

It also brings several other fixes for out of bounds access and buffer overflows, and some fixes to the OpenGL rendering.

The game compatibility should be identical to 0.74 and 0.74-2. It is recommended to use config -securemode when dealing with untrusted files.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / dosbox

Package

Name: dosbox
Purl: pkg:rpm/mageia/dosbox?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.74.3-1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / dosbox

Package

Name: dosbox
Purl: pkg:rpm/mageia/dosbox?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.74.3-1.mga6

Ecosystem specific

{
    "section": "core"
}