ArchLinux: 201807-15: wesnoth: arbitrary code execution
Summary
"The Battle for Wesnoth", which allows arbitrary code execution by exploiting a vulnerability within the Lua scripting language engine which allows escaping existing sandbox measures in place and executing untrusted bytecode
Resolution
Upgrade to 1.14.4-1.
# pacman -Syu "wesnoth>=1.14.4-1"
The problem has been fixed upstream in version 1.14.4.
References
https://marc.info/?l=oss-security&m=153227302330837&w=2 https://www.openwall.com/lists/oss-security/2018/07/20/1 https://github.com/wesnoth/wesnoth/commit/d911268a783467842d38eae7ac1630f1fea41318 https://security.archlinux.org/CVE-2018-1999023
Workaround
None.