Mageia 8: 2023-0005 Moderate: Minetest Lua Exploit Threat
mageia
January 13, 2023
This update provides minetest 5.6.1, the latest stable release of the open source voxel game
Summary
This update provides minetest 5.6.1, the latest stable release of the open
source voxel game. This updates provides a number of feature and bug fix
changes compared to the previous version 5.4.0 provided in Mageia 8. See
the linked release notes and changelogs for details.
The update also improves compatibility with hosted game servers, which
typically run and expect the latest stable release.
The update also fixes a security vulnerability affecting single player
with malicious mods (GHSA-663q-pcjw-27cc)
In single player, a mod could set a global setting that controls the Lua
script loaded to display the main menu. The script would be loaded as soon
as the game session is exited. The Lua environment the menu runs in was
not sandboxed and could directly interfere with the user's system.
(CVE-2022-35978)
References
- https://bugs.mageia.org/show_bug.cgi?id=31363
- https://blog.luanti.org/2022/08/04/5.6.0-released/
- https://docs.luanti.org/Changelog/
- https://docs.luanti.org/Changelog/
- https://docs.luanti.org/Changelog/
- https://github.com/luanti-org/luanti/security/advisories/GHSA-663q-pcjw-27cc
- https://www.cve.org/CVERecord?id=CVE-2022-35978
Topics Covered
Resolution
SRPMS
- 8/core/minetest-5.6.1-1.mga8
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 13 Jan 2023
URL: https://advisories.mageia.org/MGASA-2023-0005.html
Type: security
CVE: CVE-2022-35978
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!