Package: flightgear Version: 3.0.0-1 Severity: grave Tags: security Upstream has reported two related security issues in how FlightGear restricts what files Nasal (its built-in scripting language for aircraft) can access.
This bug is tracking the portion related to the flightgear source package: -fgValidatePath uses a property listener to do the checking, and while io.nas blocks direct removal of that listener, this can be bypassed by deleting the entire property node. Effect: Can read or write any file as the user (= arbitrary code execution). Fix: flightgear 6a30e7086ea2f1a060dd77dab6e7e8a15b43e82d Regards Markus Wanner
signature.asc
Description: OpenPGP digital signature
