[SECURITY] [DLA 4035-1] flightgear security update

Wed, 29 Jan 2025 12:12:17 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4035-1                [email protected]
https://www.debian.org/lts/security/                 Dr. Tobias Quathamer
January 29, 2025                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : flightgear
Version        : 1:2020.3.6+dfsg-1+deb11u1
CVE ID         : CVE-2025-0781

A security vulnerability has been discovered in flightgear, a flight
simulator.

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily
write to any file path that the user has permission to modify at the
operating-system level.

For Debian 11 bullseye, this problem has been fixed in version
1:2020.3.6+dfsg-1+deb11u1.

We recommend that you upgrade your flightgear packages.

For the detailed security status of flightgear please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/flightgear

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE0cuPObxd7STF0seMEwLx8Dbr6xkFAmeaix0ACgkQEwLx8Dbr
6xkv8g/9FW4LphWQzEOlVy3blMGBh2vIog+zNHqGYSC39SnktxUWSpyvWqd1MzEG
9EcQdEZygfwQtwyH+ZdYtO3A9AEBkEt/IW3UI1aWtE7A9rrx6yDC/fIpC5zfInPQ
X4i0ghCNNewNNCnUDtZ9AV+x2iw3DGJ7B6jV4FLDwQp+PLJfh6wjDu/haL6fLOPv
FkruZwIpyhmA9rXoZlzeqMgzy6Hw7CDeD0UE5fAFMryt57RzYfr0z1qfM4H/ArFk
RbVVnX9VnI/m4QzTkNzUR+VF8FWohQ1fvTVkr4G7cVqblTf26+bT+AalF0m5D4TK
8goQp5ernQsZwk4OeFbjzKK3bo6MJEeDgQCrhtH2UOxAcoLpLrfXAASqPodL88ph
Hn4relkqMCm6f86LIIvu2U9czDzV2Xm9lfLN33cVL08+faC8rdZSSMVrZG5Sq75Y
f/VyNDkOve9A8MrkJs72Psoch72SzlGaJfn7fn5Mo1TtxLVzFdfeMuo4IfFx6lYX
Yb4Elmxy3G4aCyB5jemmjr52I1tnYJKvgyODjB5YoPWpv3u4AMOvc2042Cpa4wJG
R7QaD2i3nIIn0FqQjNKx+vXrkdEspSBQqwHABfSvmvg6z7OXAbRwDUR6U7UbHH9V
ocd/f6XXdKIpL/p4v27Zdupt72bIiPxWEG6EZyks9vZv0pfTEYM=
=vk3p
-----END PGP SIGNATURE-----

Reply via email to