602658 – (CVE-2016-9956) <games-simulation/flightgear-2016.4.4: route manager is able to overwrite arbitrary files (CVE-2016-9956)

Bug 602658 (CVE-2016-9956) - <games-simulation/flightgear-2016.4.4: route manager is able to overwrite arbitrary files (CVE-2016-9956)

Summary: <games-simulation/flightgear-2016.4.4: route manager is able to overwrite arb...

Status:	RESOLVED FIXED

Alias:	CVE-2016-9956

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	http://seclists.org/oss-sec/2016/q4/674
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:	605386
Blocks:
	Show dependency tree

Reported:	2016-12-14 16:40 UTC by ingrix
Modified:	2017-01-14 14:10 UTC (History)
CC List:	2 users (show)

See Also:
Package list:	=games-simulation/flightgear-2016.4.4 =games-simulation/flightgear-data-2016.4.4 =dev-games/simgear-2016.4.4
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description ingrix 2016-12-14 16:40:30 UTC

The route manager in flightgear is able to overwrite arbitrary files that a user has write access to, which can lead to possible code execution.  A CVE has been requested for this issue but is not yet assigned.  This issue supposedly affects any version of flightgear released after 2009 and includes versions 3.4.0 and 2016.3.1 which are available in the gentoo repo.

An upstream patch is available at https://sourceforge.net/p/flightgear/flightgear/ci/280cd523686fbdb175d50417266d2487a8ce67d2/log/

More information is available via the debian bug report:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848114

Reproducible: Didn't try

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2017-01-09 00:43:18 UTC

@ Arches,

please test and mark stable:

=games-simulation/flightgear-2016.4.4
=games-simulation/flightgear-data-2016.4.4

Comment 2 Stabilization helper bot gentoo-dev

2017-01-10 05:48:06 UTC

An automated check of this bug failed - repoman reported dependency errors (49 lines truncated): 

> dependency.bad games-simulation/flightgear/flightgear-2016.4.4.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['~dev-games/simgear-2016.4.4']
> dependency.bad games-simulation/flightgear/flightgear-2016.4.4.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['~dev-games/simgear-2016.4.4']
> dependency.bad games-simulation/flightgear/flightgear-2016.4.4.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['~dev-games/simgear-2016.4.4']

Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev

2017-01-10 13:37:11 UTC

@ Arches,

please also stabilize required =dev-games/simgear-2016.4.4

Comment 4 Aaron Bauman (RETIRED) gentoo-dev

2017-01-11 13:34:17 UTC

Please re-CC arches when the dependent build failure is fixed.

Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev

2017-01-11 18:04:55 UTC

(In reply to Aaron Bauman from comment #4)
> Please re-CC arches when the dependent build failure is fixed.

@ Arches,

please try again.

Comment 6 Agostino Sarubbo gentoo-dev

2017-01-13 14:35:59 UTC

amd64 stable

Comment 7 Agostino Sarubbo gentoo-dev

2017-01-13 15:43:34 UTC

x86 stable.

Maintainer(s), please cleanup.
Security, please vote.

Comment 8 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev

2017-01-14 01:34:12 UTC

commit d57e2633cf40bec897c0baa75b9cb58225caa2f2
Author: Lars Wendler <polynomial-c@gentoo.org>
Date:   Sat Jan 14 02:32:57 2017

    dev-games/simgear: Security cleanup (bug #602658).

    Package-Manager: Portage-2.3.3, Repoman-2.3.1

commit ef2f2cb70285466776f4dd10718fb0851956c31c
Author: Lars Wendler <polynomial-c@gentoo.org>
Date:   Sat Jan 14 02:30:52 2017

    games-simulation/flightgear-data: Security cleanup (bug #602658).

    Package-Manager: Portage-2.3.3, Repoman-2.3.1

commit 8170f20931e723b17be2916cefbcccf71691706d
Author: Lars Wendler <polynomial-c@gentoo.org>
Date:   Sat Jan 14 02:29:44 2017

    games-simulation/flightgear: Security cleanup (bug #602658).

    Package-Manager: Portage-2.3.3, Repoman-2.3.1

Comment 9 Thomas Deutschmann (RETIRED) gentoo-dev

2017-01-14 14:10:49 UTC

GLSA Vote: No

Repository is clean, all done.