Security update for gnuchess
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2016:2888-1
Final
1
1
2016-11-23T10:06:04Z
current
2016-11-23T10:06:04Z
2016-11-23T10:06:04Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for gnuchess
This update for gnuchess fixes a security issue:
- CVE-2015-8972: specially crafted user input may have caused gnuchess to
crash (boo#1010143)
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://lists.opensuse.org/opensuse-updates/2016-11/msg00105.html
E-Mail link for openSUSE-SU-2016:2888-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
openSUSE Leap 42.1
openSUSE Leap 42.2
gnuchess-6.2.1-5.1
gnuchess-6.2.1-5.1 as a component of openSUSE Leap 42.1
gnuchess-6.2.1-5.1 as a component of openSUSE Leap 42.2
Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode.
CVE-2015-8972
openSUSE Leap 42.1:gnuchess-6.2.1-5.1
openSUSE Leap 42.2:gnuchess-6.2.1-5.1
low
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2016-11/msg00105.html
https://www.suse.com/security/cve/CVE-2015-8972.html
CVE-2015-8972
https://bugzilla.suse.com/1010143
SUSE Bug 1010143