Mandriva Linux Security Advisory : freeciv (MDVSA-2010:205)
Critical Nessus Plugin ID 50008
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability was discovered and corrected in freeciv :
freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions (CVE-2010-2445).
The updated packages have been upgraded to v2.2.1 which is not vulnerable to this issue.
SolutionUpdate the affected freeciv-client, freeciv-data and / or freeciv-server packages.