-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4034-1 [email protected] https://www.debian.org/lts/security/ Dr. Tobias Quathamer January 29, 2025 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : simgear Version : 1:2020.3.6+dfsg-1+deb11u1 CVE ID : CVE-2025-0781 A security vulnerability has been discovered in simgear, a collection of libraries for constructing simulation and visualization applications such as FlightGear. An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level. For Debian 11 bullseye, this problem has been fixed in version 1:2020.3.6+dfsg-1+deb11u1. We recommend that you upgrade your simgear packages. For the detailed security status of simgear please refer to its security tracker page at: https://security-tracker.debian.org/tracker/simgear Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE0cuPObxd7STF0seMEwLx8Dbr6xkFAmeaWlYACgkQEwLx8Dbr 6xlICQ/8CW50cL8X0YrOU2bMzPiaIoVNpUMtfqRRZbn15xwNnsUuzbqg/I4VmWJy 6WbREVnL36l6kDLjkFkJeQqmF9314mTMMIDls62EluJFni7qkf9idrAmqGQdIq3P qNZ4ZazOtARrEfhuKRwWcQOMemy9sntDIf74LOwSMJoUyvaVr7yMdA3Fm5owtlun 8ykjDeMGyBzFJYadpgF1gTQehHFDVuZAbQr9IckNHk94du3PjfOftneIls5ISXgk MLx/K3fZwjx1tyDnrMEOzE3MtW3UBQP4zQTXCGcLWbc7+TxJBalTZzsX69yxn4/n 27JtDq59KN6GqRGWyIq+DgYYYVOHLz92vL9eik5T33jq4Uny3yfOHPdlQZlA5+i8 rbe9oAbV3rmG9/rtAgAaoCj6g83mdI5w7CZatihr66jqEAbtxkKm5DkGn2TXGs+d cJKNv9Wb3P6FMZm8snudX3koCWlkKiRDjrU75CUNKan3QTXC5AtBP7sss23VhJK7 KaCwFqu4SGB310gcC1/bNH3cUK3MbC9av+E7TjOheHGOJsfedBjkThkYgdgJxveQ WWucEnsCGhDzeWOKw28bpMBshoExSbRVtPOa22HpIfwUwnqI958liABhPolcIil5 yQ0oRXy3E0iS5/d3Y2GysO6x/xptB/+trC+CRJgjHq7LWj3JE/I= =KGHv -----END PGP SIGNATURE-----
