[SECURITY] [DLA 4035-1] flightgear security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4035-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Dr. Tobias Quathamer
January 29, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : flightgear
Version : 1:2020.3.6+dfsg-1+deb11u1
CVE ID : CVE-2025-0781
A security vulnerability has been discovered in flightgear, a flight
simulator.
An attacker can bypass the sandboxing of Nasal scripts and arbitrarily
write to any file path that the user has permission to modify at the
operating-system level.
For Debian 11 bullseye, this problem has been fixed in version
1:2020.3.6+dfsg-1+deb11u1.
We recommend that you upgrade your flightgear packages.
For the detailed security status of flightgear please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/flightgear
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE0cuPObxd7STF0seMEwLx8Dbr6xkFAmeaix0ACgkQEwLx8Dbr
6xkv8g/9FW4LphWQzEOlVy3blMGBh2vIog+zNHqGYSC39SnktxUWSpyvWqd1MzEG
9EcQdEZygfwQtwyH+ZdYtO3A9AEBkEt/IW3UI1aWtE7A9rrx6yDC/fIpC5zfInPQ
X4i0ghCNNewNNCnUDtZ9AV+x2iw3DGJ7B6jV4FLDwQp+PLJfh6wjDu/haL6fLOPv
FkruZwIpyhmA9rXoZlzeqMgzy6Hw7CDeD0UE5fAFMryt57RzYfr0z1qfM4H/ArFk
RbVVnX9VnI/m4QzTkNzUR+VF8FWohQ1fvTVkr4G7cVqblTf26+bT+AalF0m5D4TK
8goQp5ernQsZwk4OeFbjzKK3bo6MJEeDgQCrhtH2UOxAcoLpLrfXAASqPodL88ph
Hn4relkqMCm6f86LIIvu2U9czDzV2Xm9lfLN33cVL08+faC8rdZSSMVrZG5Sq75Y
f/VyNDkOve9A8MrkJs72Psoch72SzlGaJfn7fn5Mo1TtxLVzFdfeMuo4IfFx6lYX
Yb4Elmxy3G4aCyB5jemmjr52I1tnYJKvgyODjB5YoPWpv3u4AMOvc2042Cpa4wJG
R7QaD2i3nIIn0FqQjNKx+vXrkdEspSBQqwHABfSvmvg6z7OXAbRwDUR6U7UbHH9V
ocd/f6XXdKIpL/p4v27Zdupt72bIiPxWEG6EZyks9vZv0pfTEYM=
=vk3p
-----END PGP SIGNATURE-----
Reply to: