Debian Security Advisory
DSA-5075-1 minetest -- security update
- Date Reported:
- 14 Feb 2022
- Affected Packages:
- minetest
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 1004223.
In Mitre's CVE dictionary: CVE-2022-24300, CVE-2022-24301. - More information:
-
Several vulnerabilities have been discovered in Minetest, a sandbox video game and game creation system. These issues may allow attackers to manipulate game mods and grant them an unfair advantage over other players. These flaws could also be abused for a denial of service attack against a Minetest server or if user input is passed directly to minetest.deserialize without serializing it first, then a malicious user could run Lua code in the server environment.
For the oldstable distribution (buster), these problems have been fixed in version 0.4.17.1+repack-1+deb10u1.
For the stable distribution (bullseye), these problems have been fixed in version 5.3.0+repack-2.1+deb11u1.
We recommend that you upgrade your minetest packages.
For the detailed security status of minetest please refer to its security tracker page at: https://security-tracker.debian.org/tracker/minetest