openSUSE-SU-2023:0001-1: important: Security update for minetest
openSUSE Security Update: Security update for minetest
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0001-1
Rating: important
References: #1181400 #1193141 #1202423
Cross-References: CVE-2022-35978
CVSS scores:
CVE-2022-35978 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP3
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that solves one vulnerability and has two fixes
is now available.
Description:
This update for minetest fixes the following issues:
Update to version 5.6.0
* Fix CVE-2022-35978 ( boo#1202423 ): Mod scripts can escape sandbox in
single player mode
* `name` in game.conf is deprecated for the game title, use `title`
instead
* Add depth sorting for node faces
* Various bug fixes
* Full changes: https://dev.minetest.net/Changelog#5.5.0_.E2.86.92_5.6.0
- Introduced mbranch-protection=none CXX flag to resolve boo#1193141
(aarch64).
Update to version 5.5.0 & 5.5.1:
* Full log for version 5.5.0:
https://dev.minetest.net/Changelog#5.4.0_.E2.86.92_5.5.0
* This release switches from Irrlicht to our own fork called IrrlichtMt.
* Full log for version 5.5.1:
https://dev.minetest.net/Changelog#5.5.0_.E2.86.92_5.5.1
* This is a maintenance release based on 5.5.0, it contains bugfixes but
no new features.
- Added hardening to systemd service(s) (boo#1181400).
- Update to version 5.4.1:
* This is a maintenance release based on 5.4.0, it contains bugfixes but
no new features.
- Update to version 5.4.0
* Full log: https://dev.minetest.net/Changelog#5.3.0_.E2.86.92_5.4.0
* Removed support for bumpmapping, generated normal maps and parallax
occlusion
* By default, the crosshair will now change to an "X" when pointing to
objects
* Prevent players accessing inventories of other players
* Prevent interacting with items out of the hotbar
* Prevent players from being able to modify ItemStack meta
- Update to version 5.3.0. (see
https://dev.minetest.net/Changelog#5.2.0_.E2.86.92_5.3.0)
* Formspec improvements, including a scrolling GUI element
* Performance improvements to the Server and API
* Many bug fixes and small features
- Now requires desktop-file-utils version >= 0.25.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2023-1=1
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2023-1=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 ppc64le s390x x86_64):
minetest-5.6.0-bp154.2.3.5
minetest-debuginfo-5.6.0-bp154.2.3.5
minetest-debugsource-5.6.0-bp154.2.3.5
minetestserver-5.6.0-bp154.2.3.5
minetestserver-debuginfo-5.6.0-bp154.2.3.5
- openSUSE Backports SLE-15-SP4 (noarch):
minetest-data-5.6.0-bp154.2.3.5
minetest-lang-5.6.0-bp154.2.3.5
- openSUSE Backports SLE-15-SP3 (aarch64 ppc64le s390x x86_64):
minetest-5.6.0-bp153.2.3.1
minetestserver-5.6.0-bp153.2.3.1
- openSUSE Backports SLE-15-SP3 (noarch):
minetest-data-5.6.0-bp153.2.3.1
minetest-lang-5.6.0-bp153.2.3.1
References:
https://www.suse.com/security/cve/CVE-2022-35978.html
https://bugzilla.suse.com/1181400
https://bugzilla.suse.com/1193141
https://bugzilla.suse.com/1202423
A minetest security update has been released for SUSE Linux Enterprise 15 SP3 and SP4.