It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Community
General discussionGOG Galaxy Magellan Bug Vulnerability(8 posts)(8 posts)
(8 posts)
Pages:
1
This is my favourite topic
Posted December 19, 2018
Has GOG Galaxy been patched yet to get rid of old versions of SQLite in its installation, and eradicate this vulnerability ?

https://www.slashgear.com/sqlite-magellan-bug-affects-chrome-based-browsers-thousands-of-apps-16558106/



Directory of C:\Program Files (x86)\GOG Galaxy

13/12/2018 15:08 681,032 sqlite.dll
1 File(s) 681,032 bytes

Directory of C:\ProgramData\GOG.com\Galaxy\redists

13/12/2018 15:07 681,032 sqlite.dll
1 File(s) 681,032 bytes

Directory of C:\ProgramData\GOG.com\Galaxy\temp\desktop-galaxy-updater

13/12/2018 15:07 681,032 sqlite.dll
1 File(s) 681,032 bytes

Directory of C:\Users\All Users\GOG.com\Galaxy\redists

13/12/2018 15:07 681,032 sqlite.dll
1 File(s) 681,032 bytes

Directory of C:\Users\All Users\GOG.com\Galaxy\temp\desktop-galaxy-updater

13/12/2018 15:07 681,032 sqlite.dll
1 File(s) 681,032 bytes
Posted December 19, 2018
How should we know? We're not devs and file sizes won't tell us jack squat.
Posted December 19, 2018
Does Galaxy even allow you to visit other websites aside from gog.com ? If not, how is a potential attacker supposed to exploit this bug?
Posted December 19, 2018
avatar
immi101: Does Galaxy even allow you to visit other websites aside from gog.com ? If not, how is a potential attacker supposed to exploit this bug?
I don't think so, but even if it can only load GOG.com, it may still be dangerous. I seem to remember that there was an issue with script injections in the community wishlist and given how laissez-faire GOG has been with the website, I don't find it a very remote possibility that another such bug would exist somewhere on the ‮:etis
Post edited December 19, 2018 by Lillesort131
Posted December 20, 2018
avatar
Darvond: How should we know? We're not devs and file sizes won't tell us jack squat.
I have also submitted a support request, pointing the devs here at this topic if they wish to assure everyone publicly that they know about it and any measures being / needing done.

I think its a question needs answered and preferably for all of us publicly, not just to satisfy my own private question to GOG support.

And its not like the information is not public already, just google SQLite Magellan
Post edited December 20, 2018 by alt3rn1ty
Posted December 20, 2018
avatar
alt3rn1ty: I have also submitted a support request, pointing the devs here at this topic if they wish to assure everyone publicly that they know about it and any measures being / needing done.

I think its a question needs answered and preferably for all of us publicly, not just to satisfy my own private question to GOG support.
Well, more informative would be the SHA fingerprints.
Posted December 23, 2018
Hello everyone,

I would like to let you know that, we are aware of this problem and I can ensure you we are actively working to patch it as soon as possible.
Unfortunately I'm not able to provide any ETA at this moment.
Posted December 23, 2018
avatar
Cwaniak: Hello everyone,

I would like to let you know that, we are aware of this problem and I can ensure you we are actively working to patch it as soon as possible.
Unfortunately I'm not able to provide any ETA at this moment.
Thank you Cwaniak, I am happy for the support ticket to be closed now the developers are on it (I forgot to tick the little box which says close the issue).

Happy holidays.
Pages:
1
This is my favourite topic
Community
General discussionGOG Galaxy Magellan Bug Vulnerability(8 posts)(8 posts)
(8 posts)