Copied from adivsory: The network code doesn't verify the correctness of the 16 bit number containing the size of the entire data block received from the network. If an attacker sends the number 0x0000 (the minimum should be 0x0002) the game enters in an endless loop and nobody can play. PoC: http://aluigi.altervista.org/poc/panzone.zip Fix in SVN: http://developer.berlios.de/svn/?group_id=1250
Games herd, please provide a patched ebuild. thanks.
Created attachment 63354 [details, diff] netpanzer-0.8-min-size-check.patch upstream svn rewrote the network code completely and it's incompatible with the 0.8 release :/ going by the useful technical info in the advisory, ive created a small fix against 0.8 which seems to fix the issue ... that is, i was able to make netpanzer eat up 100% cpu w/out the patch but not w/the patch
so 0.8-r1 is now in portage and amd64/x86 stable (which are the only arches which had a stable version < 0.8-r1)
This one is ready for GLSA decision. I vote NO.
I'm voting no, too. Closing bug, reopen if my vote doesn't count since i'm only on probation.
