Summary: | <games-simulation/openttd-1.2.0 Denial of Service (CVE-2012-{0048,0049}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sean Amoss (RETIRED) <ackle> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | games |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2012/01/07/2 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 412329 | ||
Bug Blocks: |
Description
Sean Amoss (RETIRED)
2012-01-08 16:07:46 UTC
@games: This is fixed in 1.1.5 released last month. Please provide an updated ebuild. Hi, I tested in https://bugs.gentoo.org/show_bug.cgi?id=396185 and only version bump of the ebuild and one patch file is needed. I also made a ebuild for 1.2_RC1 1.2.0 added to main tree now by me. @security: Do your magic lads :) Thanks, Tomáš. Arches, please test and mark stable: =games-simulation/openttd-1.2.0 Target KEYWORDS="amd64 ppc x86" amd64 stable Adding opengfx to the list as it seems that with the old one it likes to crash. =games-util/nml-0.2.3 =games-misc/opengfx-0.4.4 =games-simulation/openttd-1.2.0 Adding back amd64 as I had to prune the stabling due to breaking depgraph. x86 stable, thanks amd64 stable arm passes drop to ~ppc; ppc64 passes Thanks, folks. GLSA Vote: no. GLSA vote: no. CVE-2012-0048 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0048): OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial of service (game pause) by connecting to the server and not finishing the (1) authorization phase or (2) map download, aka a "slow read" attack. |