From $URL: <-- When a client disconnects, without sending the "quit" or "client error" message, the server has a chance of reading and writing a just freed piece of memory. The chance depends on when the disconnect is noticed, whether OpenTTD can write to the socket, and whether there are packets from the client waiting to be processed. The writing can only happen while the server is sending the map. For clients there is a chance that, upon reconnect after being disconnected during the join process, a just freed piece of memory is read. Depending on what happens directly after freeing the memory there is a chance that a segmentation fault, and thus a denial of service will occur. The attached patch does not change network compatability at all. <-- Upstream indicates this is fixed in 1.0.5.
Created attachment 254707 [details, diff] patch from http://security.openttd.org/en/patch/28.patch (In reply to comment #0) > The attached patch does not change network compatability at all.
=games-simulation/openttd-1.0.5 was added to the tree thanks to bug 346229. Mr_bones_, or the games herd, if you don't mind removing this from package.mask, we will call for stabilization. # Michael Sterrett <mr_bones_@gentoo.org> (17 Nov 2010) # Security mask for bug #345691 games-simulation/openttd Thank you.
The version is now unmasked. CC arches as see fit.
Maybe stabilize 1.0.5?
Thanks, folks. Arches, please test and mark stable: =games-simulation/openttd-1.0.5 Target keywords : "amd64 ppc ppc64 x86"
x86 stable
ppc done
ppc64 done
AMD64 done
amd64 done. Thanks Blain
GLSA Vote: yes.
Vote: NO (it's just a game, and only DOS).
DoS in a game is hardly a security issue so GLSA Vote: no -> Closing. Feel free to reopen if you disagree.