Bug 17439

Summary: Security and bugfix update for Armagetron Advanced
Product: Mageia Reporter: Rémi Verschelde <rverschelde>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: lists.jjorge, sysadmin-bugs, tarazed25
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/671466/
Whiteboard: MGA5-64-OK MGA5-32-OK advisory
Source RPM: armagetron-0.2.8.3.2-7.mga6 CVE:
Status comment:

Description Rémi Verschelde 2016-01-03 17:54:10 CET 
Looks like we missed a security and bugfix update for armagetron back in February 2015: http://armagetronad.org/index.php

I'll push it to cauldron and then mga5.

Reproducible: 

Steps to Reproduce:
Rémi Verschelde 2016-01-03 17:54:24 CET

Whiteboard: (none) => MGA5TOO
CC: (none) => lists.jjorge

Comment 1 Rémi Verschelde 2016-01-03 18:02:24 CET 
Package pushed to cauldron and Mageia 5 core/updates_testing.

Advisory:
=========

Updated armagetron package fixes security vulnerabilities

  A practically exploitable bug was fixed in the network error handling.
  In client mode, any received packet that causes an exception during
  processing would terminate the connection to the server.

  Another theoretically exploitable bug was fixed that allowed very short UDP
  packets to cause a memory reading beyond the input buffer.

  Several non-exploitable crash bugs and one pathological camera behavior
  were also fixed.

References:
 - http://sourceforge.net/projects/armagetronad/files/stable/0.2.8.3.3/releasenotes.txt/download

RPM:
====
armagetron-0.2.8.3.3-1.mga5

SRPM:
=====
 - armagetron-0.2.8.3.3-1.mga5

Hardware: i586 => All
Assignee: rverschelde => qa-bugs
Version: Cauldron => 5
Whiteboard: MGA5TOO => (none)

Comment 2 Len Lawrence 2016-01-03 23:35:58 CET 
mga5  x86_64  Mate

Installed the game and launched it from the command line to see what it was about.  I still have no idea but there were a lot of settings and activity on the screen.

Updated it from Core Updates Testing and tried to run it from the command line.  That froze the terminal and the process had to be killed from another terminal.  However it launched OK to fullscreen when invoked from the games menu.  The action looked the same except that the walls were drawn by high-speed tractors this time.

It would appear to be working, with no regressions.

CC: (none) => tarazed25

Len Lawrence 2016-01-03 23:36:27 CET

Whiteboard: (none) => MGA5-64-OK

Comment 3 José Jorge 2016-01-05 20:37:41 CET 
mga5 i586 Kde4

All is ok also here.

Status: NEW => ASSIGNED
Whiteboard: MGA5-64-OK => MGA5-64-OK MGA5-32-OK

José Jorge 2016-01-05 20:39:11 CET

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update
Whiteboard: MGA5-64-OK MGA5-32-OK => MGA5-64-OK MGA5-32-OK advisory

Rémi Verschelde 2016-01-05 21:05:39 CET

Whiteboard: MGA5-64-OK MGA5-32-OK advisory => MGA5-64-OK MGA5-32-OK

Comment 4 Rémi Verschelde 2016-01-05 21:07:20 CET 
Advisory uploaded.

Whiteboard: MGA5-64-OK MGA5-32-OK => MGA5-64-OK MGA5-32-OK advisory

Comment 5 Mageia Robot 2016-01-09 18:18:09 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0003.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

David Walser 2016-01-11 21:22:19 CET

URL: http://armagetronad.org/index.php => http://lwn.net/Vulnerabilities/671466/