Bug 6565

Summary: tremulous security issues CVE-2010-5077, CVE-2011-2764 and CVE-2011-3012
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: lists.jjorge, stormi-mageia, sysadmin-bugs, tmb
Version: 1Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/488838/
Whiteboard: MGA1-32-OK MGA1-64-OK
Source RPM: tremulous-1.2.0-0.beta1.1.1.mga1.src.rpm CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 5496    

Description David Walser 2012-06-25 15:50:21 CEST 
José Jorge has submitted a patched package to updates_testing to fix these.

Advisory to come later.
David Walser 2012-06-25 15:50:35 CEST

CC: (none) => lists.jjorge

Comment 1 David Walser 2012-06-25 15:51:44 CEST 
tremulous-1.2.0-0.beta1.1.2.mga1 is the updated package (RPM and SRPM).
David Walser 2012-06-25 15:51:59 CEST

Blocks: (none) => 5496

Comment 2 David Walser 2012-06-25 16:02:26 CEST 
Advisory:
========================

Updated tremulous package fixes security vulnerabilities:

It has been discovered that spoofed "getstatus" UDP requests are being
sent by attackers to servers for use with games derived from the
Quake 3 engine (such as openarena).  These servers respond with a
packet flood to the victim whose IP address was impersonated by the
attackers, causing a denial of service (CVE-2010-5077).

The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the
ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin'
Guns, OpenArena, Tremulous, and ioUrbanTerror, does not properly
determine dangerous file extensions, which allows remote attackers to
execute arbitrary code via a crafted third-party addon that creates a
Trojan horse DLL file (CVE-2011-2764).

The ioQuake3 engine, as used in World of Padman 1.2 and earlier,
Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for
dangerous file extensions before writing to the quake3 directory,
which allows remote attackers to execute arbitrary code via a crafted
third-party addon that creates a Trojan horse DLL file (CVE-2011-3012).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3012
http://www.debian.org/security/2012/dsa-2442
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078387.html
Comment 3 Samuel Verschelde 2012-07-05 21:30:29 CEST 
Tested i586. Game starts, could play a game without obvious regression.

Whiteboard: (none) => MGA1-32-OK

Comment 4 Samuel Verschelde 2012-07-08 13:54:17 CEST 
Tested x86_64. Update validated.

See comment #1 and comment #2 for SRPM and advisory.

Keywords: (none) => validated_update
CC: (none) => stormi, sysadmin-bugs
Whiteboard: MGA1-32-OK => MGA1-32-OK MGA1-32-OK

Samuel Verschelde 2012-07-08 14:03:37 CEST

Whiteboard: MGA1-32-OK MGA1-32-OK => MGA1-32-OK MGA1-64-OK

Comment 5 Thomas Backlund 2012-07-09 23:58:34 CEST 
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0148

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED