Bug 11852 - openttd new security issue CVE-2013-6411
Summary: openttd new security issue CVE-2013-6411
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 3
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: advisory MGA3-64-OK MGA3-32-OK
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2013-12-02 16:38 CET by David Walser
Modified: 2013-12-06 23:03 CET (History)
3 users (show)

See Also:
Source RPM: openttd-1.3.2-1.mga3.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2013-12-02 16:38:30 CET 
A CVE was allocated for a security issue in openttd on November 29:
http://openwall.com/lists/oss-security/2013/11/29/3

The issue is fixed upstream in 1.3.3 and there's a patch linked from the upstream advisory:
http://security.openttd.org/en/CVE-2013-6411

Mageia 3 is also affected.

Reproducible: 

Steps to Reproduce:
David Walser 2013-12-02 16:38:40 CET

Whiteboard: (none) => MGA3TOO

Comment 1 Jani Välimaa 2013-12-02 19:16:22 CET 
Requested freeze push for Cauldron and pushed 1.3.3 to core/updates_testing for mga3.

QA team, please test new release [1] for mga3. Steps to reproduce are in upstream security tracker (link in comment 0). There're also other fixes [2] in this new release.


[1] openttd-1.3.3-1.mga3
[2] http://gb.binaries.openttd.org/binaries/releases/1.3.3/changelog.txt

Assignee: jani.valimaa => qa-bugs

Comment 2 David Walser 2013-12-02 19:27:00 CET 
Thanks Jani!

Advisory:
========================

Updated openttd package fixes security vulnerability:

A missing validation in OpenTTD before 1.3.3 allows remote attackers to cause
a denial of service (crash) by forcefully crashing aircraft near the corner of
the map. This triggers a corner case where data outside of the allocated map
array is accessed (CVE-2013-6411).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6411
http://openwall.com/lists/oss-security/2013/11/28/17
http://security.openttd.org/en/CVE-2013-6411
http://gb.binaries.openttd.org/binaries/releases/1.3.3/changelog.txt
========================

Updated packages in core/updates_testing:
========================
openttd-1.3.3-1.mga3

from openttd-1.3.3-1.mga3.src.rpm

Version: Cauldron => 3
Whiteboard: MGA3TOO => (none)

Comment 3 Dave Hodgins 2013-12-02 20:41:23 CET 
Advisory 11852.adv committed to svn.

CC: (none) => davidwhodgins
Whiteboard: (none) => advisory

Comment 4 Dave Hodgins 2013-12-02 21:32:33 CET 
Testing complete on Mageia 3 i586 and x86_64.

Someone from the sysadmin team please push 11852.adv to updates.

Keywords: (none) => validated_update
Whiteboard: advisory => advisory MGA3-64-OK MGA3-32-OK
CC: (none) => sysadmin-bugs

Comment 5 David Walser 2013-12-02 21:40:18 CET 
Just a reminder that this needs pushed in Cauldron first.
Comment 6 David Walser 2013-12-03 23:40:04 CET 
openttd-1.3.3-1.mga4 submitted for Cauldron.
Comment 7 Thomas Backlund 2013-12-06 23:03:45 CET 
Update pusned:
http://advisories.mageia.org/MGASA-2013-0363.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.