Upstream for teeworlds has announced a security fix for teeworlds-server [1]: "As a result of a recently reported security vulnerability in the server, this release contains little updates. [...] Fix the above-mentioned security vulnerability (Memory reads, Segmentation Fault) in all 0.6.x servers." [1] https://www.teeworlds.com/forum/viewtopic.php?id=11200 Reproducible: Steps to Reproduce:
I packaged teeworlds 0.6.3 (the security fix release) for Mageia 4. Since this is a leaf package (game) and provides networking features, I chose to update to the latest release instead of trying to patch the 0.6.1 version of Mageia 4. Note that the patch seems trivial [1] so if someone is against the version update, I can also revert my changes and patch version 0.6.1. A CVE request has been filed [2]. Fedora has issued an update but seems not to like writing advisories [3]. Increasing the severity as per Debian's bug report [4]. [1] https://github.com/teeworlds/teeworlds/commit/a766cb44bcffcdb0b88e776d01c5ee1323d44f85 [2] http://seclists.org/oss-sec/2014/q4/790 [3] https://admin.fedoraproject.org/updates/FEDORA-2014-15670/teeworlds-0.6.3-1.fc21 [4] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770514
Assignee: bugsquad => qa-bugsSeverity: normal => major
Suggested advisory: =================== A security flaw was found in the teeworlds server prior to 0.6.3 where an incorrect offset check could enable an attacker to read the memory or trigger a segmentation fault. The teeworlds package in Mageia 4 has been update to version 0.6.3, thus providing the fix for this security flaw and a number of additional bug fixes and new features as listed in the referenced changelogs. References: ----------- - https://www.teeworlds.com/forum/viewtopic.php?id=10330 - https://www.teeworlds.com/forum/viewtopic.php?id=11200 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770514 SRPMs in core/updates_testing: ------------------------------ - teeworlds-0.6.3-1.mga4 RPMs in core/updates_testing: ------------------------------ - teeworlds-0.6.3-1.mga4 - teeworlds-server-0.6.3-1.mga4 - teeworlds-data-0.6.3-1.mga4.noarch
Note that the security flaw affected the teeworlds-server package (and the corresponding teeworlds-srv binary), so it would be nice to make sure that it is still possible to setup a teeworlds server, and play on it with the client. Since this update also provides new features and bug fixes, the teeworlds client should also be tested against obvious regressions.
Testing on Mageia4-64 real HW With current packages : --------------------- - teeworlds-0.6.1-5.mga3.x86_64 - teeworlds-data-0.6.1-5.mga3.x86_64 - teeworlds-server-0.6.1-5.mga3.x86_64 Launched teeworlds (client) Could play online Stopped teeworlds In ~/.teeworlds, created a config file named server_default.cfg : sv_name myserver password mypassword sv_rcon_password myadminpassword sv_port 8303 sv_gametype dm sv_warmup 10 sv_map dm1 sv_maprotation dm1 dm2 dm6 sv_max_clients 8 sv_scorelimit 20 sv_tournament_mode 0 sv_motd Bienvenu ! sv_powerups 1 sv_timelimit 0 sv_spectator_slots 0 In firewall, authorized port 8303 (udp and tcp) In terminal : $ teeworlds-srv -f ~/.teeworlds/server_default.cfg after several messages : [5478d5e4][game]: start round type='DM' teamplay='0' Launched teeworld client in menu, could connect to my lan server using password set up in config file. Could play the game. Stopped the server (Ctrl-C) Updated to testing packages : --------------------------- teeworlds 0.6.3 1.mga4 x86_64 teeworlds-data 0.6.3 1.mga4 noarch teeworlds-server 0.6.3 1.mga4 x86_64 Could play the game on internet To launch the server, former command didn't work. Changed it to : $ /usr/games/teeworlds-srv -f ~/.teeworlds/server_default.cfg which launched the server OK Could connect on lan and play the game OK
CC: (none) => olchalWhiteboard: (none) => MAG4-64-OK
Whiteboard: MAG4-64-OK => MGA4-64-OK
Thanks for the detailed procedure Olivier. It's a bit strange though that you had to start teeworlds-srv with the full path, /usr/games should be in your PATH. Could you check `echo $PATH' and also the contents of /etc/profile? It should have something along those lines: if [ "$UID" -ge 500 ] ; then if ! echo ${PATH} |grep -q /usr/games ; then PATH=$PATH:/usr/games fi fi
Whiteboard: MGA4-64-OK => has_procedure MGA4-64-OK
Sorry, I just had to reboot and now I can launch it without giving the full path.
I guess it is because the path to teeworlds-server has changed : on teeworlds-server-0.6.1-5 it was in /usr/bin and now it's in /usr/games.
Ok good, I guess closing your terminal and opening a new one would have done the trick too.
Tested on Mageia4-32 realhardware following procedure in Comment 4. From : teeworlds 0.6.1-5.mga3 teeworlds-data 0.6.1-5.mga3 teeworlds-server 0.6.1-5.mga3 To : teeworlds-0.6.3-1.mga4 teeworlds-data-0.6.3-1.mga4 teeworlds-server-0.6.3-1.mga4 This time, restarted terminal to relaunch teeworlds-server as advised by Remy. All OK
Whiteboard: has_procedure MGA4-64-OK => has_procedure MGA4-64-OK MGA4-32-OK
Advisory uploaded.
Whiteboard: has_procedure MGA4-64-OK MGA4-32-OK => has_procedure MGA4-64-OK MGA4-32-OK advisory
Validating. Please push to updates. Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0502.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: https://www.teeworlds.com/forum/viewtopic.php?id=11200 => http://lwn.net/Vulnerabilities/624082/