Bug 17439 - Security and bugfix update for Armagetron Advanced
Summary: Security and bugfix update for Armagetron Advanced
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/671466/
Whiteboard: MGA5-64-OK MGA5-32-OK advisory
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2016-01-03 17:54 CET by Rémi Verschelde
Modified: 2016-01-11 21:22 CET (History)
3 users (show)

See Also:
Source RPM: armagetron-0.2.8.3.2-7.mga6
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Rémi Verschelde 2016-01-03 17:54:10 CET 
Looks like we missed a security and bugfix update for armagetron back in February 2015: http://armagetronad.org/index.php

I'll push it to cauldron and then mga5.

Reproducible: 

Steps to Reproduce:
Rémi Verschelde 2016-01-03 17:54:24 CET

Whiteboard: (none) => MGA5TOO
CC: (none) => lists.jjorge

Comment 1 Rémi Verschelde 2016-01-03 18:02:24 CET 
Package pushed to cauldron and Mageia 5 core/updates_testing.

Advisory:
=========

Updated armagetron package fixes security vulnerabilities

  A practically exploitable bug was fixed in the network error handling.
  In client mode, any received packet that causes an exception during
  processing would terminate the connection to the server.

  Another theoretically exploitable bug was fixed that allowed very short UDP
  packets to cause a memory reading beyond the input buffer.

  Several non-exploitable crash bugs and one pathological camera behavior
  were also fixed.

References:
 - http://sourceforge.net/projects/armagetronad/files/stable/0.2.8.3.3/releasenotes.txt/download

RPM:
====
armagetron-0.2.8.3.3-1.mga5

SRPM:
=====
 - armagetron-0.2.8.3.3-1.mga5

Hardware: i586 => All
Assignee: rverschelde => qa-bugs
Version: Cauldron => 5
Whiteboard: MGA5TOO => (none)

Comment 2 Len Lawrence 2016-01-03 23:35:58 CET 
mga5  x86_64  Mate

Installed the game and launched it from the command line to see what it was about.  I still have no idea but there were a lot of settings and activity on the screen.

Updated it from Core Updates Testing and tried to run it from the command line.  That froze the terminal and the process had to be killed from another terminal.  However it launched OK to fullscreen when invoked from the games menu.  The action looked the same except that the walls were drawn by high-speed tractors this time.

It would appear to be working, with no regressions.

CC: (none) => tarazed25

Len Lawrence 2016-01-03 23:36:27 CET

Whiteboard: (none) => MGA5-64-OK

Comment 3 José Jorge 2016-01-05 20:37:41 CET 
mga5 i586 Kde4

All is ok also here.

Status: NEW => ASSIGNED
Whiteboard: MGA5-64-OK => MGA5-64-OK MGA5-32-OK

José Jorge 2016-01-05 20:39:11 CET

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update
Whiteboard: MGA5-64-OK MGA5-32-OK => MGA5-64-OK MGA5-32-OK advisory

Rémi Verschelde 2016-01-05 21:05:39 CET

Whiteboard: MGA5-64-OK MGA5-32-OK advisory => MGA5-64-OK MGA5-32-OK

Comment 4 Rémi Verschelde 2016-01-05 21:07:20 CET 
Advisory uploaded.

Whiteboard: MGA5-64-OK MGA5-32-OK => MGA5-64-OK MGA5-32-OK advisory

Comment 5 Mageia Robot 2016-01-09 18:18:09 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0003.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

David Walser 2016-01-11 21:22:19 CET

URL: http://armagetronad.org/index.php => http://lwn.net/Vulnerabilities/671466/
Note You need to log in before you can comment on or make changes to this bug.