23820 – teeworlds new security issue CVE-2018-18541

Bug 23820 - teeworlds new security issue CVE-2018-18541

Summary: teeworlds new security issue CVE-2018-18541

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	6
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA6-32-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2018-11-08 17:39 CET by David Walser
Modified:	2018-11-15 23:05 CET (History)
CC List:	3 users (show)

See Also:
Source RPM:	teeworlds-0.6.4-3.mga7.src.rpm
CVE:
Status comment:	Fixed upstream in 0.6.5

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2018-11-08 17:39:30 CET

Debian has issued an advisory on October 28:
https://www.debian.org/security/2018/dsa-4329

Mageia 6 is also affected.

David Walser 2018-11-08 17:39:38 CET

Whiteboard: (none) => MGA6TOO

Comment 1 David Walser 2018-11-08 19:30:18 CET

Fedora has issued an advisory for this on October 31:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QDDT3SVGR3NGVGFDQGXISYRJZLF7FYOS/

The issue is fixed upstream in 0.6.5.

Status comment: (none) => Fixed upstream in 0.6.5

Rémi Verschelde 2018-11-08 20:35:17 CET

Status: NEW => ASSIGNED

Comment 2 Rémi Verschelde 2018-11-09 14:16:49 CET

Fixed in Cauldron with teeworld-0.6.5-1.mga7.

Pushed the same version for Mageia 6:

Advisory:
=========

Updated teeworlds packages fix security vulnerability

  It was discovered that incorrect connection setup in the server for Teeworlds,
  an online multi-player platform 2D shooter, could result in denial of service
  via forged connection packets (rendering all game server slots occupied)
  (CVE-2018-18541). This update fixes it.

References:
 - https://www.debian.org/security/2018/dsa-4329
 - https://www.teeworlds.com/?page=news&id=12544
 - https://github.com/teeworlds/teeworlds/commits/0.6.5-release

RPMs in core/updates_testing:
=============================

teeworlds-0.6.5-1.mga6
teeworlds-data-0.6.5-1.mga6
teeworlds-server-0.6.5-1.mga6

SRPM in core/updates_testing:
=============================

teeworlds-0.6.5-1.mga6

Assignee: rverschelde => qa-bugs
Version: Cauldron => 6
Whiteboard: MGA6TOO => (none)

Comment 3 Herman Viaene 2018-11-14 13:45:44 CET

MGA6-32 MATE on IBM Thinkpad R50e
No installation issues.
Tried to play locally, so started server as normal user.
Remark. the command teeworld-srv is not available to root.
You have to let port 8303/udp thru the firewall.

$ teeworlds-srv 
[5bec1483][engine]: running on unix-linux-ia32
[5bec1483][engine]: arch is little endian
[5bec1483][storage]: couldn't open storage.cfg
[5bec1483][storage]: using standard paths
and more .... but also
failed to create socket with domain 10 and type 2 (97 'Address family not supported by protocol')
but it goes on
 server name is 'unnamed server'
[5bec1483][datafile]: loading data index=17 size=325 uncompressed=12000
[5bec1483][server]: version 0.6 e42d81cd67b8c7bc
[5bec1483][engine/mastersrv]: refreshing master server addresses
[5bec1483][register]: refreshing ip addresses
[5bec1483][engine/mastersrv]: saving addresses
[5bec1483][register]: fetching server counts
[5bec1486][register]: chose 'master4.teeworlds.com' as master, sending heartbeats

at that point I started the client - see below
[5bec14aa][server]: player is ready. ClientID=0 addr=192.168.2.6:63117
[5bec14ab][server]: 'nameless tee' -> 'nameless tee'
[5bec14ab][server]: player has entered the game. ClientID=0 addr=192.168.2.6:63117
[5bec14ab][chat]: *** 'nameless tee' entered and joined the game
[5bec14ab][game]: team_join player='0:nameless tee' team=0
Choosing the master does not give anything because my router does not let thru port 8303
Playing the client:
$ teeworlds
[5bec149c][engine]: running on unix-linux-ia32
[5bec149c][engine]: arch is little endian
[5bec149c][storage]: couldn't open storage.cfg
[5bec149c][storage]: using standard paths
[5bec149c][storage]: added path '$USERDIR' ('/home/tester6/.teeworlds')
[5bec149c][storage]: added path '$DATADIR' ('/usr/share/teeworlds/data')
[5bec149c][storage]: added path '$CURRENTDIR' ('/home/tester6')
[5bec149c][binds]: bound f1 (282) = toggle_local_console
[5bec149c][binds]: bound f2 (283) = toggle_remote_console
and more.... but again
failed to create socket with domain 10 and type 2 (97 'Address family not supported by protocol')
[5bec149d][net]: failed to create socket with domain 10 and type 2 (97 'Address family not supported by protocol')
the first config is choosing a username, and  then you get a list of available servers on the internet. Click on the LAN tab and select your local server
At last a playing screen opens where a little I-don't-know-what folllows the mouse movements wit its guns and fires when you click.
That's more than I am really interested in, so <Escape> and quit
Fair enough for me.
but at least the playing screen opens and you have a little I-don't-know-what that follow the mouse mov

CC: (none) => herman.viaene
Whiteboard: (none) => MGA6-32-OK

Comment 4 Lewis Smith 2018-11-14 20:50:45 CET

Thanks Herman for doing battle!
Advisory from comment 2; validating.

Keywords: (none) => advisory, validated_update
CC: (none) => lewyssmith, sysadmin-bugs

Comment 5 Mageia Robot 2018-11-15 23:05:42 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0450.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.