Debian has issued an advisory on October 28: https://www.debian.org/security/2018/dsa-4329 Mageia 6 is also affected.
Whiteboard: (none) => MGA6TOO
Fedora has issued an advisory for this on October 31: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QDDT3SVGR3NGVGFDQGXISYRJZLF7FYOS/ The issue is fixed upstream in 0.6.5.
Status comment: (none) => Fixed upstream in 0.6.5
Status: NEW => ASSIGNED
Fixed in Cauldron with teeworld-0.6.5-1.mga7. Pushed the same version for Mageia 6: Advisory: ========= Updated teeworlds packages fix security vulnerability It was discovered that incorrect connection setup in the server for Teeworlds, an online multi-player platform 2D shooter, could result in denial of service via forged connection packets (rendering all game server slots occupied) (CVE-2018-18541). This update fixes it. References: - https://www.debian.org/security/2018/dsa-4329 - https://www.teeworlds.com/?page=news&id=12544 - https://github.com/teeworlds/teeworlds/commits/0.6.5-release RPMs in core/updates_testing: ============================= teeworlds-0.6.5-1.mga6 teeworlds-data-0.6.5-1.mga6 teeworlds-server-0.6.5-1.mga6 SRPM in core/updates_testing: ============================= teeworlds-0.6.5-1.mga6
Assignee: rverschelde => qa-bugsVersion: Cauldron => 6Whiteboard: MGA6TOO => (none)
MGA6-32 MATE on IBM Thinkpad R50e No installation issues. Tried to play locally, so started server as normal user. Remark. the command teeworld-srv is not available to root. You have to let port 8303/udp thru the firewall. $ teeworlds-srv [5bec1483][engine]: running on unix-linux-ia32 [5bec1483][engine]: arch is little endian [5bec1483][storage]: couldn't open storage.cfg [5bec1483][storage]: using standard paths and more .... but also failed to create socket with domain 10 and type 2 (97 'Address family not supported by protocol') but it goes on server name is 'unnamed server' [5bec1483][datafile]: loading data index=17 size=325 uncompressed=12000 [5bec1483][server]: version 0.6 e42d81cd67b8c7bc [5bec1483][engine/mastersrv]: refreshing master server addresses [5bec1483][register]: refreshing ip addresses [5bec1483][engine/mastersrv]: saving addresses [5bec1483][register]: fetching server counts [5bec1486][register]: chose 'master4.teeworlds.com' as master, sending heartbeats at that point I started the client - see below [5bec14aa][server]: player is ready. ClientID=0 addr=192.168.2.6:63117 [5bec14ab][server]: 'nameless tee' -> 'nameless tee' [5bec14ab][server]: player has entered the game. ClientID=0 addr=192.168.2.6:63117 [5bec14ab][chat]: *** 'nameless tee' entered and joined the game [5bec14ab][game]: team_join player='0:nameless tee' team=0 Choosing the master does not give anything because my router does not let thru port 8303 Playing the client: $ teeworlds [5bec149c][engine]: running on unix-linux-ia32 [5bec149c][engine]: arch is little endian [5bec149c][storage]: couldn't open storage.cfg [5bec149c][storage]: using standard paths [5bec149c][storage]: added path '$USERDIR' ('/home/tester6/.teeworlds') [5bec149c][storage]: added path '$DATADIR' ('/usr/share/teeworlds/data') [5bec149c][storage]: added path '$CURRENTDIR' ('/home/tester6') [5bec149c][binds]: bound f1 (282) = toggle_local_console [5bec149c][binds]: bound f2 (283) = toggle_remote_console and more.... but again failed to create socket with domain 10 and type 2 (97 'Address family not supported by protocol') [5bec149d][net]: failed to create socket with domain 10 and type 2 (97 'Address family not supported by protocol') the first config is choosing a username, and then you get a list of available servers on the internet. Click on the LAN tab and select your local server At last a playing screen opens where a little I-don't-know-what folllows the mouse movements wit its guns and fires when you click. That's more than I am really interested in, so <Escape> and quit Fair enough for me. but at least the playing screen opens and you have a little I-don't-know-what that follow the mouse mov
CC: (none) => herman.viaeneWhiteboard: (none) => MGA6-32-OK
Thanks Herman for doing battle! Advisory from comment 2; validating.
Keywords: (none) => advisory, validated_updateCC: (none) => lewyssmith, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0450.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED