Debian has issued an advisory on August 6: http://www.debian.org/security/2012/dsa-2524 Mageia 1 and 2 are affected by CVE-2012-3436. Mageia 2 is probably not affected by CVE-2012-0049, which was fixed in 1.1.5. CVE-2012-0049 was also previously fixed in a Fedora advisory from January 17: http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072508.html Another "slow read attack" was fixed in that update as well, which was also fixed upstream in 1.1.5. There doesn't seem to be an upstream commit link for that one, so for Mageia 1 it might be best to update to 1.1.5. For the CVEs, there are links to the upstream commits in the RedHat bugs: https://bugzilla.redhat.com/show_bug.cgi?id=782179 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3436
CC: (none) => jani.valimaa
Whiteboard: (none) => MGA2TOO, MGA1TOO
Pushed new release to mga2 core/updates_testing which fixes CVE-2012-3436. [1] openttd-1.2.1-2.mga2 See also: http://security.openttd.org/en/CVE-2012-3436
CVE-2012-0049 is already fixed in mga1. Pushed new release [1] also to mga1 core/updates_testing which fixes CVE-2012-3436. [1] openttd-1.1.0-1.3.mga1
Please test new releases from core/updates_testing for mga1 and mga2. New releases fixes CVE-2012-3436: Denial of service (server) using ships on half tiles and landscaping. More info and simple steps to reproduce in upstream security tracker: http://security.openttd.org/en/CVE-2012-3436
Assignee: bugsquad => qa-bugs
Summary: openttd new security issues CVE-2012-0049 and CVE-2012-3436 => openttd new security issues CVE-2012-3436
URL: http://lwn.net/Vulnerabilities/478084/ => http://security.openttd.org/en/CVE-2012-3436Source RPM: openttd-1.1.0-1.1.mga1.src.rpm => openttd
CC: (none) => stormiVersion: Cauldron => 2Whiteboard: MGA2TOO, MGA1TOO => MGA1TOO
Testing procedure: try to reproduce the issue following the steps in the link from comment #3 (before and after the update) + make sure you can start a new game, play it for a few minutes, and save/load a game.
Whiteboard: MGA1TOO => MGA1TOO has_procedure
(In reply to comment #2) > CVE-2012-0049 is already fixed in mga1. How so? The changelog for the previously issued update only lists: o CVE-2011-3343 (Multiple buffer overflows in validation of external data) o CVE-2011-3342 (Buffer overflows in savegame loading) o CVE-2011-3341 (Denial of service via improperly validated commands)
(In reply to comment #5) > (In reply to comment #2) > > CVE-2012-0049 is already fixed in mga1. > > How so? The changelog for the previously issued update only lists: > o CVE-2011-3343 (Multiple buffer overflows in validation of external data) > o CVE-2011-3342 (Buffer overflows in savegame loading) > o CVE-2011-3341 (Denial of service via improperly validated commands) Sun Jan 15 2012 wally <wally> 1.1.0-1.2.mga1 + Revision: 196505 - fix CVE-2012-0049 (Denial of service (server) via slow read attack)
(In reply to comment #6) > (In reply to comment #5) > > (In reply to comment #2) > > > CVE-2012-0049 is already fixed in mga1. > > > > How so? The changelog for the previously issued update only lists: > > o CVE-2011-3343 (Multiple buffer overflows in validation of external data) > > o CVE-2011-3342 (Buffer overflows in savegame loading) > > o CVE-2011-3341 (Denial of service via improperly validated commands) > > Sun Jan 15 2012 wally <wally> 1.1.0-1.2.mga1 > > + Revision: 196505 > - fix CVE-2012-0049 (Denial of service (server) via slow read attack) Oh whoops, ok I looked at the wrong update :o) Thanks.
Summary: openttd new security issues CVE-2012-3436 => openttd new security issue CVE-2012-3436
I couldn't get the crash to happen, as it wouldn't let me put tracks on a square with part of it in water. As the game is working, with no obvious regressions, I consider testing complete on Mageia 2 i586. Couldn't figure out how to change the font size, despite editing the numbers in ~/.openttd/openttd.cfg, so had to use kmag to be able to read the text. I'll test Mageia 2 x86-64 shortly.
CC: (none) => davidwhodginsWhiteboard: MGA1TOO has_procedure => MGA1TOO has_procedure MGA2-32-OK
Testing complete on Mageia 2 x86-64. I'll test Mageia 1 shortly.
Whiteboard: MGA1TOO has_procedure MGA2-32-OK => MGA1TOO has_procedure MGA2-32-OK MGA2-64-OK
Testing complete on Mageia 1 i586 and x86-64. Could someone from the sysadmin team push the srpm openttd-1.2.1-2.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates and the srpm openttd-1.1.0-1.3.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: This security update for openttd corrects CVE-2012-0049 (Denial of service (server) via slow read attack). https://bugs.mageia.org/show_bug.cgi?id=6981
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA1TOO has_procedure MGA2-32-OK MGA2-64-OK => MGA1TOO has_procedure MGA2-32-OK MGA2-64-OK MGA1-32-OK MGA1-64-OK
(In reply to comment #10) > > Advisory: This security update for openttd corrects CVE-2012-0049 > (Denial of service (server) via slow read attack). > > https://bugs.mageia.org/show_bug.cgi?id=6981 Oopsie, CVE-2012-0049 was fixed earlier. This security update fixes CVE-2012-3436 (Denial of service (server) using ships on half tiles and landscaping).
(In reply to comment #11) > (In reply to comment #10) > > > > Advisory: This security update for openttd corrects CVE-2012-0049 > > (Denial of service (server) via slow read attack). > > > > https://bugs.mageia.org/show_bug.cgi?id=6981 > > Oopsie, CVE-2012-0049 was fixed earlier. > > This security update fixes CVE-2012-3436 (Denial of service (server) using > ships on half tiles and landscaping). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3436 http://security.openttd.org/en/CVE-2012-3436 http://www.debian.org/security/2012/dsa-2524
Just confirming to sysadmin team, this update is ready to push. I just copied the wrong advisory from above. Could someone from the sysadmin team push the srpm openttd-1.2.1-2.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates and the srpm openttd-1.1.0-1.3.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: This security update fixes CVE-2012-3436 (Denial of service (server) using ships on half tiles and landscaping). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3436 http://security.openttd.org/en/CVE-2012-3436 http://www.debian.org/security/2012/dsa-2524 https://bugs.mageia.org/show_bug.cgi?id=6981
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0212
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED