Fedora has issued an advisory on December 19: http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095378.html The issue is fixed upstream in 2.3.3 (which we have in Cauldron). The RedHat bug links the upstream change that fixed it: https://bugzilla.redhat.com/show_bug.cgi?id=888331
CC: (none) => lists.jjorge
Assignee: bugsquad => lists.jjorge
The RedHat bug has some misinformation. The fix they linked is actually CVE-2012-6083, and the fix for CVE-2012-5645 was in a different commit. Debian has the details here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696306
Summary: freeciv new security issue CVE-2012-5645 => freeciv new security issues CVE-2012-5645 and CVE-2012-6083
Patched package uploaded for Mageia 2. Advisory: ======================== Updated freeciv packages fix security vulnerabilities: Malformed network packets could cause denial of service (memory exhaustion or CPU-bound loop) in Freeciv before 2.3.3 (CVE-2012-5645, CVE-2012-6083). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5645 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6083 http://freeciv.wikia.com/wiki/NEWS-2.3.3 ======================== Updated packages in core/updates_testing: ======================== freeciv-data-2.3.1-1.2.mga2 freeciv-client-2.3.1-1.2.mga2 freeciv-server-2.3.1-1.2.mga2 from freeciv-2.3.1-1.2.mga2.src.rpm
Assignee: lists.jjorge => qa-bugs
Probable PoC: http://aluigi.org/poc/freecivet.zip
Testing complete mga2 32 Extracted freecivet.c Compiled with $ gcc -o freecivet freecivet.c $ ./freecivet Freeciv <= 2.2.1 Denials of Service 0.1 by Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org Usage: ./freecivet <bug> <host> [port(5556)] Bugs: 1 = malloc exception 2 = endless loop Before ------ Started freeciv and started a local game so it started the server. Confirmed the malloc crash using the command below.. ./freecivet 1 localhost 5556 Changing the bug to 2 didn't seem to have any effect, unless it consumes resources very slowly but I can't see anything here under 'top'. After ----- PoC has no effect
Hardware: i586 => AllWhiteboard: (none) => has_procedure mga2-32-OK
Testing complete mga2 64 Testing as above. Not sure what I'm doing with the game but clicking the Turn Done button changes the year each time. Validating Advisory & SRPM in comment 2 Could sysadmin please push fro core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: has_procedure mga2-32-OK => has_procedure mga2-32-OK mga2-64-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0005
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED