Mageia Bugzilla – Bug 8623
freeciv new security issues CVE-2012-5645 and CVE-2012-6083
Last modified: 2013-01-14 22:25:34 CET
Fedora has issued an advisory on December 19:
The issue is fixed upstream in 2.3.3 (which we have in Cauldron).
The RedHat bug links the upstream change that fixed it:
The RedHat bug has some misinformation. The fix they linked is actually CVE-2012-6083, and the fix for CVE-2012-5645 was in a different commit. Debian has the details here:
Patched package uploaded for Mageia 2.
Updated freeciv packages fix security vulnerabilities:
Malformed network packets could cause denial of service (memory exhaustion or
CPU-bound loop) in Freeciv before 2.3.3 (CVE-2012-5645, CVE-2012-6083).
Updated packages in core/updates_testing:
Probable PoC: http://aluigi.org/poc/freecivet.zip
Testing complete mga2 32
$ gcc -o freecivet freecivet.c
Freeciv <= 2.2.1 Denials of Service 0.1
by Luigi Auriemma
Usage: ./freecivet <bug> <host> [port(5556)]
1 = malloc exception
2 = endless loop
Started freeciv and started a local game so it started the server.
Confirmed the malloc crash using the command below..
./freecivet 1 localhost 5556
Changing the bug to 2 didn't seem to have any effect, unless it consumes resources very slowly but I can't see anything here under 'top'.
PoC has no effect
Testing complete mga2 64
Testing as above.
Not sure what I'm doing with the game but clicking the Turn Done button changes the year each time.
Advisory & SRPM in comment 2
Could sysadmin please push fro core/updates_testing to core/updates