Bug#355211: freeciv-server: security hole
Jason Dorje Short wrote: Package: freeciv-server Version: 2.0.7-2 Severity: important Jordi - There is a security hole in Freeciv 2.0 allowing a remote user to trigger a server crash (it is unlikely anything more than a crashed civserver would result from the hole). This patch (which will be included in the upcoming 2.0.8 release) will fix it; I recommend you upload it and/or get ready for 2.0.8 in a couple of days. Jason, please mention CVE-2006-0047 in the changelog when you release the new version. CVE-2006- a unique identifier for a vulnerability in a software package. The database behind this is maintained at MITRE's Common Vulnerabilities and Exposures project http://cve.mitre.org/cve/. Details for such an id are available after a few days of quarantaine at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-. Many vendors (both propriatery and Free Software) participate in this database and assign the id to vulnerability reports or updates they produce. These IDs help us security people generally for identifying if a given package is fixed or if a given update fixes which problem. Please mention this ID in the changelog and/or project announcements. Regards, Joey -- The MS-DOS filesystem is nice for removable media. -- H. Peter Anvin Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#355211: freeciv-server: security hole
Package: freeciv-server
Version: 2.0.7-2
Severity: important
Jordi -
There is a security hole in Freeciv 2.0 allowing a remote user to trigger a
server crash (it is unlikely anything more than a crashed civserver would
result from the hole). This patch (which will be included in the upcoming
2.0.8 release) will fix it; I recommend you upload it and/or get ready for
2.0.8 in a couple of days.
Index: common/packets.c
===
--- common/packets.c(revision 11709)
+++ common/packets.c(working copy)
@@ -362,13 +362,13 @@
}
#endif
- if (whole_packet_len pc-buffer-ndata) {
+ if ((unsigned)whole_packet_len pc-buffer-ndata) {
return NULL; /* not all data has been read */
}
#ifdef USE_COMPRESSION
if (compressed_packet) {
-int compressed_size = whole_packet_len - header_size;
+uLong compressed_size = whole_packet_len - header_size;
/*
* We don't know the decompressed size. We assume a bad case
* here: an expansion by an factor of 100.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages freeciv-server depends on:
ii freeciv-data 2.0.7-2Civilization turn based strategy g
ii libc6 2.3.6-2GNU C Library: Shared libraries an
ii libreadline5 5.1-6 GNU readline and history libraries
ii zlib1g1:1.2.3-9 compression library - runtime
freeciv-server recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#355211: [Pkg-freeciv-devel] Bug#355211: freeciv-server: security hole
See PR#15762. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
