Debian Bug report logs -
#927152
teeworlds: CVE-2019-10877 CVE-2019-10878 CVE-2019-10879
Reported by: Markus Koschany <apo@debian.org>
Date: Mon, 15 Apr 2019 16:09:01 UTC
Severity: grave
Tags: security, upstream
Found in version teeworlds/0.7.2-3
Fixed in version teeworlds/0.7.2-4
Done: Dylan Aïssi <daissi@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Games Team <pkg-games-devel@lists.alioth.debian.org>:
Bug#927152; Package teeworlds.
(Mon, 15 Apr 2019 16:09:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Markus Koschany <apo@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Games Team <pkg-games-devel@lists.alioth.debian.org>.
(Mon, 15 Apr 2019 16:09:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: teeworlds
X-Debbugs-CC: team@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for teeworlds.
CVE-2019-10877[0]:
| In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in
| engine/shared/map.cpp that can lead to a buffer overflow, because
| multiplication of width and height is mishandled.
CVE-2019-10878[1]:
| In Teeworlds 0.7.2, there is a failed bounds check in
| CDataFileReader::GetData() and CDataFileReader::ReplaceData() and
| related functions in engine/shared/datafile.cpp that can lead to an
| arbitrary free and out-of-bounds pointer write, possibly resulting in
| remote code execution.
CVE-2019-10879[2]:
| In Teeworlds 0.7.2, there is an integer overflow in
| CDataFileReader::Open() in engine/shared/datafile.cpp that can lead to
| a buffer overflow and possibly remote code execution, because size-
| related multiplications are mishandled.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-10877
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10877
[1] https://security-tracker.debian.org/tracker/CVE-2019-10878
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10878
[2] https://security-tracker.debian.org/tracker/CVE-2019-10879
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10879
Please adjust the affected versions in the BTS as needed.
Regards,
Markus
[signature.asc (application/pgp-signature, attachment)]
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 15 Apr 2019 17:21:04 GMT) (full text, mbox, link).
Marked as found in versions teeworlds/0.7.2-3.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 15 Apr 2019 17:21:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Games Team <pkg-games-devel@lists.alioth.debian.org>:
Bug#927152; Package teeworlds.
(Mon, 22 Apr 2019 19:54:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Jordy Ruiz <jordy.ruiz@univ-lille.fr>:
Extra info received and forwarded to list. Copy sent to Debian Games Team <pkg-games-devel@lists.alioth.debian.org>.
(Mon, 22 Apr 2019 19:54:03 GMT) (full text, mbox, link).
Message #14 received at 927152@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Mon, 15 Apr 2019 18:07:12 +0200 Markus Koschany wrote:
> Package: teeworlds
> X-Debbugs-CC: team@security.debian.org
> Severity: grave
> Tags: security
>
> Hi,
>
> The following vulnerabilities were published for teeworlds.
>
> CVE-2019-10877[0]:
> | In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in
> | engine/shared/map.cpp that can lead to a buffer overflow, because
> | multiplication of width and height is mishandled.
>
>
> CVE-2019-10878[1]:
> | In Teeworlds 0.7.2, there is a failed bounds check in
> | CDataFileReader::GetData() and CDataFileReader::ReplaceData() and
> | related functions in engine/shared/datafile.cpp that can lead to an
> | arbitrary free and out-of-bounds pointer write, possibly resulting in
> | remote code execution.
>
>
> CVE-2019-10879[2]:
> | In Teeworlds 0.7.2, there is an integer overflow in
> | CDataFileReader::Open() in engine/shared/datafile.cpp that can lead to
> | a buffer overflow and possibly remote code execution, because size-
> | related multiplications are mishandled.
>
>
> If you fix the vulnerabilities please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2019-10877
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10877
> [1] https://security-tracker.debian.org/tracker/CVE-2019-10878
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10878
> [2] https://security-tracker.debian.org/tracker/CVE-2019-10879
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10879
>
> Please adjust the affected versions in the BTS as needed.
>
> Regards,
>
> Markus
>
Hi,
Teeworlds 0.7.3 was released and includes the aforementioned patches:
https://teeworlds.com/?page=journal&id=12806
> fix security vulnerabilities CVE-2019-10879, CVE-2019-10879,
CVE-2019-10879
Greetings,
Dune
[Message part 2 (text/html, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Games Team <pkg-games-devel@lists.alioth.debian.org>:
Bug#927152; Package teeworlds.
(Fri, 03 May 2019 07:42:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Dylan Aïssi <daissi@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Games Team <pkg-games-devel@lists.alioth.debian.org>.
(Fri, 03 May 2019 07:42:03 GMT) (full text, mbox, link).
Message #19 received at 927152@bugs.debian.org (full text, mbox, reply):
tag 927152 pending
tag 928110 pending
thanks
Hi,
https://salsa.debian.org/games-team/teeworlds/merge_requests/1/diffs
Not yet uploaded, I will do it later, excepted if someone is faster :-).
Best,
Dylan
Added tag(s) pending.
Request was from Dylan Aïssi <daissi@debian.org>
to control@bugs.debian.org.
(Fri, 03 May 2019 07:42:06 GMT) (full text, mbox, link).
Reply sent
to Dylan Aïssi <daissi@debian.org>:
You have taken responsibility.
(Sat, 04 May 2019 20:51:03 GMT) (full text, mbox, link).
Notification sent
to Markus Koschany <apo@debian.org>:
Bug acknowledged by developer.
(Sat, 04 May 2019 20:51:04 GMT) (full text, mbox, link).
Message #26 received at 927152-close@bugs.debian.org (full text, mbox, reply):
Source: teeworlds
Source-Version: 0.7.2-4
We believe that the bug you reported is fixed in the latest version of
teeworlds, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 927152@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dylan Aïssi <daissi@debian.org> (supplier of updated teeworlds package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 04 May 2019 22:14:03 +0200
Source: teeworlds
Architecture: source
Version: 0.7.2-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Games Team <pkg-games-devel@lists.alioth.debian.org>
Changed-By: Dylan Aïssi <daissi@debian.org>
Closes: 927152 928110
Changes:
teeworlds (0.7.2-4) unstable; urgency=medium
.
* Team upload.
* Add upstream patches to fix CVE-2019-10877 CVE-2019-10878 CVE-2019-10879
(Closes: #927152).
* Add upstream patch to fix creation of recursive path. (Closes: #928110)
Checksums-Sha1:
7c4886af6abd4fa75905d2e4f695d933b34393e8 2260 teeworlds_0.7.2-4.dsc
323d4d9311b7a7c0ed7d9b95d197b28fa668f2db 21840 teeworlds_0.7.2-4.debian.tar.xz
dabaf256c769b4ce2069db60574b8680acb3d249 12770 teeworlds_0.7.2-4_amd64.buildinfo
Checksums-Sha256:
e8a88361a17c08356a155ab1d43bd2555c7a86737234016cd224f0f7c82d795a 2260 teeworlds_0.7.2-4.dsc
4dc244347c62b61d897a1794e003e60cfdfce5cee66c7d3dfd29405f5ed1308b 21840 teeworlds_0.7.2-4.debian.tar.xz
88ae20ef928a7ade3a5a560b1a5a7ba5b1aca303f364adadd8d29a57e455e6da 12770 teeworlds_0.7.2-4_amd64.buildinfo
Files:
323d5ff22b7e9de95f21e2e5e2ff286f 2260 games optional teeworlds_0.7.2-4.dsc
a2c3431eaf8d8275174bb454778b427e 21840 games optional teeworlds_0.7.2-4.debian.tar.xz
ea08ceb5ab9950bbcb48c4ff1ddba214 12770 games optional teeworlds_0.7.2-4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEmjwHvQbeL0FugTpdYS7xYT4FD1QFAlzN9QUSHGRhaXNzaUBk
ZWJpYW4ub3JnAAoJEGEu8WE+BQ9U82YP/RJkfZUkFIvMr3WV56YAtHR7UDgTuy7m
UQeuG2E/BPZJoxT/9xv63ez2rqD4LxSVtHxIitZpUVyiPYz2Sw3cr022mtIOco8u
FQuT5+V6JZ0FRmQJLCKVqa2FWlfahw+9V9ZB5HH5P4pX4vpzHN+f4ycVQU3/LUVW
/Y9SsJLMwSqeZp40f9rsGkt2IAjzaCNLMnwI2UY6yFhCodjjnmsWBHW36HXBH6ND
6MlAT0OXu2eS+IcBrWiklYKVSJNa4IM195dTMGRGNXxedbpZzscJbOaeULMxRTtS
Ga7Jn/f8rE/+3c2y4iqDYKCNYbX+/YuSOpKnaADcyIsBBowvqXqxcCWx5YSJCBUJ
Tjm/YUS52Z11R7d3vWVHWljII8YR32f3+PpLLg5QDSv6EEWopRokGn93q1HtUNbV
Lu8wdHXReXzqkgsyskQQZVxTEy8rwNWd9KXaGq2QCAN8bsjPXO2YVUN2KEaL674f
hE6I4ngPHCRtQ6Q9eyQ/EHWhLFHdO+GGAKocr68PVJVYKajVQ0gXF9Fn0VJyukHT
C1eWBvoRGIOT1+T5azEzGWrpCLqTvPRySYm2Dss2+m4h4sqjPsgsYz1+gvN885a0
Y45Uj2VX6LmHIXHz2N5HdnvjihNmsFWxTZyqc7u2n+weCDgg0g781YJvpfYD9D30
q89jAgmaBYZT
=VMYD
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Games Team <pkg-games-devel@lists.alioth.debian.org>:
Bug#927152; Package teeworlds.
(Sat, 18 May 2019 16:57:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Amer Hwitat <amer.server.two@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Games Team <pkg-games-devel@lists.alioth.debian.org>.
(Sat, 18 May 2019 16:57:03 GMT) (full text, mbox, link).
Message #31 received at 927152@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Dears,
I have the following Bugs that crashed my VM, I reported it to RH, they
didn't answer, and banned my developer account, the Bug is when you disable
the network on RHEL with OSP 14 installed all in one, it crashes the
system, I had a 12GB RAM, with 8 CPUs on the VM, and I found out that this
crash report pissed off someone in RH, because they called me, and said
what do you want from me!!, what I need is a Simple reply, is this a bug or
not.
here is the problem:
[root@localhost network-scripts]# systemctl status network -l
? network.service - LSB: Bring up/down networking
Loaded: loaded (/etc/rc.d/init.d/network; bad; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2019-01-19 03:47:01 EST;
21s ago
Docs: man:systemd-sysv-generator(8)
Process: 86319 ExecStop=/etc/rc.d/init.d/network stop (code=exited,
status=0/SUCCESS)
Process: 86591 ExecStart=/etc/rc.d/init.d/network start (code=exited,
status=1/FAILURE)
Tasks: 0
Jan 19 03:47:01 localhost.localdomain dhclient[86963]: Please report for
this software via the Red Hat Bugzilla site:
Jan 19 03:47:01 localhost.localdomain dhclient[86963]:
http://bugzilla.redhat.com
Jan 19 03:47:01 localhost.localdomain dhclient[86963]: ution.
Jan 19 03:47:01 localhost.localdomain dhclient[86963]: exiting.
Jan 19 03:47:01 localhost.localdomain network[86591]: failed.
Jan 19 03:47:01 localhost.localdomain network[86591]: [FAILED]
Jan 19 03:47:01 localhost.localdomain systemd[1]: network.service: control
process exited, code=exited status=1
Jan 19 03:47:01 localhost.localdomain systemd[1]: Failed to start LSB:
Bring up/down networking.
Jan 19 03:47:01 localhost.localdomain systemd[1]: Unit network.service
entered failed state.
Jan 19 03:47:01 localhost.localdomain systemd[1]: network.service failed.
[root@localhost network-scripts]#
[root@localhost log]#
Message from syslogd@localhost at Jan 23 02:23:31 ...
kernel:NMI watchdog: BUG: soft lockup - CPU#3 stuck for 22s!
[ovsdb-server:10088]
[root@amer network-scripts]#
Message from syslogd@amer at Jan 27 12:46:38 ...
kernel:NMI watchdog: BUG: soft lockup - CPU#0 stuck for 22s!
[nova-api:102738]
Message from syslogd@amer at Jan 27 19:26:19 ...
kernel:NMI watchdog: BUG: soft lockup - CPU#5 stuck for 26s! [swapper/5:0]
Message from syslogd@amer at Jan 27 19:26:19 ...
kernel:NMI watchdog: BUG: soft lockup - CPU#1 stuck for 27s!
[dmeventd:71548]
Message from syslogd@amer at Jan 27 19:27:30 ...
kernel:NMI watchdog: BUG: soft lockup - CPU#5 stuck for 22s!
[6_scheduler:64928]
Message from syslogd@amer at Jan 27 19:31:25 ...
kernel:NMI watchdog: BUG: soft lockup - CPU#5 stuck for 22s!
[ksoftirqd/5:34]
Message from syslogd@amer at Jan 27 19:32:42 ...
kernel:NMI watchdog: BUG: soft lockup - CPU#3 stuck for 33s!
[swift-object-up:11358]
Message from syslogd@amer at Jan 27 19:33:55 ...
kernel:NMI watchdog: BUG: soft lockup - CPU#3 stuck for 24s!
[dmeventd:71548]
Message from syslogd@amer at Jan 27 19:34:25 ...
kernel:NMI watchdog: BUG: soft lockup - CPU#2 stuck for 65s!
[kworker/2:0:59993]
Message from syslogd@amer at Jan 27 19:37:50 ...
kernel:NMI watchdog: BUG: soft lockup - CPU#2 stuck for 24s!
[kworker/u256:3:8447]
Message from syslogd@amer at Jan 27 19:37:50 ...
kernel:NMI watchdog: BUG: soft lockup - CPU#5 stuck for 22s!
[ksoftirqd/5:34]
Message from syslogd@amer at Jan 27 19:37:51 ...
kernel:NMI watchdog: BUG: soft lockup - CPU#0 stuck for 21s!
[systemd:11968]
The CPU has been disabled by the guest operating system. Power off or reset
the virtual machine.
snapshots attached
[image: Red Hat Enterprise Linux 7 64-bit (2)-2019-01-28-03-57-27.png]
[image: Red Hat Enterprise Linux 7 64-bit (2)-2019-01-28-04-26-41.png]
[image: working solution.JPG]
the last snapshot is from a successful installation of OSP 14 that
specifically says that Kernel is not compatible with Firmware (Bios).
I didn't test on Debian flavors but I think it's the same, the problem is
with RabbitMQ heart beats, when the server is disconnected it times out
causing this problem of kernel loop.
Thanks and Best regards
Amer
[Message part 2 (text/html, inline)]
[Red Hat Enterprise Linux 7 64-bit (2)-2019-01-28-03-57-27.png (image/png, inline)]
[Red Hat Enterprise Linux 7 64-bit (2)-2019-01-28-04-26-41.png (image/png, inline)]
[working solution.JPG (image/jpeg, inline)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 16 Jun 2019 07:26:44 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:30:38 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon
-2019-01-28-03-57-27.png;msg=31){kind=link}
-2019-01-28-04-26-41.png;msg=31){kind=link}
