freeciv-server: security hole

Debian Bug report logs - #355211
freeciv-server: security hole

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Jason Dorje Short <jdorje@users.sf.net>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: freeciv-server: security hole

Date: Fri, 03 Mar 2006 21:29:40 -0500

Package: freeciv-server
Version: 2.0.7-2
Severity: important


Jordi -

There is a security hole in Freeciv 2.0 allowing a remote user to trigger a
server crash (it is unlikely anything more than a crashed civserver would
result from the hole).  This patch (which will be included in the upcoming
2.0.8 release) will fix it; I recommend you upload it and/or get ready for
2.0.8 in a couple of days.

Index: common/packets.c
===================================================================
--- common/packets.c    (revision 11709)
+++ common/packets.c    (working copy)
@@ -362,13 +362,13 @@
   }
 #endif

-  if (whole_packet_len > pc->buffer->ndata) {
+  if ((unsigned)whole_packet_len > pc->buffer->ndata) {
     return NULL;               /* not all data has been read */
   }

 #ifdef USE_COMPRESSION
   if (compressed_packet) {
-    int compressed_size = whole_packet_len - header_size;
+    uLong compressed_size = whole_packet_len - header_size;
     /*
      * We don't know the decompressed size. We assume a bad case
      * here: an expansion by an factor of 100.


-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages freeciv-server depends on:
ii  freeciv-data                  2.0.7-2    Civilization turn based strategy g
ii  libc6                         2.3.6-2    GNU C Library: Shared libraries an
ii  libreadline5                  5.1-6      GNU readline and history libraries
ii  zlib1g                        1:1.2.3-9  compression library - runtime

freeciv-server recommends no packages.

-- no debconf information

Message #10 received at 355211@bugs.debian.org (full text, mbox, reply):

From: Jason Dorje Short <jdorje@users.sf.net>

To: Jason Dorje Short <jdorje@users.sourceforge.net>, 355211@bugs.debian.org

Subject: Re: [Pkg-freeciv-devel] Bug#355211: freeciv-server: security hole

Date: Fri, 03 Mar 2006 22:14:26 -0500

See PR#15762.

Message #23 received at 355211@bugs.debian.org (full text, mbox, reply):

From: Martin Schulze <joey@infodrom.org>

To: Jason Dorje Short <jdorje@users.sf.net>

Cc: Debian Bug Tracking System <355211@bugs.debian.org>

Subject: Re: freeciv-server: security hole

Date: Sat, 4 Mar 2006 21:34:36 +0100

Jason Dorje Short wrote:
> Package: freeciv-server
> Version: 2.0.7-2
> Severity: important
> 
> 
> Jordi -
> 
> There is a security hole in Freeciv 2.0 allowing a remote user to trigger a
> server crash (it is unlikely anything more than a crashed civserver would
> result from the hole).  This patch (which will be included in the upcoming
> 2.0.8 release) will fix it; I recommend you upload it and/or get ready for
> 2.0.8 in a couple of days.

Jason,

please mention CVE-2006-0047 in the changelog when you release the new
version.

CVE-2006-nnnn a unique identifier for a vulnerability in a software
package.  The database behind this is maintained at MITRE's Common
Vulnerabilities and Exposures project <http://cve.mitre.org/cve/>.
Details for such an id are available after a few days of quarantaine
at <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-nnnn>.

Many vendors (both propriatery and Free Software) participate in this
database and assign the id to vulnerability reports or updates they
produce.  These IDs help us security people generally for identifying
if a given package is fixed or if a given update fixes which problem.
Please mention this ID in the changelog and/or project announcements.

Regards,

	Joey

-- 
The MS-DOS filesystem is nice for removable media.  -- H. Peter Anvin

Please always Cc to me when replying to me on the lists.

Message #28 received at 355211-close@bugs.debian.org (full text, mbox, reply):

From: Jordi Mallach <jordi@debian.org>

To: 355211-close@bugs.debian.org

Subject: Bug#355211: fixed in freeciv 2.0.8-1

Date: Mon, 06 Mar 2006 01:47:08 -0800

Source: freeciv
Source-Version: 2.0.8-1

We believe that the bug you reported is fixed in the latest version of
freeciv, which is due to be installed in the Debian FTP archive:

freeciv-client-gtk_2.0.8-1_i386.deb
  to pool/main/f/freeciv/freeciv-client-gtk_2.0.8-1_i386.deb
freeciv-client-xaw3d_2.0.8-1_i386.deb
  to pool/main/f/freeciv/freeciv-client-xaw3d_2.0.8-1_i386.deb
freeciv-data_2.0.8-1_all.deb
  to pool/main/f/freeciv/freeciv-data_2.0.8-1_all.deb
freeciv-server_2.0.8-1_i386.deb
  to pool/main/f/freeciv/freeciv-server_2.0.8-1_i386.deb
freeciv_2.0.8-1.diff.gz
  to pool/main/f/freeciv/freeciv_2.0.8-1.diff.gz
freeciv_2.0.8-1.dsc
  to pool/main/f/freeciv/freeciv_2.0.8-1.dsc
freeciv_2.0.8.orig.tar.gz
  to pool/main/f/freeciv/freeciv_2.0.8.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 355211@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jordi Mallach <jordi@debian.org> (supplier of updated freeciv package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon,  6 Mar 2006 10:03:06 +0100
Source: freeciv
Binary: freeciv-client-gtk freeciv-data freeciv-client-xaw3d freeciv-server
Architecture: source all i386
Version: 2.0.8-1
Distribution: unstable
Urgency: high
Maintainer: Jordi Mallach <jordi@debian.org>
Changed-By: Jordi Mallach <jordi@debian.org>
Description: 
 freeciv-client-gtk - Civilization turn based strategy game (GTK+ client)
 freeciv-client-xaw3d - Civilization turn based strategy game (Xaw3D client)
 freeciv-data - Civilization turn based strategy game (game data)
 freeciv-server - Civilization turn based strategy game (server files)
Closes: 355211
Changes: 
 freeciv (2.0.8-1) unstable; urgency=high
 .
   * New upstream release.
     - [SECURITY: CVE-2006-0047] fixes a remote Denial of Service in
       civserver (closes: #355211).
   [ Clint Adams ]
   * debian/control, debian/rules: switch from dpatch to quilt.
Files: 
 a10a2e59ca4ef1b5a76ef5545a4e43b5 991 games optional freeciv_2.0.8-1.dsc
 7d597d59236cc0cc1cfaa0cbbda24bd4 11179195 games optional freeciv_2.0.8.orig.tar.gz
 9837af087aef9d8752595e4a91096177 45410 games optional freeciv_2.0.8-1.diff.gz
 f6a3ea4675d15d2a8c37044f1589055c 3910770 games optional freeciv-data_2.0.8-1_all.deb
 cfa375f04e0f31b3b3991b86ec8c2a85 447018 games optional freeciv-server_2.0.8-1_i386.deb
 b2e04b3d4a207c622c04e11a680ce563 376390 games optional freeciv-client-xaw3d_2.0.8-1_i386.deb
 fe1cd8cd97550c3f5b6bccffbda30c3f 411930 games optional freeciv-client-gtk_2.0.8-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFEDAGKJYSUupF6Il4RAnwFAJ9H6AWUlAQeyiSZSTLdfgCszbkjigCg8EXs
ZP+WhX9f60jho7kui7wesJA=
=NLn/
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.