Debian Bug report logs -
#355211
freeciv-server: security hole
Reported by: Jason Dorje Short <jdorje@users.sf.net>
Date: Sat, 4 Mar 2006 03:03:02 UTC
Severity: grave
Tags: patch, security
Found in versions freeciv-server/2.0.7-2, freeciv-server/2.0.1-1
Fixed in version freeciv/2.0.8-1
Done: Jordi Mallach <jordi@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>
:
Bug#355211
; Package freeciv-server
.
(full text, mbox, link).
Acknowledgement sent to Jason Dorje Short <jdorje@users.sf.net>
:
New Bug report received and forwarded. Copy sent to Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: freeciv-server
Version: 2.0.7-2
Severity: important
Jordi -
There is a security hole in Freeciv 2.0 allowing a remote user to trigger a
server crash (it is unlikely anything more than a crashed civserver would
result from the hole). This patch (which will be included in the upcoming
2.0.8 release) will fix it; I recommend you upload it and/or get ready for
2.0.8 in a couple of days.
Index: common/packets.c
===================================================================
--- common/packets.c (revision 11709)
+++ common/packets.c (working copy)
@@ -362,13 +362,13 @@
}
#endif
- if (whole_packet_len > pc->buffer->ndata) {
+ if ((unsigned)whole_packet_len > pc->buffer->ndata) {
return NULL; /* not all data has been read */
}
#ifdef USE_COMPRESSION
if (compressed_packet) {
- int compressed_size = whole_packet_len - header_size;
+ uLong compressed_size = whole_packet_len - header_size;
/*
* We don't know the decompressed size. We assume a bad case
* here: an expansion by an factor of 100.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages freeciv-server depends on:
ii freeciv-data 2.0.7-2 Civilization turn based strategy g
ii libc6 2.3.6-2 GNU C Library: Shared libraries an
ii libreadline5 5.1-6 GNU readline and history libraries
ii zlib1g 1:1.2.3-9 compression library - runtime
freeciv-server recommends no packages.
-- no debconf information
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>
:
Bug#355211
; Package freeciv-server
.
(full text, mbox, link).
Acknowledgement sent to Jason Dorje Short <jdorje@users.sf.net>
:
Extra info received and forwarded to list. Copy sent to Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>
.
(full text, mbox, link).
Message #10 received at 355211@bugs.debian.org (full text, mbox, reply):
See PR#15762.
Tags added: security
Request was from Jordi Mallach <jordi@debian.org>
to control@bugs.debian.org
.
(full text, mbox, link).
Bug marked as found in version 2.0.1-1.
Request was from Jordi Mallach <jordi@debian.org>
to control@bugs.debian.org
.
(full text, mbox, link).
Tags added: patch, pending
Request was from Jordi Mallach <jordi@debian.org>
to control@bugs.debian.org
.
(full text, mbox, link).
Severity set to `grave'.
Request was from Jordi Mallach <jordi@debian.org>
to control@bugs.debian.org
.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>
:
Bug#355211
; Package freeciv-server
.
(full text, mbox, link).
Acknowledgement sent to Martin Schulze <joey@infodrom.org>
:
Extra info received and forwarded to list. Copy sent to Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>
.
(full text, mbox, link).
Message #23 received at 355211@bugs.debian.org (full text, mbox, reply):
Jason Dorje Short wrote:
> Package: freeciv-server
> Version: 2.0.7-2
> Severity: important
>
>
> Jordi -
>
> There is a security hole in Freeciv 2.0 allowing a remote user to trigger a
> server crash (it is unlikely anything more than a crashed civserver would
> result from the hole). This patch (which will be included in the upcoming
> 2.0.8 release) will fix it; I recommend you upload it and/or get ready for
> 2.0.8 in a couple of days.
Jason,
please mention CVE-2006-0047 in the changelog when you release the new
version.
CVE-2006-nnnn a unique identifier for a vulnerability in a software
package. The database behind this is maintained at MITRE's Common
Vulnerabilities and Exposures project <http://cve.mitre.org/cve/>.
Details for such an id are available after a few days of quarantaine
at <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-nnnn>.
Many vendors (both propriatery and Free Software) participate in this
database and assign the id to vulnerability reports or updates they
produce. These IDs help us security people generally for identifying
if a given package is fixed or if a given update fixes which problem.
Please mention this ID in the changelog and/or project announcements.
Regards,
Joey
--
The MS-DOS filesystem is nice for removable media. -- H. Peter Anvin
Please always Cc to me when replying to me on the lists.
Reply sent to Jordi Mallach <jordi@debian.org>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Jason Dorje Short <jdorje@users.sf.net>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #28 received at 355211-close@bugs.debian.org (full text, mbox, reply):
Source: freeciv
Source-Version: 2.0.8-1
We believe that the bug you reported is fixed in the latest version of
freeciv, which is due to be installed in the Debian FTP archive:
freeciv-client-gtk_2.0.8-1_i386.deb
to pool/main/f/freeciv/freeciv-client-gtk_2.0.8-1_i386.deb
freeciv-client-xaw3d_2.0.8-1_i386.deb
to pool/main/f/freeciv/freeciv-client-xaw3d_2.0.8-1_i386.deb
freeciv-data_2.0.8-1_all.deb
to pool/main/f/freeciv/freeciv-data_2.0.8-1_all.deb
freeciv-server_2.0.8-1_i386.deb
to pool/main/f/freeciv/freeciv-server_2.0.8-1_i386.deb
freeciv_2.0.8-1.diff.gz
to pool/main/f/freeciv/freeciv_2.0.8-1.diff.gz
freeciv_2.0.8-1.dsc
to pool/main/f/freeciv/freeciv_2.0.8-1.dsc
freeciv_2.0.8.orig.tar.gz
to pool/main/f/freeciv/freeciv_2.0.8.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 355211@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jordi Mallach <jordi@debian.org> (supplier of updated freeciv package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 6 Mar 2006 10:03:06 +0100
Source: freeciv
Binary: freeciv-client-gtk freeciv-data freeciv-client-xaw3d freeciv-server
Architecture: source all i386
Version: 2.0.8-1
Distribution: unstable
Urgency: high
Maintainer: Jordi Mallach <jordi@debian.org>
Changed-By: Jordi Mallach <jordi@debian.org>
Description:
freeciv-client-gtk - Civilization turn based strategy game (GTK+ client)
freeciv-client-xaw3d - Civilization turn based strategy game (Xaw3D client)
freeciv-data - Civilization turn based strategy game (game data)
freeciv-server - Civilization turn based strategy game (server files)
Closes: 355211
Changes:
freeciv (2.0.8-1) unstable; urgency=high
.
* New upstream release.
- [SECURITY: CVE-2006-0047] fixes a remote Denial of Service in
civserver (closes: #355211).
[ Clint Adams ]
* debian/control, debian/rules: switch from dpatch to quilt.
Files:
a10a2e59ca4ef1b5a76ef5545a4e43b5 991 games optional freeciv_2.0.8-1.dsc
7d597d59236cc0cc1cfaa0cbbda24bd4 11179195 games optional freeciv_2.0.8.orig.tar.gz
9837af087aef9d8752595e4a91096177 45410 games optional freeciv_2.0.8-1.diff.gz
f6a3ea4675d15d2a8c37044f1589055c 3910770 games optional freeciv-data_2.0.8-1_all.deb
cfa375f04e0f31b3b3991b86ec8c2a85 447018 games optional freeciv-server_2.0.8-1_i386.deb
b2e04b3d4a207c622c04e11a680ce563 376390 games optional freeciv-client-xaw3d_2.0.8-1_i386.deb
fe1cd8cd97550c3f5b6bccffbda30c3f 411930 games optional freeciv-client-gtk_2.0.8-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFEDAGKJYSUupF6Il4RAnwFAJ9H6AWUlAQeyiSZSTLdfgCszbkjigCg8EXs
ZP+WhX9f60jho7kui7wesJA=
=NLn/
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 24 Jun 2007 14:34:58 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:48:39 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.