Paketname
freeciv
Datum
2006-07-31
Advisory ID
MDKSA-2006:135
Betroffene Versionen
2006.0 i586 , 2006.0 x86_64

Problembeschreibung

Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul
2006 and earlier, allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a (1) negative
chunk_length or a (2) large chunk->offset value in a
PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the
generic_handle_player_attribute_chunk function in common/packets.c, and
(3) a large packet->length value in the handle_unit_orders function in
server/unithand.c.

The updated packages have been patched to fix this issue.

Aktualisierte Pakete

2006.0 i586

 5ddab58ab94283b8c4398875a2a845de  2006.0/RPMS/freeciv-client-2.0.4-2.2.20060mdk.i586.rpm
 218f597230b3435da9a41a6cc1f27826  2006.0/RPMS/freeciv-data-2.0.4-2.2.20060mdk.i586.rpm
 ee661fb04809a50f893342ac350dfc3f  2006.0/RPMS/freeciv-server-2.0.4-2.2.20060mdk.i586.rpm
 73be75ec52570bc9a58eed1f94916135  2006.0/SRPMS/freeciv-2.0.4-2.2.20060mdk.src.rpm

2006.0 x86_64

 5c0a814a9abb1d374837141815fccb7a  x86_64/2006.0/RPMS/freeciv-client-2.0.4-2.2.20060mdk.x86_64.rpm
 454360b2ce12207760c7e4325c8e5c3f  x86_64/2006.0/RPMS/freeciv-data-2.0.4-2.2.20060mdk.x86_64.rpm
 dea806eb51d3c13f893a3adcd9866f85  x86_64/2006.0/RPMS/freeciv-server-2.0.4-2.2.20060mdk.x86_64.rpm
 73be75ec52570bc9a58eed1f94916135  x86_64/2006.0/SRPMS/freeciv-2.0.4-2.2.20060mdk.src.rpm

Referenzen