Debian Bug report logs -
#310468
lbreakout2: Multiple security problems in lbreakout
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Mon, 23 May 2005 19:48:09 UTC
Severity: grave
Tags: patch, security
Fixed in version lbreakout2/2.5.2-2
Done: Steve Langasek <vorlon@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, security@debian.org, Daniel Burrows <dburrows@debian.org>:
Bug#310468; Package lbreakout2.
(full text, mbox, link).
Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to security@debian.org, Daniel Burrows <dburrows@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: lbreakout2
Severity: grave
Tags: security patch
Justification: user security hole
[ Details are sparse about this one, if you come to the conclusion that
this is not RC, then please lower severity, but I assume it is. ]
[ Woody might be affected as well, I haven't checked that yet ]
>From the 2.6beta changelog:
- security issue fixed: bad sprintf/scanf calls could lead to crashes
or potential security problems (05/02/14 U.H.)
There is no further information and upstream's website is very sparse
and there's no mailing list or anything like that, so I had a look
at the rather largish diff between 2.5.2 and 2.6beta and reviewed it
for possibly security relevant changes, which you can find attached.
At least a buffer overflow in highscore handling (should be writable by
arbitrary users) and the missing format strings in network multiplayer
handling code seem exploitable as lbreakout runs as setgid games.
Please review the diff and upload a fixed package to t-p-u, if you agree.
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
[lbreakout2-security.diff (text/x-c, attachment)]
Tags added: sarge, sid
Request was from Daniel Burrows <dburrows@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Reply sent to Daniel Burrows <dburrows@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #12 received at 310468-close@bugs.debian.org (full text, mbox, reply):
Source: lbreakout2
Source-Version: 2.5.2-2
We believe that the bug you reported is fixed in the latest version of
lbreakout2, which is due to be installed in the Debian FTP archive:
lbreakout2-data_2.5.2-2_all.deb
to pool/main/l/lbreakout2/lbreakout2-data_2.5.2-2_all.deb
lbreakout2_2.5.2-2.diff.gz
to pool/main/l/lbreakout2/lbreakout2_2.5.2-2.diff.gz
lbreakout2_2.5.2-2.dsc
to pool/main/l/lbreakout2/lbreakout2_2.5.2-2.dsc
lbreakout2_2.5.2-2_i386.deb
to pool/main/l/lbreakout2/lbreakout2_2.5.2-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 310468@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Burrows <dburrows@debian.org> (supplier of updated lbreakout2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 24 May 2005 18:52:21 -0700
Source: lbreakout2
Binary: lbreakout2 lbreakout2-data
Architecture: source i386 all
Version: 2.5.2-2
Distribution: unstable
Urgency: high
Maintainer: Daniel Burrows <dburrows@debian.org>
Changed-By: Daniel Burrows <dburrows@debian.org>
Description:
lbreakout2 - A ball-and-paddle game with nice graphics
lbreakout2-data - A ball-and-paddle game with nice graphics (DATA FILES)
Closes: 310468
Changes:
lbreakout2 (2.5.2-2) unstable; urgency=high
.
* Apply backported security fixes for bad usage of s*printf/scanf.
Thanks to Moritz Muehlenhoff for spotting the problem in the upstream
changelog and for sifting through the diff to find the relevant fixes. (Closes: #310468)
Files:
25c5fe1e3fcb0ec43af3d6d2c62ffd16 657 games optional lbreakout2_2.5.2-2.dsc
b035faa2bde554f6b313313e7e9eea46 21172 games optional lbreakout2_2.5.2-2.diff.gz
118709987dc7204a4f140b905c741c56 2445372 games optional lbreakout2-data_2.5.2-2_all.deb
2a1690562a4852079827df86f68f12ca 226802 games optional lbreakout2_2.5.2-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCk+Dpch6xsM7kSXgRAnAjAKDNrSjxAoIFc952i3UcNBuyR1rIIQCgx6ii
ChXJOr5FHj9uKp73MgVwuKo=
=sHRh
-----END PGP SIGNATURE-----
Bug reopened, originator not changed.
Request was from Daniel Burrows <dburrows@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Tags removed: sid
Request was from Daniel Burrows <dburrows@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Tags removed: sarge
Request was from Steve Langasek <vorlon@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Bug closed, send any further explanations to Moritz Muehlenhoff <jmm@inutil.org>
Request was from Steve Langasek <vorlon@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Tue Aug 14 22:46:18 2018;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.