Debian Bug report logs - #355211
freeciv-server: security hole

version graph

Package: freeciv-server; Maintainer for freeciv-server is Debian Games Team <pkg-games-devel@lists.alioth.debian.org>; Source for freeciv-server is src:freeciv.

Reported by: Jason Dorje Short <jdorje@users.sf.net>

Date: Sat, 4 Mar 2006 03:03:02 UTC

Severity: grave

Tags: patch, security

Found in versions freeciv-server/2.0.7-2, freeciv-server/2.0.1-1

Fixed in version freeciv/2.0.8-1

Done: Jordi Mallach <jordi@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>:
Bug#355211; Package freeciv-server. Full text and rfc822 format available.

Acknowledgement sent to Jason Dorje Short <jdorje@users.sf.net>:
New Bug report received and forwarded. Copy sent to Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Jason Dorje Short <jdorje@users.sf.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: freeciv-server: security hole
Date: Fri, 03 Mar 2006 21:29:40 -0500
Package: freeciv-server
Version: 2.0.7-2
Severity: important


Jordi -

There is a security hole in Freeciv 2.0 allowing a remote user to trigger a
server crash (it is unlikely anything more than a crashed civserver would
result from the hole).  This patch (which will be included in the upcoming
2.0.8 release) will fix it; I recommend you upload it and/or get ready for
2.0.8 in a couple of days.

Index: common/packets.c
===================================================================
--- common/packets.c    (revision 11709)
+++ common/packets.c    (working copy)
@@ -362,13 +362,13 @@
   }
 #endif

-  if (whole_packet_len > pc->buffer->ndata) {
+  if ((unsigned)whole_packet_len > pc->buffer->ndata) {
     return NULL;               /* not all data has been read */
   }

 #ifdef USE_COMPRESSION
   if (compressed_packet) {
-    int compressed_size = whole_packet_len - header_size;
+    uLong compressed_size = whole_packet_len - header_size;
     /*
      * We don't know the decompressed size. We assume a bad case
      * here: an expansion by an factor of 100.


-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages freeciv-server depends on:
ii  freeciv-data                  2.0.7-2    Civilization turn based strategy g
ii  libc6                         2.3.6-2    GNU C Library: Shared libraries an
ii  libreadline5                  5.1-6      GNU readline and history libraries
ii  zlib1g                        1:1.2.3-9  compression library - runtime

freeciv-server recommends no packages.

-- no debconf information



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>:
Bug#355211; Package freeciv-server. Full text and rfc822 format available.

Acknowledgement sent to Jason Dorje Short <jdorje@users.sf.net>:
Extra info received and forwarded to list. Copy sent to Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #10 received at 355211@bugs.debian.org (full text, mbox):

From: Jason Dorje Short <jdorje@users.sf.net>
To: Jason Dorje Short <jdorje@users.sourceforge.net>, 355211@bugs.debian.org
Subject: Re: [Pkg-freeciv-devel] Bug#355211: freeciv-server: security hole
Date: Fri, 03 Mar 2006 22:14:26 -0500
See PR#15762.



Tags added: security Request was from Jordi Mallach <jordi@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Bug marked as found in version 2.0.1-1. Request was from Jordi Mallach <jordi@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: patch, pending Request was from Jordi Mallach <jordi@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Severity set to `grave'. Request was from Jordi Mallach <jordi@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>:
Bug#355211; Package freeciv-server. Full text and rfc822 format available.

Acknowledgement sent to Martin Schulze <joey@infodrom.org>:
Extra info received and forwarded to list. Copy sent to Debian Freeciv Maintainers <pkg-freeciv-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #23 received at 355211@bugs.debian.org (full text, mbox):

From: Martin Schulze <joey@infodrom.org>
To: Jason Dorje Short <jdorje@users.sf.net>
Cc: Debian Bug Tracking System <355211@bugs.debian.org>
Subject: Re: freeciv-server: security hole
Date: Sat, 4 Mar 2006 21:34:36 +0100
Jason Dorje Short wrote:
> Package: freeciv-server
> Version: 2.0.7-2
> Severity: important
> 
> 
> Jordi -
> 
> There is a security hole in Freeciv 2.0 allowing a remote user to trigger a
> server crash (it is unlikely anything more than a crashed civserver would
> result from the hole).  This patch (which will be included in the upcoming
> 2.0.8 release) will fix it; I recommend you upload it and/or get ready for
> 2.0.8 in a couple of days.

Jason,

please mention CVE-2006-0047 in the changelog when you release the new
version.

CVE-2006-nnnn a unique identifier for a vulnerability in a software
package.  The database behind this is maintained at MITRE's Common
Vulnerabilities and Exposures project <http://cve.mitre.org/cve/>.
Details for such an id are available after a few days of quarantaine
at <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-nnnn>.

Many vendors (both propriatery and Free Software) participate in this
database and assign the id to vulnerability reports or updates they
produce.  These IDs help us security people generally for identifying
if a given package is fixed or if a given update fixes which problem.
Please mention this ID in the changelog and/or project announcements.

Regards,

	Joey

-- 
The MS-DOS filesystem is nice for removable media.  -- H. Peter Anvin

Please always Cc to me when replying to me on the lists.



Reply sent to Jordi Mallach <jordi@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Jason Dorje Short <jdorje@users.sf.net>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #28 received at 355211-close@bugs.debian.org (full text, mbox):

From: Jordi Mallach <jordi@debian.org>
To: 355211-close@bugs.debian.org
Subject: Bug#355211: fixed in freeciv 2.0.8-1
Date: Mon, 06 Mar 2006 01:47:08 -0800
Source: freeciv
Source-Version: 2.0.8-1

We believe that the bug you reported is fixed in the latest version of
freeciv, which is due to be installed in the Debian FTP archive:

freeciv-client-gtk_2.0.8-1_i386.deb
  to pool/main/f/freeciv/freeciv-client-gtk_2.0.8-1_i386.deb
freeciv-client-xaw3d_2.0.8-1_i386.deb
  to pool/main/f/freeciv/freeciv-client-xaw3d_2.0.8-1_i386.deb
freeciv-data_2.0.8-1_all.deb
  to pool/main/f/freeciv/freeciv-data_2.0.8-1_all.deb
freeciv-server_2.0.8-1_i386.deb
  to pool/main/f/freeciv/freeciv-server_2.0.8-1_i386.deb
freeciv_2.0.8-1.diff.gz
  to pool/main/f/freeciv/freeciv_2.0.8-1.diff.gz
freeciv_2.0.8-1.dsc
  to pool/main/f/freeciv/freeciv_2.0.8-1.dsc
freeciv_2.0.8.orig.tar.gz
  to pool/main/f/freeciv/freeciv_2.0.8.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 355211@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jordi Mallach <jordi@debian.org> (supplier of updated freeciv package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon,  6 Mar 2006 10:03:06 +0100
Source: freeciv
Binary: freeciv-client-gtk freeciv-data freeciv-client-xaw3d freeciv-server
Architecture: source all i386
Version: 2.0.8-1
Distribution: unstable
Urgency: high
Maintainer: Jordi Mallach <jordi@debian.org>
Changed-By: Jordi Mallach <jordi@debian.org>
Description: 
 freeciv-client-gtk - Civilization turn based strategy game (GTK+ client)
 freeciv-client-xaw3d - Civilization turn based strategy game (Xaw3D client)
 freeciv-data - Civilization turn based strategy game (game data)
 freeciv-server - Civilization turn based strategy game (server files)
Closes: 355211
Changes: 
 freeciv (2.0.8-1) unstable; urgency=high
 .
   * New upstream release.
     - [SECURITY: CVE-2006-0047] fixes a remote Denial of Service in
       civserver (closes: #355211).
   [ Clint Adams ]
   * debian/control, debian/rules: switch from dpatch to quilt.
Files: 
 a10a2e59ca4ef1b5a76ef5545a4e43b5 991 games optional freeciv_2.0.8-1.dsc
 7d597d59236cc0cc1cfaa0cbbda24bd4 11179195 games optional freeciv_2.0.8.orig.tar.gz
 9837af087aef9d8752595e4a91096177 45410 games optional freeciv_2.0.8-1.diff.gz
 f6a3ea4675d15d2a8c37044f1589055c 3910770 games optional freeciv-data_2.0.8-1_all.deb
 cfa375f04e0f31b3b3991b86ec8c2a85 447018 games optional freeciv-server_2.0.8-1_i386.deb
 b2e04b3d4a207c622c04e11a680ce563 376390 games optional freeciv-client-xaw3d_2.0.8-1_i386.deb
 fe1cd8cd97550c3f5b6bccffbda30c3f 411930 games optional freeciv-client-gtk_2.0.8-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFEDAGKJYSUupF6Il4RAnwFAJ9H6AWUlAQeyiSZSTLdfgCszbkjigCg8EXs
ZP+WhX9f60jho7kui7wesJA=
=NLn/
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 24 Jun 2007 14:34:58 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 08:35:08 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.