[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fedora] Schwachstelle in Dopewars - FEDORA-2009-10439
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Liebe Kolleginnen und Kollegen,
soeben erreichte uns nachfolgendes Fedora Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.
CVE-2009-3591 - Schwachstelle in Dopewars
In Dopewars werden REQUESTJET Nachrichten die auf unzulaessige Ziele
zugreifen nicht korrekt gefiltert und koennen einen Speicherfehler
ausloesen (Segmentation Fault).Diese Schwachstelle kann ueber das Netz
fuer Denial of Service Angriffe ausgenutzt werden.
Betroffen sind die folgenden Software Pakete und Plattformen:
Paket dopewars
Fedora 10
Fedora 11
Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.
Hersteller Advisory:
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00313.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00370.html
(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.
Mit freundlichen Gruessen,
Detlev O. Matthies
- --
Detlev O. Matthies, M.Sc. (Incident Response Team)
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
Automatische Warnmeldungen https://www.cert.dfn.de/autowarn
- --------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-10439
2009-10-14 00:46:44
- --------------------------------------------------------------------------------
Name : dopewars
Product : Fedora 11
Version : 1.5.12
Release : 8.1033svn.fc11
URL : http://dopewars.sourceforge.net/
Summary : A drug dealing game
Description :
Based on John E. Dell's old Drug Wars game, dopewars is a simulation of an
imaginary drug market. dopewars is an All-American game which features
buying, selling, and trying to get past the cops!
The first thing you need to do is pay off your debt to the Loan Shark. After
that, your goal is to make as much money as possible (and stay alive)! You
have one month of game time to make your fortune.
dopewars supports multiple players via. TCP/IP. Chatting to and fighting
with other players (computer or human) is supported; check the command line
switches (via dopewars -h) for further information.
- --------------------------------------------------------------------------------
Update Information:
Fix DoS.
- --------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 9 2009 Jussi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 1.5.12-8.1033svn
- - Update to svn release to address security issues.
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.5.12-7
- - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
- --------------------------------------------------------------------------------
References:
[ 1 ] Bug #528081 - CVE-2009-3591 dopewars: DoS via REQUESTJET message with an invalid location
https://bugzilla.redhat.com/show_bug.cgi?id=528081
- --------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update dopewars' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
- --------------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFK1cc3k0kIxZMiiQ8RAv/OAJwMn7jFXXu88ycwGmUsly/B2F7WYwCfZCpJ
1WMoQ11IlIfhe9hZvh+mJkM=
=DdEd
-----END PGP SIGNATURE-----