Bug 192983
Summary: | CVE-2006-2575 Remote termination security issue | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jason Tibbitts <j> | ||||
Component: | netpanzer | Assignee: | Hugo Cisneiros <hugo> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 5 | CC: | extras-qa, fedora-security-list | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://www.securityfocus.com/archive/1/434908/30/0/threaded | ||||||
Whiteboard: | |||||||
Fixed In Version: | 0.8-4 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2006-06-14 13:17:29 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Jason Tibbitts
2006-05-24 16:48:54 UTC
I'm not sure if I'd call a game that terminates unexpectedly a security risk. But, to fix we should probably find out what values for FrameNum are acceptable and who is causing the problem to fail the ASSERT(). (In reply to comment #1) > I'm not sure if I'd call a game that terminates unexpectedly a security risk. Any less than we'd call a web server that terminates unexpectedly a security risk? But hey, if folks want to agree that we don't add remote termination issues for "noncritical" applications (along with a definition of just what is considered noncritical) then I'll abide by that. Does the perception change if a CVE is issued? Any fixes would be good to include. I'm currently watching this issue, as I am not a good programmer, I can't look at the source code at the time. However I'll try to make some efforts on this. If you have any updates, tell me. Regarding bug #192990, I'll look, make a patch from svn and update the release. Thanks for the attention. Created attachment 130628 [details]
Patch fixing this CVE
Since no-one else was doing it I've taken a look at this, with as a result the
attached patch which fixes this.
I confirmed the crash with the exploit given in the URL above, and checked that
it no longer crashes with this patch.
I however didnot check if this influences play in anyway, someone who actually
plays the game should test this, especially the flag selection for a player.
Although I believe that there should be no influence.
p.s.
Whats going on with getting the fix for the other vulnerability from SVN?
Package fixed. Closing. Thanks! |