Bug 735841 (CVE-2011-3341, CVE-2011-3342, CVE-2011-3343)

Summary: CVE-2011-3341 CVE-2011-3342 CVE-2011-3343 Security update available (in testing) for openttd
Product: [Other] Security Response Reporter: Bruno Wolff III <bruno>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: atorkhov, felix, jrusnack, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-20 15:11:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 736178    
Bug Blocks:    

Description Bruno Wolff III 2011-09-05 16:54:20 UTC 
Description of problem:
The following archive entry describes the issue:
http://www.openwall.com/lists/oss-security/2011/09/02/4
openTTD 1.1.3-RC1 is available now.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Vincent Danen 2011-09-06 22:16:02 UTC 
The following are the specifics of the vulnerabilities reported:

1.) Denial of service via improperly validated commands (CVE-2011-3341):

In multiple places in-game commands are not properly validated that allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

Vulnerability is present since 0.3.5 and will be fixed in the upcoming 1.1.3 release. Issue report at http://bugs.openttd.org/task/4745

2.) Buffer overflows in savegame loading (CVE-2011-3342):

In multiple places indices in savegames are not properly validated that allow (remote) attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

Vulnerability is present since 0.1.0 and will be fixed in the upcoming 1.1.3 release. Issue reports at http://bugs.openttd.org/task/4717 and http://bugs.openttd.org/task/4748

3.) Multiple buffer overflows in validation of external data (CVE-2011-3343):

In multiple places external data from the local file system isn't properly checked before allocating memory, which could lead to buffer overflows and arbitrary code execution.

Vulnerability is present since 0.3.4 and will be fixed in the upcoming 1.1.3 release. Issue reports at http://bugs.openttd.org/task/4746 and http://bugs.openttd.org/task/4747
Comment 2 Vincent Danen 2011-09-06 22:20:16 UTC 
Created openttd tracking bugs for this issue

Affects: fedora-all [bug 736178]
Comment 3 Felix Kaechele 2011-09-07 07:59:56 UTC 
Working on it.
Comment 4 Vincent Danen 2011-09-20 15:11:56 UTC 
Fedora updates have been released:

openttd-1.1.3-1.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/openttd-1.1.3-1.fc16

openttd-1.1.3-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/openttd-1.1.3-1.fc15

openttd-1.1.3-1.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/openttd-1.1.3-1.fc14