Bug 735841 - (CVE-2011-3341, CVE-2011-3342, CVE-2011-3343) CVE-2011-3341 CVE-2011-3342 CVE-2011-3343 Security update available (in testing) for openttd
CVE-2011-3341 CVE-2011-3342 CVE-2011-3343 Security update available (in testi...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
Unspecified Unspecified
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20110809,repo...
: Security
Depends On: 736178
Blocks:
  Show dependency treegraph
 
Reported: 2011-09-05 12:54 EDT by Bruno Wolff III
Modified: 2015-08-19 05:12 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-09-20 11:11:56 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bruno Wolff III 2011-09-05 12:54:20 EDT
Description of problem:
The following archive entry describes the issue:
http://www.openwall.com/lists/oss-security/2011/09/02/4
openTTD 1.1.3-RC1 is available now.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Vincent Danen 2011-09-06 18:16:02 EDT
The following are the specifics of the vulnerabilities reported:

1.) Denial of service via improperly validated commands (CVE-2011-3341):

In multiple places in-game commands are not properly validated that allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

Vulnerability is present since 0.3.5 and will be fixed in the upcoming 1.1.3 release. Issue report at http://bugs.openttd.org/task/4745

2.) Buffer overflows in savegame loading (CVE-2011-3342):

In multiple places indices in savegames are not properly validated that allow (remote) attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

Vulnerability is present since 0.1.0 and will be fixed in the upcoming 1.1.3 release. Issue reports at http://bugs.openttd.org/task/4717 and http://bugs.openttd.org/task/4748

3.) Multiple buffer overflows in validation of external data (CVE-2011-3343):

In multiple places external data from the local file system isn't properly checked before allocating memory, which could lead to buffer overflows and arbitrary code execution.

Vulnerability is present since 0.3.4 and will be fixed in the upcoming 1.1.3 release. Issue reports at http://bugs.openttd.org/task/4746 and http://bugs.openttd.org/task/4747
Comment 2 Vincent Danen 2011-09-06 18:20:16 EDT
Created openttd tracking bugs for this issue

Affects: fedora-all [bug 736178]
Comment 3 Felix Kaechele 2011-09-07 03:59:56 EDT
Working on it.
Comment 4 Vincent Danen 2011-09-20 11:11:56 EDT
Fedora updates have been released:

openttd-1.1.3-1.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/openttd-1.1.3-1.fc16

openttd-1.1.3-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/openttd-1.1.3-1.fc15

openttd-1.1.3-1.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/openttd-1.1.3-1.fc14

Note You need to log in before you can comment on or make changes to this bug.