A denial of service flaw was found in the way the server component of Freeciv, a turn-based, multi-player, X based strategy game, processed certain packets (invalid packets with whole packet length lower than packet header size or syntactically valid packets, but whose processing would lead to an infinite loop). A remote attacker could send a specially-crafted packet that, when processed would lead to freeciv server to terminate (due to memory exhaustion) or become unresponsive (due to excessive CPU use). References: [1] http://aluigi.altervista.org/adv/freecivet-adv.txt [2] https://bugs.gentoo.org/show_bug.cgi?id=447490 [3] http://freeciv.wikia.com/wiki/NEWS-2.3.3 Upstream bug report: [4] http://gna.org/bugs/?20003 Relevant patch (against trunk): [5] http://svn.gna.org/viewcvs/freeciv?view=revision&revision=21670
This issue affects the versions of the freeciv package, as shipped with Fedora release of 16 and 17. Please schedule an update.
Created freeciv tracking bugs for this issue Affects: fedora-all [bug 888333]
CVE Request: [6] http://www.openwall.com/lists/oss-security/2012/12/18/2
The CVE identifier of CVE-2012-5645 has been assigned to this issue: http://www.openwall.com/lists/oss-security/2012/12/18/5
freeciv-2.3.3-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
freeciv-2.3.3-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.