OpenTTD, a transportation business simulation game, is found to have a missing validation that allows remote attackers to cause a denial of service (crash) by forcefully crashing aircraft near the corner of the map. This triggers a corner case where data outside of the allocated map array is accessed. The issue is said to be fixed in OpenTTD 1.3.3. References: http://seclists.org/oss-sec/2013/q4/372 http://bugs.openttd.org/task/5820
Created openttd tracking bugs for this issue: Affects: fedora-all [bug 1035992]
openttd-1.3.3-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
openttd-1.3.3-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
openttd-1.3.3-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.