GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Nov 15, 2007 12:26 am Post subject: [ GLSA 200711-20 ] Pioneers: Multiple Denials of Service |
 |
|
Gentoo Linux Security Advisory
Title: Pioneers: Multiple Denials of Service (GLSA 200711-20)
Severity: normal
Exploitable: remote
Date: November 14, 2007
Updated: November 29, 2007
Bug(s): #198807
ID: 200711-20
Synopsis
Two Denial of Service vulnerabilities were discovered in Pioneers.
Background
Pioneers (formerly gnocatan) is a clone of the popular board game "The
Settlers of Catan".
Affected Packages
Package: games-board/pioneers
Vulnerable: < 0.11.3-r1
Unaffected: >= 0.11.3-r1
Architectures: All supported architectures
Description
Roland Clobus discovered that the Pioneers server may free sessions
objects while they are still in use, resulting in access to invalid
memory zones (CVE-2007-5933). Bas Wijnen discovered an error when
closing connections which can lead to a failed assertion
(CVE-2007-6010).
Impact
A remote attacker could send specially crafted data to the vulnerable
server, resulting in a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All Pioneers users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=games-board/pioneers-0.11.3-r1" |
References
CVE-2007-5933
CVE-2007-6010
Last edited by GLSA on Wed May 23, 2012 4:24 am; edited 3 times in total |
|
News & Announcements
