opensuse-su-2019:1793-1
Vulnerability from csaf_opensuse
Published
2019-07-23 11:22
Modified
2019-07-23 11:22
Summary
Security update for teeworlds
Notes
Title of the patch
Security update for teeworlds
Description of the patch
This update for teeworlds fixes the following issues:
- CVE-2019-10879: An integer overflow in CDataFileReader::Open() could have lead to a buffer overflow and possibly remote code execution, because size-related multiplications were mishandled. (boo#1131729)
- CVE-2019-10878: A failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions could have lead to an arbitrary free and out-of-bounds pointer write, possibly resulting in remote code execution.
- CVE-2019-10877: An integer overflow in CMap::Load() could have lead to a buffer overflow, because multiplication of width and height were mishandled.
- CVE-2018-18541: Connection packets could have been forged. There was no challenge-response involved in the connection build up. A remote attacker could have sent connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets. (boo#1112910)
- Update to version 0.7.3.1
* Colorful gametype and level icons in the browser instead of
grayscale.
* Add an option to use raw mouse inputs, revert to (0.6) relative
mode by default.
* Demo list marker indicator.
* Restore ingame Player and Tee menus, add a warning that a
reconnect is needed.
* Emotes can now be cancelled by releasing the mouse in the
middle of the circle.
* Improve add friend text.
* Add a confirmation for removing a filter
* Add a 'click a player to follow' hint
* Also hint players which key they should press to set themselves
ready.
* fixed using correct array measurements when placing egg doodads
* fixed demo recorder downloaded maps using the sha256 hash
* show correct game release version in the start menu and console
* Fix platform-specific client libraries for Linux
* advanced scoreboard with game statistics
* joystick support (experimental!)
* copy paste (one-way)
* bot cosmetics (a visual difference between players and NPCs)
* chat commands (type / in chat)
* players can change skin without leaving the server (again)
* live automapper and complete rules for 0.7 tilesets
* audio toggling HUD
* an Easter surprise...
* new gametypes: 'last man standing' (LMS) and 'last team standing'
(LTS). survive by your own or as a team with limited weaponry
* 64 players support. official gametypes are still restricted to 16
players maximum but allow more spectators
* new skin system. build your own skins based on a variety of
provided parts
* enhanced security. all communications require a handshake and use
a token to counter spoofing and reflection attacks
* new maps: ctf8, dm3, lms1. Click to discover them!
* animated background menu map: jungle, heavens (day/night themes,
customisable in the map editor)
* new design for the menus: added start menus, reworked server
browser, settings
* customisable gametype icons (browser). make your own!
* chat overhaul, whispers (private messages)
* composed binds (ctrl+, shift+, alt+)
* scoreboard remodelled, now shows kills/deaths
* demo markers
* master server list cache (in case the masters are unreachable)
* input separated from rendering (optimisation)
* upgrade to SDL2. support for multiple monitors, non-english
keyboards, and more
* broadcasts overhaul, optional colours support
* ready system, for competitive settings
* server difficulty setting (casual, competitive, normal), shown in
the browser
* spectator mode improvements: follow flags, click on players
* bot flags for modified servers: indicate NPCs, can be filtered out
in the server browser
* sharper graphics all around (no more tileset_borderfix and dilate)
* refreshed the HUD, ninja cooldown, new mouse cursor
* mapres update (higher resolution, fixes...)
Patchnames
openSUSE-2019-1793
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for teeworlds",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for teeworlds fixes the following issues:\n\n- CVE-2019-10879: An integer overflow in CDataFileReader::Open() could have lead to a buffer overflow and possibly remote code execution, because size-related multiplications were mishandled. (boo#1131729)\n- CVE-2019-10878: A failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions could have lead to an arbitrary free and out-of-bounds pointer write, possibly resulting in remote code execution.\n- CVE-2019-10877: An integer overflow in CMap::Load() could have lead to a buffer overflow, because multiplication of width and height were mishandled.\n- CVE-2018-18541: Connection packets could have been forged. There was no challenge-response involved in the connection build up. A remote attacker could have sent connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets. (boo#1112910)\n\n- Update to version 0.7.3.1\n * Colorful gametype and level icons in the browser instead of\n grayscale.\n * Add an option to use raw mouse inputs, revert to (0.6) relative\n mode by default.\n * Demo list marker indicator.\n * Restore ingame Player and Tee menus, add a warning that a\n reconnect is needed.\n * Emotes can now be cancelled by releasing the mouse in the\n middle of the circle.\n * Improve add friend text.\n * Add a confirmation for removing a filter\n * Add a \u0027click a player to follow\u0027 hint\n * Also hint players which key they should press to set themselves\n ready.\n * fixed using correct array measurements when placing egg doodads\n * fixed demo recorder downloaded maps using the sha256 hash\n * show correct game release version in the start menu and console\n * Fix platform-specific client libraries for Linux\n * advanced scoreboard with game statistics\n * joystick support (experimental!)\n * copy paste (one-way)\n * bot cosmetics (a visual difference between players and NPCs)\n * chat commands (type / in chat)\n * players can change skin without leaving the server (again)\n * live automapper and complete rules for 0.7 tilesets\n * audio toggling HUD\n * an Easter surprise...\n * new gametypes: \u0027last man standing\u0027 (LMS) and \u0027last team standing\u0027\n (LTS). survive by your own or as a team with limited weaponry\n * 64 players support. official gametypes are still restricted to 16\n players maximum but allow more spectators\n * new skin system. build your own skins based on a variety of\n provided parts\n * enhanced security. all communications require a handshake and use\n a token to counter spoofing and reflection attacks\n * new maps: ctf8, dm3, lms1. Click to discover them!\n * animated background menu map: jungle, heavens (day/night themes,\n customisable in the map editor)\n * new design for the menus: added start menus, reworked server\n browser, settings\n * customisable gametype icons (browser). make your own!\n * chat overhaul, whispers (private messages)\n * composed binds (ctrl+, shift+, alt+)\n * scoreboard remodelled, now shows kills/deaths\n * demo markers\n * master server list cache (in case the masters are unreachable)\n * input separated from rendering (optimisation)\n * upgrade to SDL2. support for multiple monitors, non-english\n keyboards, and more\n * broadcasts overhaul, optional colours support\n * ready system, for competitive settings\n * server difficulty setting (casual, competitive, normal), shown in\n the browser\n * spectator mode improvements: follow flags, click on players\n * bot flags for modified servers: indicate NPCs, can be filtered out\n in the server browser\n * sharper graphics all around (no more tileset_borderfix and dilate)\n * refreshed the HUD, ninja cooldown, new mouse cursor\n * mapres update (higher resolution, fixes...)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1793",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1793-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1793-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CR2IUNRFXJC6NRJKQUUDA2UXIVJTXQQV/#CR2IUNRFXJC6NRJKQUUDA2UXIVJTXQQV"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1793-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CR2IUNRFXJC6NRJKQUUDA2UXIVJTXQQV/#CR2IUNRFXJC6NRJKQUUDA2UXIVJTXQQV"
},
{
"category": "self",
"summary": "SUSE Bug 1112910",
"url": "https://bugzilla.suse.com/1112910"
},
{
"category": "self",
"summary": "SUSE Bug 1131729",
"url": "https://bugzilla.suse.com/1131729"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18541 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18541/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10877 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10878 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10879 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10879/"
}
],
"title": "Security update for teeworlds",
"tracking": {
"current_release_date": "2019-07-23T11:22:31Z",
"generator": {
"date": "2019-07-23T11:22:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1793-1",
"initial_release_date": "2019-07-23T11:22:31Z",
"revision_history": [
{
"date": "2019-07-23T11:22:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "teeworlds-0.7.3.1-lp151.2.3.1.x86_64",
"product": {
"name": "teeworlds-0.7.3.1-lp151.2.3.1.x86_64",
"product_id": "teeworlds-0.7.3.1-lp151.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "teeworlds-0.7.3.1-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"
},
"product_reference": "teeworlds-0.7.3.1-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-18541",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18541"
}
],
"notes": [
{
"category": "general",
"text": "In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18541",
"url": "https://www.suse.com/security/cve/CVE-2018-18541"
},
{
"category": "external",
"summary": "SUSE Bug 1112910 for CVE-2018-18541",
"url": "https://bugzilla.suse.com/1112910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-23T11:22:31Z",
"details": "important"
}
],
"title": "CVE-2018-18541"
},
{
"cve": "CVE-2019-10877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10877"
}
],
"notes": [
{
"category": "general",
"text": "In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in engine/shared/map.cpp that can lead to a buffer overflow, because multiplication of width and height is mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10877",
"url": "https://www.suse.com/security/cve/CVE-2019-10877"
},
{
"category": "external",
"summary": "SUSE Bug 1131731 for CVE-2019-10877",
"url": "https://bugzilla.suse.com/1131731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-23T11:22:31Z",
"details": "moderate"
}
],
"title": "CVE-2019-10877"
},
{
"cve": "CVE-2019-10878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10878"
}
],
"notes": [
{
"category": "general",
"text": "In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions in engine/shared/datafile.cpp that can lead to an arbitrary free and out-of-bounds pointer write, possibly resulting in remote code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10878",
"url": "https://www.suse.com/security/cve/CVE-2019-10878"
},
{
"category": "external",
"summary": "SUSE Bug 1131730 for CVE-2019-10878",
"url": "https://bugzilla.suse.com/1131730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-23T11:22:31Z",
"details": "moderate"
}
],
"title": "CVE-2019-10878"
},
{
"cve": "CVE-2019-10879",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10879"
}
],
"notes": [
{
"category": "general",
"text": "In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::Open() in engine/shared/datafile.cpp that can lead to a buffer overflow and possibly remote code execution, because size-related multiplications are mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10879",
"url": "https://www.suse.com/security/cve/CVE-2019-10879"
},
{
"category": "external",
"summary": "SUSE Bug 1131729 for CVE-2019-10879",
"url": "https://bugzilla.suse.com/1131729"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-23T11:22:31Z",
"details": "moderate"
}
],
"title": "CVE-2019-10879"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…