Security update for teeworlds SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1999-1 Final 1 1 2019-08-24T10:20:03Z current 2019-08-24T10:20:03Z 2019-08-24T10:20:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for teeworlds This update for teeworlds fixes the following issues: - CVE-2019-10879: An integer overflow in CDataFileReader::Open() could have lead to a buffer overflow and possibly remote code execution, because size-related multiplications were mishandled. (boo#1131729) - CVE-2019-10878: A failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions could have lead to an arbitrary free and out-of-bounds pointer write, possibly resulting in remote code execution. - CVE-2019-10877: An integer overflow in CMap::Load() could have lead to a buffer overflow, because multiplication of width and height were mishandled. - CVE-2018-18541: Connection packets could have been forged. There was no challenge-response involved in the connection build up. A remote attacker could have sent connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets. (boo#1112910) - Update to version 0.7.3.1 * Colorful gametype and level icons in the browser instead of grayscale. * Add an option to use raw mouse inputs, revert to (0.6) relative mode by default. * Demo list marker indicator. * Restore ingame Player and Tee menus, add a warning that a reconnect is needed. * Emotes can now be cancelled by releasing the mouse in the middle of the circle. * Improve add friend text. * Add a confirmation for removing a filter * Add a 'click a player to follow' hint * Also hint players which key they should press to set themselves ready. * fixed using correct array measurements when placing egg doodads * fixed demo recorder downloaded maps using the sha256 hash * show correct game release version in the start menu and console * Fix platform-specific client libraries for Linux * advanced scoreboard with game statistics * joystick support (experimental!) * copy paste (one-way) * bot cosmetics (a visual difference between players and NPCs) * chat commands (type / in chat) * players can change skin without leaving the server (again) * live automapper and complete rules for 0.7 tilesets * audio toggling HUD * an Easter surprise... * new gametypes: 'last man standing' (LMS) and 'last team standing' (LTS). survive by your own or as a team with limited weaponry * 64 players support. official gametypes are still restricted to 16 players maximum but allow more spectators * new skin system. build your own skins based on a variety of provided parts * enhanced security. all communications require a handshake and use a token to counter spoofing and reflection attacks * new maps: ctf8, dm3, lms1. Click to discover them! * animated background menu map: jungle, heavens (day/night themes, customisable in the map editor) * new design for the menus: added start menus, reworked server browser, settings * customisable gametype icons (browser). make your own! * chat overhaul, whispers (private messages) * composed binds (ctrl+, shift+, alt+) * scoreboard remodelled, now shows kills/deaths * demo markers * master server list cache (in case the masters are unreachable) * input separated from rendering (optimisation) * upgrade to SDL2. support for multiple monitors, non-english keyboards, and more * broadcasts overhaul, optional colours support * ready system, for competitive settings * server difficulty setting (casual, competitive, normal), shown in the browser * spectator mode improvements: follow flags, click on players * bot flags for modified servers: indicate NPCs, can be filtered out in the server browser * sharper graphics all around (no more tileset_borderfix and dilate) * refreshed the HUD, ninja cooldown, new mouse cursor * mapres update (higher resolution, fixes...) This update was imported from the openSUSE:Leap:15.1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-1999 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00077.html E-Mail link for openSUSE-SU-2019:1999-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1112910 SUSE Bug 1112910 https://bugzilla.suse.com/1131729 SUSE Bug 1131729 https://www.suse.com/security/cve/CVE-2018-18541/ SUSE CVE CVE-2018-18541 page https://www.suse.com/security/cve/CVE-2019-10877/ SUSE CVE CVE-2019-10877 page https://www.suse.com/security/cve/CVE-2019-10878/ SUSE CVE CVE-2019-10878 page https://www.suse.com/security/cve/CVE-2019-10879/ SUSE CVE CVE-2019-10879 page SUSE Package Hub 15 SP1 teeworlds-0.7.3.1-bp151.2.3.3 teeworlds-0.7.3.1-bp151.2.3.3 as a component of SUSE Package Hub 15 SP1 In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets. CVE-2018-18541 SUSE Package Hub 15 SP1:teeworlds-0.7.3.1-bp151.2.3.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00077.html https://www.suse.com/security/cve/CVE-2018-18541.html CVE-2018-18541 https://bugzilla.suse.com/1112910 SUSE Bug 1112910 In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in engine/shared/map.cpp that can lead to a buffer overflow, because multiplication of width and height is mishandled. CVE-2019-10877 SUSE Package Hub 15 SP1:teeworlds-0.7.3.1-bp151.2.3.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00077.html https://www.suse.com/security/cve/CVE-2019-10877.html CVE-2019-10877 https://bugzilla.suse.com/1131731 SUSE Bug 1131731 In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions in engine/shared/datafile.cpp that can lead to an arbitrary free and out-of-bounds pointer write, possibly resulting in remote code execution. CVE-2019-10878 SUSE Package Hub 15 SP1:teeworlds-0.7.3.1-bp151.2.3.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00077.html https://www.suse.com/security/cve/CVE-2019-10878.html CVE-2019-10878 https://bugzilla.suse.com/1131730 SUSE Bug 1131730 In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::Open() in engine/shared/datafile.cpp that can lead to a buffer overflow and possibly remote code execution, because size-related multiplications are mishandled. CVE-2019-10879 SUSE Package Hub 15 SP1:teeworlds-0.7.3.1-bp151.2.3.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00077.html https://www.suse.com/security/cve/CVE-2019-10879.html CVE-2019-10879 https://bugzilla.suse.com/1131729 SUSE Bug 1131729