Joined: 12 May 2004
|Posted: Thu Nov 15, 2007 12:26 am Post subject: [ GLSA 200711-20 ] Pioneers: Multiple Denials of Service
|Gentoo Linux Security Advisory
Title: Pioneers: Multiple Denials of Service (GLSA 200711-20)
Date: November 14, 2007
Updated: November 29, 2007
Two Denial of Service vulnerabilities were discovered in Pioneers.
Pioneers (formerly gnocatan) is a clone of the popular board game "The
Settlers of Catan".
Vulnerable: < 0.11.3-r1
Unaffected: >= 0.11.3-r1
Architectures: All supported architectures
Roland Clobus discovered that the Pioneers server may free sessions
objects while they are still in use, resulting in access to invalid
memory zones (CVE-2007-5933). Bas Wijnen discovered an error when
closing connections which can lead to a failed assertion
A remote attacker could send specially crafted data to the vulnerable
server, resulting in a Denial of Service.
There is no known workaround at this time.
All Pioneers users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=games-board/pioneers-0.11.3-r1"
Last edited by GLSA on Wed May 23, 2012 4:24 am; edited 3 times in total