diff options
author | Alec Warner <antarus@scriptkitty.com> | 2011-03-03 14:17:24 -0800 |
---|---|---|
committer | Alec Warner <antarus@scriptkitty.com> | 2011-03-03 14:17:24 -0800 |
commit | 7a6bf8effcade2d8cb9a38b299711e951d1ca44c (patch) | |
tree | b19cbd9ab942932fba6713c20410c7c5d61b1b4b /xml/htdocs/security/en/glsa/glsa-200802-02.xml | |
parent | Commit images from cvs into git. (diff) | |
download | www-redesign-7a6bf8effcade2d8cb9a38b299711e951d1ca44c.tar.gz www-redesign-7a6bf8effcade2d8cb9a38b299711e951d1ca44c.tar.bz2 www-redesign-7a6bf8effcade2d8cb9a38b299711e951d1ca44c.zip |
Add main/ proj/ rdf/ security/
Purge commited CVS dirs in images.
Don't add more CVS dirs
Diffstat (limited to 'xml/htdocs/security/en/glsa/glsa-200802-02.xml')
-rw-r--r-- | xml/htdocs/security/en/glsa/glsa-200802-02.xml | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/xml/htdocs/security/en/glsa/glsa-200802-02.xml b/xml/htdocs/security/en/glsa/glsa-200802-02.xml new file mode 100644 index 00000000..42e3df4d --- /dev/null +++ b/xml/htdocs/security/en/glsa/glsa-200802-02.xml @@ -0,0 +1,77 @@ +<?xml version="1.0" encoding="utf-8"?> +<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?> +<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> + +<glsa id="200802-02"> + <title>Doomsday: Multiple vulnerabilities</title> + <synopsis> + Multiple vulnerabilities in Doomsday might allow remote execution of + arbitrary code or a Denial of Service. + </synopsis> + <product type="ebuild">doomsday</product> + <announced>February 06, 2008</announced> + <revised>February 10, 2008: 02</revised> + <bug>190835</bug> + <access>remote</access> + <affected> + <package name="games-fps/doomsday" auto="no" arch="*"> + <vulnerable range="le">1.9.0_beta52</vulnerable> + </package> + </affected> + <background> + <p> + The Doomsday Engine (deng) is a modern gaming engine for popular ID + games like Doom, Heretic and Hexen. + </p> + </background> + <description> + <p> + Luigi Auriemma discovered multiple buffer overflows in the + D_NetPlayerEvent() function, the Msg_Write() function and the + NetSv_ReadCommands() function. He also discovered errors when handling + chat messages that are not NULL-terminated (CVE-2007-4642) or contain a + short data length, triggering an integer underflow (CVE-2007-4643). + Furthermore a format string vulnerability was discovered in the + Cl_GetPackets() function when processing PSV_CONSOLE_TEXT messages + (CVE-2007-4644). + </p> + </description> + <impact type="high"> + <p> + A remote attacker could exploit these vulnerabilities to execute + arbitrary code with the rights of the user running the Doomsday server + or cause a Denial of Service by sending specially crafted messages to + the server. + </p> + </impact> + <workaround> + <p> + There is no known workaround at this time. + </p> + </workaround> + <resolution> + <p> + While some of these issues could be resolved in + "games-fps/doomsday-1.9.0-beta5.2", the format string vulnerability + (CVE-2007-4644) remains unfixed. We recommend that users unmerge + Doomsday: + </p> + <code> + # emerge --unmerge games-fps/doomsday</code> + </resolution> + <references> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4642">CVE-2007-4642</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4643">CVE-2007-4643</uri> + <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4644">CVE-2007-4644</uri> + </references> + <metadata tag="requester" timestamp="Thu, 06 Dec 2007 00:50:29 +0000"> + rbu + </metadata> + <metadata tag="submitter" timestamp="Wed, 12 Dec 2007 01:08:23 +0000"> + rbu + </metadata> + <metadata tag="bugReady" timestamp="Sun, 20 Jan 2008 00:41:43 +0000"> + rbu + </metadata> +</glsa> |