ESB-2018.3304 - [Win][Linux][BSD][Debian][OSX] teeworlds: Denial of service - Remote/unauthenticated 2018-10-29

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.3304
                         teeworlds security update
                              29 October 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           teeworlds
Publisher:         Debian
Operating System:  Debian GNU/Linux 9
                   Windows
                   OS X
                   Linux variants
                   BSD variants
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-18541  

Original Bulletin: 
   http://www.debian.org/security/2018/dsa-4329

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running teeworlds check for an updated version of the software for 
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4329-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 28, 2018                      https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : teeworlds
CVE ID         : CVE-2018-18541

It was discovered that incorrect connection setup in the server for
Teeworlds, an online multi-player platform 2D shooter, could result in
denial of service via forged connection packets (rendering all game
server slots occupied).

For the stable distribution (stretch), this problem has been fixed in
version 0.6.5+dfsg-1~deb9u1.

We recommend that you upgrade your teeworlds packages.

For the detailed security status of teeworlds please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/teeworlds

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlvWBG4ACgkQEMKTtsN8
Tjapmg//dGRqu1c3au/lPkykbwjTivLMpBiiPFpN6t6xc3OxV/2Bi5K5jwOq1oGP
sUpBMokeQpfkvt4wjd/681NvKNk4mNdbG8CibJEiAmxs52XxgpON85qWy/+B3MGE
ZSLjH4vHjij2WipGN7Ygc7A2p0AUuw4KuhPfZ07kFm+3RBOPHuGaH7CSUkvL1nj0
tRJf4YdGS3CgVQ0sNQj08DwUt9i2xlGg6HNWmXFxRmJrDlW52rBwPjKHE9SuFkKB
PNAjALaExFsEJqfMxhiFWIXyIW5StoX/3JlzVUqa+ozVEkLlB29xz894BTBzARh6
hJNB5kjwj31ZpnXocKzcUkQtuz4DaufOX2udRvimjALfnW3mH9h+5BuTmlLnUJDf
wM8TgnM4oH6R3YHYGrXnvfNHgVjuC3aytikw2xMhVwqINzLhM5bnFVW/MIfLuwbb
l6FR/niG6TYmNgmLpwFWBNxVYgUazRy2NmUyCwVyI5H66T9LyDl5Qq5SPyo5xipR
Yq1mFjPPFBn7IP7hDOyfKVSApzy3FUV5MvJrWRv/JXEGhZSychwDzkDnVAxsyUr9
arnA3bu3o3qbyph7zB+vSd6BHAigjtnCKV0qMpuU781kRtC/LQNT/AQyAALhiiLs
5/cbsKxQtd/2gMveGtKq/kCCb45GNfHl2fMPWJrvVdijkk+npp0=
=G/88
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW9ZQS2aOgq3Tt24GAQi+vhAAwEGMiNfGLhDYCVqSXCasp48o/Ic0dt1N
D9jT947FVoVH8IjT/igR0hLnoch8j8wm0pZFrERZyYaVMFfm/2Ud9t2HDgG8DbMt
WA2dx6m7Sm/vqhymTWJdgGkMDmY3nq3gSo0EFwVq3qUmTjNISrtw/FQWMc8BCFFo
6igC5is23qHj0XNV8wOflC9miGndLZq2hdo6SFx5NVfYfWFyqixKgx+b9GmlbtQV
/cZpql4GMPf17n3DUvz5yfqqifKYW5353sQ6A+NqVtbNVAGM3JrUGStGONPS1M2Y
tICnpG+BFWKYzy7waWU8YioGvTsFKpQck3vkpJajK6FmW1+vFP0OKEn0bEeCBBMq
HLNNCxwJNzuZDDz3mafBARayv819aMky8srE24K3b3Slx6CNmq0cnORR1gTlUqlW
IcCaKg+6zPw0Fddb/tC3mgwm2qswooxarO3q2ReohppOPMB4SvcftV9RSnezQgSm
VU6vQj+Zf8g4XZkH9RNs+Nadjb+wRB918xMrv4NPVZ+IX8NQo0pImA2jBZiCpG0x
aUv10S8ngUSX/JaL7EPotblVv60akC5mcMPms4rEJCClES5ILVo5xHxH9AkaMYRv
cqarr2H0aHOlfnY818hXbqt3FVUk8uFLZqe+GE9YdgVs9Lc2guXS4GvmM4VjI2if
5p5EMFxYSQc=
=6rPy
-----END PGP SIGNATURE-----

« Back to bulletins