openSUSE Security Update: Security update for teeworlds ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:1999-1 Rating: moderate References: #1112910 #1131729 Cross-References: CVE-2018-18541 CVE-2019-10877 CVE-2019-10878 CVE-2019-10879 Affected Products: openSUSE Backports SLE-15-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for teeworlds fixes the following issues: - CVE-2019-10879: An integer overflow in CDataFileReader::Open() could have lead to a buffer overflow and possibly remote code execution, because size-related multiplications were mishandled. (boo#1131729) - CVE-2019-10878: A failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions could have lead to an arbitrary free and out-of-bounds pointer write, possibly resulting in remote code execution. - CVE-2019-10877: An integer overflow in CMap::Load() could have lead to a buffer overflow, because multiplication of width and height were mishandled. - CVE-2018-18541: Connection packets could have been forged. There was no challenge-response involved in the connection build up. A remote attacker could have sent connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets. (boo#1112910) - Update to version 0.7.3.1 * Colorful gametype and level icons in the browser instead of grayscale. * Add an option to use raw mouse inputs, revert to (0.6) relative mode by default. * Demo list marker indicator. * Restore ingame Player and Tee menus, add a warning that a reconnect is needed. * Emotes can now be cancelled by releasing the mouse in the middle of the circle. * Improve add friend text. * Add a confirmation for removing a filter * Add a "click a player to follow" hint * Also hint players which key they should press to set themselves ready. * fixed using correct array measurements when placing egg doodads * fixed demo recorder downloaded maps using the sha256 hash * show correct game release version in the start menu and console * Fix platform-specific client libraries for Linux * advanced scoreboard with game statistics * joystick support (experimental!) * copy paste (one-way) * bot cosmetics (a visual difference between players and NPCs) * chat commands (type / in chat) * players can change skin without leaving the server (again) * live automapper and complete rules for 0.7 tilesets * audio toggling HUD * an Easter surprise... * new gametypes: "last man standing" (LMS) and "last team standing" (LTS). survive by your own or as a team with limited weaponry * 64 players support. official gametypes are still restricted to 16 players maximum but allow more spectators * new skin system. build your own skins based on a variety of provided parts * enhanced security. all communications require a handshake and use a token to counter spoofing and reflection attacks * new maps: ctf8, dm3, lms1. Click to discover them! * animated background menu map: jungle, heavens (day/night themes, customisable in the map editor) * new design for the menus: added start menus, reworked server browser, settings * customisable gametype icons (browser). make your own! * chat overhaul, whispers (private messages) * composed binds (ctrl+, shift+, alt+) * scoreboard remodelled, now shows kills/deaths * demo markers * master server list cache (in case the masters are unreachable) * input separated from rendering (optimisation) * upgrade to SDL2. support for multiple monitors, non-english keyboards, and more * broadcasts overhaul, optional colours support * ready system, for competitive settings * server difficulty setting (casual, competitive, normal), shown in the browser * spectator mode improvements: follow flags, click on players * bot flags for modified servers: indicate NPCs, can be filtered out in the server browser * sharper graphics all around (no more tileset_borderfix and dilate) * refreshed the HUD, ninja cooldown, new mouse cursor * mapres update (higher resolution, fixes...) This update was imported from the openSUSE:Leap:15.1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2019-1999=1 Package List: - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le x86_64): teeworlds-0.7.3.1-bp151.2.3.3 References: https://www.suse.com/security/cve/CVE-2018-18541.html https://www.suse.com/security/cve/CVE-2019-10877.html https://www.suse.com/security/cve/CVE-2019-10878.html https://www.suse.com/security/cve/CVE-2019-10879.html https://bugzilla.suse.com/1112910 https://bugzilla.suse.com/1131729