Advisories » MGASA-2013-0363

Updated openttd package fixes security vulnerability

Publication date: 06 Dec 2013
Modification date: 06 Dec 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-6411

Description

A missing validation in OpenTTD before 1.3.3 allows remote attackers to
cause a denial of service (crash) by forcefully crashing aircraft near the
corner of the map. This triggers a corner case where data outside of the
allocated map array is accessed (CVE-2013-6411).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=11852
• http://openwall.com/lists/oss-security/2013/11/28/17
• http://security.openttd.org/en/CVE-2013-6411
• http://gb.binaries.openttd.org/binaries/releases/1.3.3/changelog.txt
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6411

SRPMS

3/core

• openttd-1.3.3-1.mga3