Source: armagetronad Version: 0.2.8.3.2-1 Severity: serious Tags: security A new version of ArmagetronAD was released a few days ago which fixes primarily possible security vulnerabilities and crashes.
>From the release notes: "The practically exploitable bug that was fixed was an error in the network error handling. In client mode, any received packet that causes an exception during processing would terminate the connection to the server. Regular game clients are usually well protected by a NAT router that would not let such packets from attackers through. Game servers are only vulnerable during the brief period while they are communicating with the master servers, and the effect then is that the server will not advertise itself. Another theoretically exploitable bug was that very short UDP packets would cause a read beyond the input buffer. The same buffer as last time, embarrasingly, but this time off the other end and with maximum offset 2." I have talked to upstream who provided a minimal patch which I intend to apply. I think it should be fixed for Jessie and Wheezy since the vulnerability is remotely exploitable. Regards, Markus -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
