blob: ac11b90de0a20f9146e5d2fab2eed5cd0333ce86 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200509-03">
<title>OpenTTD: Format string vulnerabilities</title>
OpenTTD is vulnerable to format string vulnerabilities which may result in
remote execution of arbitrary code.
<product type="ebuild">openttd</product>
<announced>September 05, 2005</announced>
<revised>May 22, 2006: 02</revised>
<package name="games-simulation/openttd" auto="yes" arch="*">
<unaffected range="ge"></unaffected>
<vulnerable range="lt"></vulnerable>
OpenTTD is an open source clone of the simulation game "Transport
Tycoon Deluxe" by Microprose.
Alexey Dobriyan discovered several format string vulnerabilities in
<impact type="high">
A remote attacker could exploit these vulnerabilities to crash the
OpenTTD server or client and possibly execute arbitrary code with the
rights of the user running OpenTTD.
There are no known workarounds at this time.
All OpenTTD users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=games-simulation/openttd-;</code>
<uri link="">CAN-2005-2763</uri>
<uri link="">CVE-2005-2764</uri>
<metadata tag="requester" timestamp="Thu, 01 Sep 2005 05:03:56 +0000">
<metadata tag="bugReady" timestamp="Thu, 01 Sep 2005 08:12:01 +0000">
<metadata tag="submitter" timestamp="Sun, 04 Sep 2005 15:43:14 +0000">