blob: 594b35ceb4cd00b778292d96bc6e0622a330c95e [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200604-05">
<title>Doomsday: Format string vulnerability</title>
Format string vulnerabilities in Doomsday may lead to the execution of
arbitrary code.
<product type="ebuild">doomsday</product>
<announced>April 06, 2006</announced>
<revised>June 15, 2006: 02</revised>
<package name="games-fps/doomsday" auto="yes" arch="*">
<unaffected range="ge">1.9.0_beta4</unaffected>
<vulnerable range="le">1.9.0_beta4</vulnerable>
Doomsday is a modern gaming engine for popular ID games like Doom,
Heretic and Hexen.
Luigi Auriemma discovered that Doomsday incorrectly implements
formatted printing.
<impact type="high">
A remote attacker could exploit these vulnerabilities to execute
arbitrary code with the rights of the user running the Doomsday server
or client by sending specially crafted strings.
There is no known workaround at this time.
All Doomsday users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=games-fps/doomsday-1.9.0_beta4&quot;</code>
<uri link="">CVE-2006-1618</uri>
<uri link="">Original advisory by Luigi Auriemma</uri>
<metadata tag="requester" timestamp="Tue, 04 Apr 2006 04:57:40 +0000">
<metadata tag="submitter" timestamp="Tue, 04 Apr 2006 10:51:26 +0000">
<metadata tag="bugReady" timestamp="Tue, 04 Apr 2006 12:10:41 +0000">