blob: d1f00e3a0628bf916675fa712c6a62fdfcad3db1 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200711-20">
<title>Pioneers: Multiple Denials of Service</title>
Two Denial of Service vulnerabilities were discovered in Pioneers.
<product type="ebuild">pioneers</product>
<announced>November 14, 2007</announced>
<revised>November 29, 2007: 04</revised>
<package name="games-board/pioneers" auto="yes" arch="*">
<unaffected range="ge">0.11.3-r1</unaffected>
<vulnerable range="lt">0.11.3-r1</vulnerable>
Pioneers (formerly gnocatan) is a clone of the popular board game "The
Settlers of Catan".
Roland Clobus discovered that the Pioneers server may free sessions
objects while they are still in use, resulting in access to invalid
memory zones (CVE-2007-5933). Bas Wijnen discovered an error when
closing connections which can lead to a failed assertion
<impact type="normal">
A remote attacker could send specially crafted data to the vulnerable
server, resulting in a Denial of Service.
There is no known workaround at this time.
All Pioneers users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=games-board/pioneers-0.11.3-r1&quot;</code>
<uri link="">CVE-2007-5933</uri>
<uri link="">CVE-2007-6010</uri>
<metadata tag="requester" timestamp="Sun, 11 Nov 2007 15:28:52 +0000">
<metadata tag="bugReady" timestamp="Tue, 13 Nov 2007 22:49:53 +0000">
<metadata tag="submitter" timestamp="Tue, 13 Nov 2007 23:00:46 +0000">