Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseOPENSUSE-SU-2019:1793-1
HistoryJul 23, 2019 - 12:00 a.m.

Security update for teeworlds (moderate)

2019-07-2300:00:00
lists.opensuse.org
73

0.055 Low

EPSS

Percentile

93.2%

JSON

An update that fixes four vulnerabilities is now available.

Description:

This update for teeworlds fixes the following issues:

  • CVE-2019-10879: An integer overflow in CDataFileReader::Open() could
    have lead to a buffer overflow and possibly remote code execution,
    because size-related multiplications were mishandled. (boo#1131729)

  • CVE-2019-10878: A failed bounds check in CDataFileReader::GetData() and
    CDataFileReader::ReplaceData() and related functions could have lead to
    an arbitrary free and out-of-bounds pointer write, possibly resulting in
    remote code execution.

  • CVE-2019-10877: An integer overflow in CMap::Load() could have lead to a
    buffer overflow, because multiplication of width and height were
    mishandled.

  • CVE-2018-18541: Connection packets could have been forged. There was no
    challenge-response involved in the connection build up. A remote
    attacker could have sent connection packets from a spoofed IP address
    and occupy all server slots, or even use them for a reflection attack
    using map download packets. (boo#1112910)

  • Update to version 0.7.3.1

    • Colorful gametype and level icons in the browser instead of grayscale.
    • Add an option to use raw mouse inputs, revert to (0.6) relative mode
      by default.
    • Demo list marker indicator.
    • Restore ingame Player and Tee menus, add a warning that a reconnect is
      needed.
    • Emotes can now be cancelled by releasing the mouse in the middle of
      the circle.
    • Improve add friend text.
    • Add a confirmation for removing a filter
    • Add a “click a player to follow” hint
    • Also hint players which key they should press to set themselves ready.
    • fixed using correct array measurements when placing egg doodads
    • fixed demo recorder downloaded maps using the sha256 hash
    • show correct game release version in the start menu and console
    • Fix platform-specific client libraries for Linux
    • advanced scoreboard with game statistics
    • joystick support (experimental!)
    • copy paste (one-way)
    • bot cosmetics (a visual difference between players and NPCs)
    • chat commands (type / in chat)
    • players can change skin without leaving the server (again)
    • live automapper and complete rules for 0.7 tilesets
    • audio toggling HUD
    • an Easter surprise…
    • new gametypes: “last man standing” (LMS) and “last team standing”
      (LTS). survive by your own or as a team with limited weaponry
    • 64 players support. official gametypes are still restricted to 16
      players maximum but allow more spectators
    • new skin system. build your own skins based on a variety of provided
      parts
    • enhanced security. all communications require a handshake and use a
      token to counter spoofing and reflection attacks
    • new maps: ctf8, dm3, lms1. Click to discover them!
    • animated background menu map: jungle, heavens (day/night themes,
      customisable in the map editor)
    • new design for the menus: added start menus, reworked server browser,
      settings
    • customisable gametype icons (browser). make your own!
    • chat overhaul, whispers (private messages)
    • composed binds (ctrl+, shift+, alt+)
    • scoreboard remodelled, now shows kills/deaths
    • demo markers
    • master server list cache (in case the masters are unreachable)
    • input separated from rendering (optimisation)
    • upgrade to SDL2. support for multiple monitors, non-english keyboards,
      and more
    • broadcasts overhaul, optional colours support
    • ready system, for competitive settings
    • server difficulty setting (casual, competitive, normal), shown in the
      browser
    • spectator mode improvements: follow flags, click on players
    • bot flags for modified servers: indicate NPCs, can be filtered out in
      the server browser
    • sharper graphics all around (no more tileset_borderfix and dilate)
    • refreshed the HUD, ninja cooldown, new mouse cursor
    • mapres update (higher resolution, fixes…)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.1:

    zypper in -t patch openSUSE-2019-1793=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.1x86_64< - openSUSE Leap 15.1 (x86_64):- openSUSE Leap 15.1 (x86_64):.x86_64.rpm

Related

nessus 6
openvas 7
suse 1
fedora 4
mageia 1
cve 4
redhatcve 1
prion 4
osv 5
cvelist 4
debian 1
ubuntucve 4
debiancve 4
nvd 4
veracode 3
nessus
nessus
openSUSE Security Update : teeworlds (openSUSE-2019-1793)
2019-07-24 00:00:00
Fedora 30 : teeworlds (2019-d29e04fa11)
2019-05-08 00:00:00
Fedora 29 : teeworlds (2018-5702dc9bdf)
2019-01-03 00:00:00
openvas
openvas
openSUSE: Security Advisory for teeworlds (openSUSE-SU-2019:1793-1)
2020-01-09 00:00:00
Fedora Update for teeworlds FEDORA-2019-d29e04fa11
2019-05-08 00:00:00
Debian: Security Advisory (DSA-4329-1)
2018-10-27 00:00:00
suse
suse
Security update for teeworlds (moderate)
2019-08-24 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: teeworlds-0.7.3.1-2.fc30
2019-05-07 16:47:05
[SECURITY] Fedora 29 Update: teeworlds-0.6.5-1.fc29
2018-10-31 16:42:15
[SECURITY] Fedora 28 Update: teeworlds-0.6.5-1.fc28
2018-10-31 15:54:04
mageia
mageia
Updated teeworlds packages fix security vulnerability
2018-11-16 01:04:32
cve
cve
CVE-2018-18541
2018-10-20 22:29:00
CVE-2019-10877
2019-04-05 06:29:00
CVE-2019-10879
2019-04-05 05:29:03
redhatcve
redhatcve
CVE-2018-18541
2022-05-20 23:22:38
prion
prion
Design/Logic Flaw
2018-10-20 22:29:00
Integer overflow
2019-04-05 05:29:00
Integer overflow
2019-04-05 06:29:00
osv
osv
CVE-2018-18541
2018-10-20 22:29:00
teeworlds - security update
2018-10-28 00:00:00
CVE-2019-10877
2019-04-05 06:29:00
cvelist
cvelist
CVE-2018-18541
2018-10-20 22:00:00
CVE-2019-10877
2019-04-05 04:31:14
CVE-2019-10879
2019-04-05 04:31:49
debian
debian
[SECURITY] [DSA 4329-1] teeworlds security update
2018-10-28 18:51:40
ubuntucve
ubuntucve
CVE-2018-18541
2018-10-20 00:00:00
CVE-2019-10877
2019-04-05 00:00:00
CVE-2019-10879
2019-04-05 00:00:00
debiancve
debiancve
CVE-2018-18541
2018-10-20 22:29:00
CVE-2019-10877
2019-04-05 06:29:00
CVE-2019-10879
2019-04-05 05:29:03
nvd
nvd
CVE-2018-18541
2018-10-20 22:29:00
CVE-2019-10877
2019-04-05 06:29:00
CVE-2019-10879
2019-04-05 05:29:03
veracode
veracode
Remote Code Execution
2020-09-21 06:40:04
Arbitrary Code Execution
2020-09-21 06:30:38
Arbitrary Code Execution
2020-09-21 06:26:37

0.055 Low

EPSS

Percentile

93.2%

JSON
Related for OPENSUSE-SU-2019:1793-1
nessus6openvas7suse1fedora4mageia1cve4redhatcve1prion4osv5cvelist4debian1ubuntucve4debiancve4nvd4veracode3