{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for teeworlds","title":"Title of the patch"},{"category":"description","text":"This update for teeworlds fixes the following issues:\n\n- CVE-2019-10879: An integer overflow in CDataFileReader::Open() could have lead to a buffer overflow and possibly remote code execution, because size-related multiplications were mishandled. (boo#1131729)\n- CVE-2019-10878: A failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions could have lead to an arbitrary free and out-of-bounds pointer write, possibly resulting in remote code execution.\n- CVE-2019-10877: An integer overflow in CMap::Load() could have lead to a buffer overflow, because multiplication of width and height were mishandled.\n- CVE-2018-18541: Connection packets could have been forged. There was no challenge-response involved in the connection build up. A remote attacker could have sent connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets. (boo#1112910)\n\n- Update to version 0.7.3.1\n  * Colorful gametype and level icons in the browser instead of\n    grayscale.\n  * Add an option to use raw mouse inputs, revert to (0.6) relative\n    mode by default.\n  * Demo list marker indicator.\n  * Restore ingame Player and Tee menus, add a warning that a\n    reconnect is needed.\n  * Emotes can now be cancelled by releasing the mouse in the\n    middle of the circle.\n  * Improve add friend text.\n  * Add a confirmation for removing a filter\n  * Add a 'click a player to follow' hint\n  * Also hint players which key they should press to set themselves\n    ready.\n  * fixed using correct array measurements when placing egg doodads\n  * fixed demo recorder downloaded maps using the sha256 hash\n  * show correct game release version in the start menu and console\n  * Fix platform-specific client libraries for Linux\n  * advanced scoreboard with game statistics\n  * joystick support (experimental!)\n  * copy paste (one-way)\n  * bot cosmetics (a visual difference between players and NPCs)\n  * chat commands (type / in chat)\n  * players can change skin without leaving the server (again)\n  * live automapper and complete rules for 0.7 tilesets\n  * audio toggling HUD\n  * an Easter surprise...\n  * new gametypes: 'last man standing' (LMS) and 'last team standing'\n    (LTS). survive by your own or as a team with limited weaponry\n  * 64 players support. official gametypes are still restricted to 16\n    players maximum but allow more spectators\n  * new skin system. build your own skins based on a variety of\n    provided parts\n  * enhanced security. all communications require a handshake and use\n    a token to counter spoofing and reflection attacks\n  * new maps: ctf8, dm3, lms1. Click to discover them!\n  * animated background menu map: jungle, heavens (day/night themes,\n    customisable in the map editor)\n  * new design for the menus: added start menus, reworked server\n    browser, settings\n  * customisable gametype icons (browser). make your own!\n  * chat overhaul, whispers (private messages)\n  * composed binds (ctrl+, shift+, alt+)\n  * scoreboard remodelled, now shows kills/deaths\n  * demo markers\n  * master server list cache (in case the masters are unreachable)\n  * input separated from rendering (optimisation)\n  * upgrade to SDL2. support for multiple monitors, non-english\n    keyboards, and more\n  * broadcasts overhaul, optional colours support\n  * ready system, for competitive settings\n  * server difficulty setting (casual, competitive, normal), shown in\n    the browser\n  * spectator mode improvements: follow flags, click on players\n  * bot flags for modified servers: indicate NPCs, can be filtered out\n    in the server browser\n  * sharper graphics all around (no more tileset_borderfix and dilate)\n  * refreshed the HUD, ninja cooldown, new mouse cursor\n  * mapres update (higher resolution, fixes...)\n","title":"Description of the patch"},{"category":"details","text":"openSUSE-2019-1793","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1793-1.json"},{"category":"self","summary":"URL for openSUSE-SU-2019:1793-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CR2IUNRFXJC6NRJKQUUDA2UXIVJTXQQV/#CR2IUNRFXJC6NRJKQUUDA2UXIVJTXQQV"},{"category":"self","summary":"E-Mail link for openSUSE-SU-2019:1793-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CR2IUNRFXJC6NRJKQUUDA2UXIVJTXQQV/#CR2IUNRFXJC6NRJKQUUDA2UXIVJTXQQV"},{"category":"self","summary":"SUSE Bug 1112910","url":"https://bugzilla.suse.com/1112910"},{"category":"self","summary":"SUSE Bug 1131729","url":"https://bugzilla.suse.com/1131729"},{"category":"self","summary":"SUSE CVE CVE-2018-18541 page","url":"https://www.suse.com/security/cve/CVE-2018-18541/"},{"category":"self","summary":"SUSE CVE CVE-2019-10877 page","url":"https://www.suse.com/security/cve/CVE-2019-10877/"},{"category":"self","summary":"SUSE CVE CVE-2019-10878 page","url":"https://www.suse.com/security/cve/CVE-2019-10878/"},{"category":"self","summary":"SUSE CVE CVE-2019-10879 page","url":"https://www.suse.com/security/cve/CVE-2019-10879/"}],"title":"Security update for teeworlds","tracking":{"current_release_date":"2019-07-23T11:22:31Z","generator":{"date":"2019-07-23T11:22:31Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2019:1793-1","initial_release_date":"2019-07-23T11:22:31Z","revision_history":[{"date":"2019-07-23T11:22:31Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"teeworlds-0.7.3.1-lp151.2.3.1.x86_64","product":{"name":"teeworlds-0.7.3.1-lp151.2.3.1.x86_64","product_id":"teeworlds-0.7.3.1-lp151.2.3.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"openSUSE Leap 15.1","product":{"name":"openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.1"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"teeworlds-0.7.3.1-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"},"product_reference":"teeworlds-0.7.3.1-lp151.2.3.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.1"}]},"vulnerabilities":[{"cve":"CVE-2018-18541","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-18541"}],"notes":[{"category":"general","text":"In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-18541","url":"https://www.suse.com/security/cve/CVE-2018-18541"},{"category":"external","summary":"SUSE Bug 1112910 for CVE-2018-18541","url":"https://bugzilla.suse.com/1112910"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.5,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-07-23T11:22:31Z","details":"important"}],"title":"CVE-2018-18541"},{"cve":"CVE-2019-10877","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-10877"}],"notes":[{"category":"general","text":"In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in engine/shared/map.cpp that can lead to a buffer overflow, because multiplication of width and height is mishandled.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-10877","url":"https://www.suse.com/security/cve/CVE-2019-10877"},{"category":"external","summary":"SUSE Bug 1131731 for CVE-2019-10877","url":"https://bugzilla.suse.com/1131731"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":9.8,"baseSeverity":"CRITICAL","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.0"},"products":["openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-07-23T11:22:31Z","details":"moderate"}],"title":"CVE-2019-10877"},{"cve":"CVE-2019-10878","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-10878"}],"notes":[{"category":"general","text":"In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions in engine/shared/datafile.cpp that can lead to an arbitrary free and out-of-bounds pointer write, possibly resulting in remote code execution.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-10878","url":"https://www.suse.com/security/cve/CVE-2019-10878"},{"category":"external","summary":"SUSE Bug 1131730 for CVE-2019-10878","url":"https://bugzilla.suse.com/1131730"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":9.8,"baseSeverity":"CRITICAL","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.0"},"products":["openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-07-23T11:22:31Z","details":"moderate"}],"title":"CVE-2019-10878"},{"cve":"CVE-2019-10879","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-10879"}],"notes":[{"category":"general","text":"In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::Open() in engine/shared/datafile.cpp that can lead to a buffer overflow and possibly remote code execution, because size-related multiplications are mishandled.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-10879","url":"https://www.suse.com/security/cve/CVE-2019-10879"},{"category":"external","summary":"SUSE Bug 1131729 for CVE-2019-10879","url":"https://bugzilla.suse.com/1131729"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":9.8,"baseSeverity":"CRITICAL","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.0"},"products":["openSUSE Leap 15.1:teeworlds-0.7.3.1-lp151.2.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-07-23T11:22:31Z","details":"moderate"}],"title":"CVE-2019-10879"}]}