openttd-1.6.1-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10563-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z openttd-1.6.1-1.1 on GA media These are all security issues fixed in the openttd-1.6.1-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10563 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2010-4168/ SUSE CVE CVE-2010-4168 page https://www.suse.com/security/cve/CVE-2012-0049/ SUSE CVE CVE-2012-0049 page https://www.suse.com/security/cve/CVE-2012-3436/ SUSE CVE CVE-2012-3436 page https://www.suse.com/security/cve/CVE-2013-6411/ SUSE CVE CVE-2013-6411 page openSUSE Tumbleweed openttd-1.6.1-1.1 openttd-data-1.6.1-1.1 openttd-dedicated-1.6.1-1.1 openttd-1.6.1-1.1 as a component of openSUSE Tumbleweed openttd-data-1.6.1-1.1 as a component of openSUSE Tumbleweed openttd-dedicated-1.6.1-1.1 as a component of openSUSE Tumbleweed Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/network_server.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp. CVE-2010-4168 openSUSE Tumbleweed:openttd-1.6.1-1.1 openSUSE Tumbleweed:openttd-data-1.6.1-1.1 openSUSE Tumbleweed:openttd-dedicated-1.6.1-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-4168.html CVE-2010-4168 OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server. CVE-2012-0049 openSUSE Tumbleweed:openttd-1.6.1-1.1 openSUSE Tumbleweed:openttd-data-1.6.1-1.1 openSUSE Tumbleweed:openttd-dedicated-1.6.1-1.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0049.html CVE-2012-0049 OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to clear a water tile, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a certain sequence of steps related to "the water/coast aspect of tiles which also have railtracks on one half." CVE-2012-3436 openSUSE Tumbleweed:openttd-1.6.1-1.1 openSUSE Tumbleweed:openttd-data-1.6.1-1.1 openSUSE Tumbleweed:openttd-dedicated-1.6.1-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3436.html CVE-2012-3436 https://bugzilla.suse.com/775023 SUSE Bug 775023 The HandleCrashedAircraft function in aircraft_cmd.cpp in OpenTTD 0.3.6 through 1.3.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) by crashing an aircraft outside of the map. CVE-2013-6411 openSUSE Tumbleweed:openttd-1.6.1-1.1 openSUSE Tumbleweed:openttd-data-1.6.1-1.1 openSUSE Tumbleweed:openttd-dedicated-1.6.1-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6411.html CVE-2013-6411 https://bugzilla.suse.com/853041 SUSE Bug 853041