OpenTTD: Multiple vulnerabilities — GLSA 201111-03

Multiple vulnerabilities were found in OpenTTD which could lead to execution of arbitrary code, a Denial of Service, or privilege escalation.

Affected Packages

games-simulation/openttd on all architectures
Affected versions < 1.1.3
Unaffected versions >= 1.1.3

Background

OpenTTD is a clone of Transport Tycoon Deluxe.

Description

Multiple vulnerabilities have been discovered in OpenTTD. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could execute arbitrary code with the privileges of the OpenTTD process or cause a Denial of Service. Local users could cause a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All OpenTTD users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=games-simulation/openttd-1.1.3"
 

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 27, 2011. It is likely that your system is already no longer affected by this issue.

References

Release Date
November 11, 2011

Latest Revision
November 11, 2011: 2

Severity
high

Exploitable
local, remote

Bugzilla entries