Otkrivena su dva nova sigurnosna propusta u radu programskog paketa tremulous. Udaljeni ih napadač može iskoristiti za proizvoljno izvršavanje programskog koda.
Paket:
tremulous 1.x
Operacijski sustavi:
Fedora 15, Fedora 16
Kritičnost:
10
Problem:
pogreška u programskoj funkciji, pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
proizvoljno izvršavanje programskog koda
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-2764, CVE-2011-3012
Izvorni ID preporuke:
FEDORA-2012-2419
Izvor:
Fedora
Problem:
Sigurnosna ranjivosti su posljedica pogreške u funkciji "FS_CheckFilenameIsNotExecutable" i komponenti "ioQuake3".
Posljedica:
Udaljeni napadač navedene ranjivosti može iskoristiti za pokretanje proizvoljnog programskog koda.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-2419
2012-02-25 07:55:27
--------------------------------------------------------------------------------
Name : tremulous
Product : Fedora 16
Version : 1.2.0
Release : 0.4.beta1.fc16
URL : http://tremulous.net
Summary : First Person Shooter game based on the Quake 3 engine
Description :
Tremulous is a free, open source game that blends a team based FPS with elements
of an RTS. Players can choose from 2 unique races, aliens and humans.
Players on both teams are able to build working structures in-game like an RTS.
These structures provide many functions, the most important being spawning.
The designated builders must ensure there are spawn structures or other players
will not be able to rejoin the game after death. Other structures provide
automated base defense (to some degree), healing functions and much more...
Player advancement is different depending on which team you are on.
As a human, players are rewarded with credits for each alien kill.
These credits may be used to purchase new weapons and upgrades from the Armoury
The alien team advances quite differently. Upon killing a human foe,
the alien is able to evolve into a new class. The more kills gained the more
powerful the classes available.
The overall objective behind Tremulous is to eliminate the opposing team.
This is achieved by not only killing the opposing players but also
removing their ability to respawn by destroying their spawn structures.
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2011-2764
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 23 2012 Jan Kaluza <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.0-0.4.beta1
- fix #796362 - fixed CVE-2011-2764 and CVE-2011-3012
* Sat Jan 14 2012 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
1.2.0-0.3.beta1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #796362 - multiple flaws in current version of tremulous
https://bugzilla.redhat.com/show_bug.cgi?id=796362
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update tremulous' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-2405
2012-02-25 07:54:38
--------------------------------------------------------------------------------
Name : tremulous
Product : Fedora 15
Version : 1.2.0
Release : 0.4.beta1.fc15
URL : http://tremulous.net
Summary : First Person Shooter game based on the Quake 3 engine
Description :
Tremulous is a free, open source game that blends a team based FPS with elements
of an RTS. Players can choose from 2 unique races, aliens and humans.
Players on both teams are able to build working structures in-game like an RTS.
These structures provide many functions, the most important being spawning.
The designated builders must ensure there are spawn structures or other players
will not be able to rejoin the game after death. Other structures provide
automated base defense (to some degree), healing functions and much more...
Player advancement is different depending on which team you are on.
As a human, players are rewarded with credits for each alien kill.
These credits may be used to purchase new weapons and upgrades from the Armoury
The alien team advances quite differently. Upon killing a human foe,
the alien is able to evolve into a new class. The more kills gained the more
powerful the classes available.
The overall objective behind Tremulous is to eliminate the opposing team.
This is achieved by not only killing the opposing players but also
removing their ability to respawn by destroying their spawn structures.
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2011-2764
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 23 2012 Jan Kaluza <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.0-0.4.beta1
- fix #796362 - fixed CVE-2011-2764 and CVE-2011-3012
* Sat Jan 14 2012 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
1.2.0-0.3.beta1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #796362 - multiple flaws in current version of tremulous
https://bugzilla.redhat.com/show_bug.cgi?id=796362
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update tremulous' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke