Ispravljena su tri sigurnosna propusta otkrivena u programskom paketu Tremulous. Spomenute nedostatke udaljeni napadač mogao je iskoristiti za izvođenje DoS napada ili pokretanje zlonamjernog programskog koda.
Paket:
tremulous 1.x
Operacijski sustavi:
Fedora 16, Fedora 17
Kritičnost:
10
Problem:
pogreška u programskoj funkciji, pogreška u programskoj komponenti
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-5371
2012-04-05 18:20:25
--------------------------------------------------------------------------------
Name : tremulous
Product : Fedora 17
Version : 1.2.0
Release : 0.5.beta1.fc17
URL : http://tremulous.net
Summary : First Person Shooter game based on the Quake 3 engine
Description :
Tremulous is a free, open source game that blends a team based FPS with elements
of an RTS. Players can choose from 2 unique races, aliens and humans.
Players on both teams are able to build working structures in-game like an RTS.
These structures provide many functions, the most important being spawning.
The designated builders must ensure there are spawn structures or other players
will not be able to rejoin the game after death. Other structures provide
automated base defense (to some degree), healing functions and much more...
Player advancement is different depending on which team you are on.
As a human, players are rewarded with credits for each alien kill.
These credits may be used to purchase new weapons and upgrades from the Armoury
The alien team advances quite differently. Upon killing a human foe,
the alien is able to evolve into a new class. The more kills gained the more
powerful the classes available.
The overall objective behind Tremulous is to eliminate the opposing team.
This is achieved by not only killing the opposing players but also
removing their ability to respawn by destroying their spawn structures.
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2010-5077.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #806898 - CVE-2010-5077 quake3: DDoS via getstatus and rcon requests
https://bugzilla.redhat.com/show_bug.cgi?id=806898
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update tremulous' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-5434
2012-04-06 20:57:25
--------------------------------------------------------------------------------
Name : tremulous
Product : Fedora 16
Version : 1.2.0
Release : 0.5.beta1.fc16
URL : http://tremulous.net
Summary : First Person Shooter game based on the Quake 3 engine
Description :
Tremulous is a free, open source game that blends a team based FPS with elements
of an RTS. Players can choose from 2 unique races, aliens and humans.
Players on both teams are able to build working structures in-game like an RTS.
These structures provide many functions, the most important being spawning.
The designated builders must ensure there are spawn structures or other players
will not be able to rejoin the game after death. Other structures provide
automated base defense (to some degree), healing functions and much more...
Player advancement is different depending on which team you are on.
As a human, players are rewarded with credits for each alien kill.
These credits may be used to purchase new weapons and upgrades from the Armoury
The alien team advances quite differently. Upon killing a human foe,
the alien is able to evolve into a new class. The more kills gained the more
powerful the classes available.
The overall objective behind Tremulous is to eliminate the opposing team.
This is achieved by not only killing the opposing players but also
removing their ability to respawn by destroying their spawn structures.
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2010-5077.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 27 2012 Jan Kaluza <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.0-0.5.beta1
- fix #806980 - fixed CVE-2010-5077
* Thu Feb 23 2012 Jan Kaluza <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.2.0-0.4.beta1
- fix #796362 - fixed CVE-2011-2764 and CVE-2011-3012
* Sat Jan 14 2012 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
1.2.0-0.3.beta1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #806898 - CVE-2010-5077 quake3: DDoS via getstatus and rcon requests
https://bugzilla.redhat.com/show_bug.cgi?id=806898
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update tremulous' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke