*** This bug is a security vulnerability ***
Public security bug reported:
Please consider syncing tremulous/1.1.0-8 from Debian unstable into all
supported Ubuntu versions. It fixes:
- CVE-2006-2082: arbitrary file download from server by a malicious client
(Closes: #660831)
- CVE-2006-2236 ("the remapShader exploit"): missing bounds-checking on
COM_StripExtension, exploitable in clients of a malicious server
(Closes: #660827)
- CVE-2006-2875 ("q3cbof"): buffer overflow in CL_ParseDownload by a
malicious server (Closes: #660830)
- CVE-2006-3324: arbitrary file overwriting in clients of a malicious
server (Closes: #660832)
- CVE-2006-3325: arbitrary cvar overwriting (could lead to arbitrary
code execution) in clients of a malicious server (Closes: #660834)
- CVE-2011-3012, CVE-2011-2764: DLL overwriting (leading to arbitrary
code execution) in clients of a malicious server if auto-downloading
is enabled (Closes: #660836)
- a potential buffer overflow in error
handling (not known to be exploitable, but it can't hurt)
- non-literal format strings (again, none are known to be
exploitable)
- CVE-2010-5077, use of Tremulous servers by third parties to perform
reflected DoS attacks
It also disables auto-downloading to mitigate any future security
vulnerabilities.
** Affects: tremulous (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/970819
Title:
multiple security vulnerabilities
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tremulous/+bug/970819/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
