From Mageia wiki
Jump to: navigation, search

MGASA-2012-0148

Date: July 9th, 2012
Affected releases: 1


Description:
Updated tremulous package fixes security vulnerabilities:

It has been discovered that spoofed "getstatus" UDP requests are being
sent by attackers to servers for use with games derived from the
Quake 3 engine (such as openarena). These servers respond with a
packet flood to the victim whose IP address was impersonated by the
attackers, causing a denial of service (CVE-2010-5077).

The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the
ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin'
Guns, OpenArena, Tremulous, and ioUrbanTerror, does not properly
determine dangerous file extensions, which allows remote attackers to
execute arbitrary code via a crafted third-party addon that creates a
Trojan horse DLL file (CVE-2011-2764).

The ioQuake3 engine, as used in World of Padman 1.2 and earlier,
Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for
dangerous file extensions before writing to the quake3 directory,
which allows remote attackers to execute arbitrary code via a crafted
third-party addon that creates a Trojan horse DLL file (CVE-2011-3012).


Updated Packages:
tremulous-1.2.0-0.beta1.1.2.mga1


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3012
http://www.debian.org/security/2012/dsa-2442
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078387.html
https://bugs.mageia.org/show_bug.cgi?id=6565