Security
Security
The Quake 3 engine has a vulnerability that could be exploited to execute arbitrary code.
| Package | games-fps/quake3-bin on all architectures |
|---|---|
| Affected versions | < 1.32c |
| Unaffected versions | >= 1.32c |
| Package | games-fps/rtcw on all architectures |
|---|---|
| Affected versions | < 1.41b |
| Unaffected versions | >= 1.41b |
| Package | games-fps/enemy-territory on all architectures |
|---|---|
| Affected versions | < 2.60b |
| Unaffected versions | >= 2.60b |
Quake 3 is a multiplayer first person shooter.
landser discovered a vulnerability within the "remapShader" command. Due to a boundary handling error in "remapShader", there is a possibility of a buffer overflow.
An attacker could set up a malicious game server and entice users to connect to it, potentially resulting in the execution of arbitrary code with the rights of the game user.
Do not connect to untrusted game servers.
All Quake 3 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=games-fps/quake3-bin-1.32c"
All RTCW users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=games-fps/rtcw-1.41b"
All Enemy Territory users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=games-fps/enemy-territory-2.60b"
Release date
May 10, 2006
Latest revision
May 10, 2006: 01
Severity
normal
Exploitable
remote
Bugzilla entries