Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Gentoo: GLSA-202308-12 Critical: Urban Terror Security Flaw Detected

gentoo
Calendar Grey June 22, 2017
Dist Gentoo Esm H88
City Clash encounters serious vulnerabilities enabling unauthorized code execution; prompt updates recommended to reduce threats and strengthen defenses.
Multiple vulnerabilities have been found in Urban Terror, the worst of which allows for the remote execution of arbitrary code.

Summary

Multiple vulnerabilities have been discovered in Urban Terror. Please review the CVE identifiers referenced below for details.

Topics%20covered

Topics Covered

security advisory gentoo remote execution multiple issues normal severity urban terror

Resolution

All Urban Terror users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=games-fps/urbanterror-4.3.2_p20170426"

References

[ 1 ] CVE-2011-1412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1412 [ 2 ] CVE-2011-2764 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2764 [ 3 ] CVE-2011-3012 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3012 [ 4 ] CVE-2012-3345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3345

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201706-23
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
critical
Lowest
Low
Medium
High
Critical

Severity: Normal
Title: Urban Terror: Multiple vulnerabilities
Date: June 22, 2017
Bugs: #606702
ID: 201706-23

Topics%20covered

Topics Covered

security advisory gentoo remote execution multiple issues normal severity urban terror

Synopsis

Multiple vulnerabilities have been found in Urban Terror, the worst of which allows for the remote execution of arbitrary code.

Background

Urban Terror is a free multiplayer first person shooter developed by FrozenSand, that will run on any Quake III Arena compatible engine.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 games-fps/urbanterror < 4.3.2_p20170426 >= 4.3.2_p20170426

Impact

===== A remote attacker could entice a user to connect to a malicious server or leverage Man-in-the-Middle attacks to cause the execution of arbitrary code with the privileges of the process or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Related News

Your message here