Stay Secure with the Latest Linux Advisories

security advisorygentooremote execution

Gentoo: GLSA-202308-12 Critical: Urban Terror Security Flaw Detected

Multiple vulnerabilities have been found in Urban Terror, the worst of which allows for the remote execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201706-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Urban Terror: Multiple vulnerabilities Date: June 22, 2017 Bugs: #606702 ID: 201706-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Urban Terror, the worst of which allows for the remote execution of arbitrary code. Background ========= Urban Terror is a free multiplayer first person shooter developed by FrozenSand, that will run on any Quake III Arena compatible engine. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 games-fps/urbanterror < 4.3.2_p20170426 > = 4.3.2_p20170426 Description ========== Multiple vulnerabilities have been discovered in Urban Terror. Please review the CVE identifiers referenced below for details. Impact ===== A remote attacker could entice a user to connect to a malicious server or leverage Man-in-the-Middle attacks to cause the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All Urban Terror users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "> =games-fps/urbanterror-4.3.2_p20170426" References ========= [ 1 ] CVE-2011-1412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1412 [ 2 ] CVE-2011-2764 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2764 [ 3 ] CVE-2011-3012 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3012 [ 4 ] CVE-2012-3345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3345 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201706-23 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . City Clash encounters serious vulnerabilities enabling unauthorized code execution; prompt updates recommended to reduce threats and strengthen defenses.. Urban Terror Security Advisory,Gentoo Linux Update,Remote Code Threat. . Severity: Critical. LinuxSecurity.com Team

Jun 22, 2017 •Critical Gentoo