multiple security vulnerabilities
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| tremulous (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
Please consider syncing tremulous/1.1.0-8 from Debian unstable into all supported Ubuntu versions. It fixes:
- CVE-2006-2082: arbitrary file download from server by a malicious client
(Closes: #660831)
- CVE-2006-2236 ("the remapShader exploit"): missing bounds-checking on
(Closes: #660827)
- CVE-2006-2875 ("q3cbof"): buffer overflow in CL_ParseDownload by a
malicious server (Closes: #660830)
- CVE-2006-3324: arbitrary file overwriting in clients of a malicious
server (Closes: #660832)
- CVE-2006-3325: arbitrary cvar overwriting (could lead to arbitrary
code execution) in clients of a malicious server (Closes: #660834)
- CVE-2011-3012, CVE-2011-2764: DLL overwriting (leading to arbitrary
code execution) in clients of a malicious server if auto-downloading
is enabled (Closes: #660836)
- a potential buffer overflow in error
handling (not known to be exploitable, but it can't hurt)
- non-literal format strings (again, none are known to be exploitable)
- CVE-2010-5077, use of Tremulous servers by third parties to perform
reflected DoS attacks
It also disables auto-downloading to mitigate any future security vulnerabilities.
| visibility: | private → public |
| Tyler Hicks (tyhicks) wrote | #1 |
| Changed in tremulous (Ubuntu): | |
| status: | New → Confirmed |
| Simon McVittie (smcv) wrote | #2 |
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https:/