|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: xonotic: malicious servers could crash client or execute arbitrary code | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE Tumbleweed | Reporter: | Akseli Lahtinen <akselmo> |
| Component: | Security | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Major | ||
| Priority: | P3 - Medium | CC: | Andreas.Stieger, dap.darkness, meissner, opensuse, rpm, werner |
| Version: | Current | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Akseli Lahtinen
2023-06-22 16:36:49 UTC
SECURITY ALERT: a bug was discovered in versions older than 0.8.6 that is believed to be exploitable by malicious server admins to crash clients or, if they defeat mitigations, execute arbitrary code. No working exploit code is known to exist at this time, however all users are urged to upgrade immediately, and not use versions older than 0.8.6 to join online servers. openSUSE:Backports:SLE-15-SP4:Update/xonotic 0.8.2 openSUSE:Backports:SLE-15-SP5:Update/xonotic 0.8.5 Maintenance update submitted. This is an autogenerated message for OBS integration: This bug (1212632) was mentioned in https://build.opensuse.org/request/show/1094942 Backports:SLE-15-SP4+Backports:SLE-15-SP5 / xonotic Done openSUSE-SU-2023:0162-1: An update that contains security fixes can now be installed.\n\nCategory: security (moderate)\nBug References: 1212632\nCVE References: \nJIRA References: \nSources used:\nopenSUSE Backports SLE-15-SP5 (src): xonotic-0.8.6-bp155.2.3.1\nopenSUSE Backports SLE-15-SP4 (src): xonotic-0.8.6-bp154.3.3.1\n\n |