Bugzilla – Bug 1212632
VUL-0: xonotic: malicious servers could crash client or execute arbitrary code
Last modified: 2023-06-29 22:05:34 UTC
Seems Xonotic 0.8.5 has a possible security issue: https://xonotic.org/posts/2023/xonotic-0-8-6-release/ The developers are advising to not use 0.8.5 or below to connect internet servers, so 0.8.6 is preferable.
SECURITY ALERT: a bug was discovered in versions older than 0.8.6 that is believed to be exploitable by malicious server admins to crash clients or, if they defeat mitigations, execute arbitrary code. No working exploit code is known to exist at this time, however all users are urged to upgrade immediately, and not use versions older than 0.8.6 to join online servers. openSUSE:Backports:SLE-15-SP4:Update/xonotic 0.8.2 openSUSE:Backports:SLE-15-SP5:Update/xonotic 0.8.5
Maintenance update submitted.
This is an autogenerated message for OBS integration: This bug (1212632) was mentioned in https://build.opensuse.org/request/show/1094942 Backports:SLE-15-SP4+Backports:SLE-15-SP5 / xonotic
Done
openSUSE-SU-2023:0162-1: An update that contains security fixes can now be installed.\n\nCategory: security (moderate)\nBug References: 1212632\nCVE References: \nJIRA References: \nSources used:\nopenSUSE Backports SLE-15-SP5 (src): xonotic-0.8.6-bp155.2.3.1\nopenSUSE Backports SLE-15-SP4 (src): xonotic-0.8.6-bp154.3.3.1\n\n