1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200605-12 / quake |
| Release Date | May 10, 2006 |
| Latest Revision | May 10, 2006: 01 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| games-fps/quake3-bin | < 1.32c | >= 1.32c | All supported architectures |
| games-fps/rtcw | < 1.41b | >= 1.41b | All supported architectures |
| games-fps/enemy-territory | < 2.60b | >= 2.60b | All supported architectures |
Related bugreports: #132377
The Quake 3 engine has a vulnerability that could be exploited to execute arbitrary code.
Quake 3 is a multiplayer first person shooter.
landser discovered a vulnerability within the "remapShader" command. Due to a boundary handling error in "remapShader", there is a possibility of a buffer overflow.
An attacker could set up a malicious game server and entice users to connect to it, potentially resulting in the execution of arbitrary code with the rights of the game user.
Do not connect to untrusted game servers.
All Quake 3 users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=games-fps/quake3-bin-1.32c" |
All RTCW users should upgrade to the latest version:
Code Listing 3.2: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=games-fps/rtcw-1.41b" |
All Enemy Territory users should upgrade to the latest version:
Code Listing 3.3: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=games-fps/enemy-territory-2.60b" |