Urban Terror: Multiple vulnerabilities — GLSA 201706-23

Multiple vulnerabilities have been found in Urban Terror, the worst of which allows for the remote execution of arbitrary code.

Affected packages

games-fps/urbanterror on all architectures
Affected versions < 4.3.2_p20170426
Unaffected versions >= 4.3.2_p20170426

Background

Urban Terror is a free multiplayer first person shooter developed by FrozenSand, that will run on any Quake III Arena compatible engine.

Description

Multiple vulnerabilities have been discovered in Urban Terror. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to connect to a malicious server or leverage Man-in-the-Middle attacks to cause the execution of arbitrary code with the privileges of the process or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Urban Terror users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=games-fps/urbanterror-4.3.2_p20170426"
 

References

Release date
June 22, 2017

Latest revision
June 22, 2017: 1

Severity
normal

Exploitable
remote

Bugzilla entries