|[Home] [Credit Search] [Category Browser] [Staff Roll Call]||The LINUX.COM Article Archive|
|Originally Published: Wednesday, 3 May 2000||Author: Jeff Mrochuk|
|Published to: news_enhance_games/Games News||Page: 1/1 - [Std View]|
Quake 3 Arena v117
Q3A v117 has been released, and is available on the mirrors listed here. Click the topic for id's Robert Duffy's .plan update.
We have just released a new point release for Quake 3 Arena, version 1.17.If you're having problems with the release you can check Loki's Q3A newsgroup.
This patch fixes a fairly serious security flaw in Quake 3 Arena. Internet Security Systems identified the flaw and notified us with reproduction details as well as an overview of the exploit. The basic nature of the exploit is that malicious server operators could overwrite any file on a client system. This type of thing is always possible with DLL based mods ( which is why we strongly recommend VM based mods ) but with this exploit, it was possible within the VM system.
To help facilitate a rapid transition to the new codebase we have also bumped the network protocol version. This means 1.17 is not network compatibile with any prior version.
The install also includes all 3 PK3 files, because the original "pak1.pk3" was not included in the final 1.16 release for Mac and Win32 builds. This will address some pure server connection issues. You will have to have all 3 pak files present to connect to a pure server.
In addition to this security fix, we have also fixed the following:
- Callvote to single player game type causes the server to crash. - Crash in bot initialization on some systems.