Debian Security Advisory

DSA-3948-1 ioquake3 -- security update

Date Reported:
19 Aug 2017
Affected Packages:
ioquake3
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2017-11721.
More information:

A read buffer overflow was discovered in the idtech3 (Quake III Arena) family of game engines. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet.

For the oldstable distribution (jessie), this problem has been fixed in version 1.36+u20140802+gca9eebb-2+deb8u2.

For the stable distribution (stretch), this problem has been fixed in version 1.36+u20161101+dfsg1-2+deb9u1.

We recommend that you upgrade your ioquake3 packages.