Click to discover them! - animated background menu map: jungle, heavens (day/night themes, customisable in the map editor) - new design for the menus: added start menus, reworked server browser, settings - customisable gametype icons (browser). all communications require a handshake and use a token to counter spoofing and reflection attacks - new maps: ctf8, dm3, lms1. build your own skins based on a variety of provided parts - enhanced security. official gametypes are still restricted to 16 players maximum but allow more spectators - new skin system. survive by your own or as a team with limited weaponry - 64 players support. new gametypes: 'last man standing' (LMS) and 'last team standing' (LTS). fixed using correct array measurements when placing egg doodads - fixed demo recorder downloaded maps using the sha256 hash - show correct game release version in the start menu and console - Fix platform-specific client libraries for Linux - advanced scoreboard with game statistics - joystick support (experimental!) - copy paste (one-way) - bot cosmetics (a visual difference between players and NPCs) - chat commands (type / in chat) - players can change skin without leaving the server (again) - live automapper and complete rules for 0.7 tilesets - audio toggling HUD - an Easter surprise. Add a confirmation for removing a filter - Add a 'click a player to follow' hint - Also hint players which key they should press to set themselves ready. Emotes can now be cancelled by releasing the mouse in the middle of the circle. Restore ingame Player and Tee menus, add a warning that a reconnect is needed. Add an option to use raw mouse inputs, revert to (0.6) relative mode by default. (boo#1112910) - Update to version 0.7.3.1 - Colorful gametype and level icons in the browser instead of grayscale. A remote attacker could have sent connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets. There was no challenge-response involved in the connection build up. CVE-2018-18541: Connection packets could have been forged. CVE-2019-10877: An integer overflow in CMap::Load() could have lead to a buffer overflow, because multiplication of width and height were mishandled. (boo#1131729) - CVE-2019-10878: A failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions could have lead to an arbitrary free and out-of-bounds pointer write, possibly resulting in remote code execution. Description This update for teeworlds fixes the following issues : - CVE-2019-10879: An integer overflow in CDataFileReader::Open() could have lead to a buffer overflow and possibly remote code execution, because size-related multiplications were mishandled. Synopsis The remote openSUSE host is missing a security update.
0 kommentar(er)
