Unfortunately some branches never get updated and still have exploits that were discovered years ago.
2016-02-04 12:17 GMT+01:00 Asher Baker <[email protected]>: > Full disclosure happens AFTER fixes are released. > As has already been said, there are patches pending release for numerous > other engine branches. > While the ship is halfway to sea given that a patch has released for at > least one engine, It would be irresponsible to expose the several thousand > game servers on the other mainline branches to attack. > > > ~~~~~ > "Their heads are green, and their hands are blue, > And they went to sea in a Sieve." - Edward Lear > > On Thu, Feb 4, 2016 at 10:54 AM, Saint K. <[email protected]> > wrote: > >> Hi, >> >> >> >> I have to agree with the user below. In the field of security it’s >> absolutely necessary to disclose full detail of said issue so other people >> can verify if they have been compromised or not. >> >> >> >> If we don’t know any of the details we neither know what to look for. >> >> >> >> Running the servers with least privilege is the absolute minimum you >> should do. But as you are probably aware, most systems that get compromised >> have been hacked through a whole series of weaknesses. One exploit could >> open up a way to execute other exploits, etc. >> >> >> >> Regards, >> >> >> >> Saint K. >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Hasser Css >> *Sent:* Wednesday, February 03, 2016 11:01 PM >> *To:* Half-Life dedicated Win32 server mailing list < >> [email protected]> >> *Subject:* Re: [hlds] Mandatory Team Fortress 2 update released >> >> >> >> Thanks for being one of the few Valve people who give any kind of >> communication, but that is a pretty bad explanation. >> >> >> >> One can say it is unlikely that people have been exploited because it was >> disclosed privately and such... but that is not a good security mindset. >> What exactly is the harm in saying the scope of the vulnerability, >> especially now that it is fixed? :/ >> >> >> >> On Wed, Feb 3, 2016 at 7:29 PM, John Schoenick <[email protected]> >> wrote: >> >> The issue in question was discovered and reported to us privately, so we >> don't expect any action should be necessary for up-to-date servers. >> >> It is always, of course, a good idea to ensure you are running servers >> with the least necessary privilege to limit the scope of any >> vulnerabilities future or present. >> >> - John >> >> >> >> On 02/02/2016 02:55 PM, Emil Larsson wrote: >> >> What was this security issue exactly? Any concerns for us server owners >> for previously leaked rcon passwords? Or files being uploaded that aren't >> sprays? >> >> Den 2 feb 2016 23:26 skrev "Eric Smith" <[email protected]>: >> >> We've released a mandatory update for TF2. The update notes are below. >> The new version is 3271684. >> >> -Eric >> >> ------------------------------- >> >> - Fixed a security issue related to the file system (thanks to Simon >> Pinfold for this report) >> - Fixed a client crash related to the material system >> - Fixed a crash when using medium or low texture quality on maps with >> static prop lighting >> - Fixed not seeing team names when using custom scoreboards >> - Fixed leaderboards occasionally not displaying when changing map >> - Improved bspzip tool stability when packing maps with large amounts of >> custom assets >> - Updated the contents of the Gargoyle Case, the Fall 2013 Acorns Crate, >> the Love And War Cosmetics Bundle, the Mann Co. Strongbox, and the Mann Co. >> Stockpile Crate >> - Updated the model/materials for the Crusader's Getup and Arthropod's >> Aspect >> - Updated The HazMat Headcase so it can be equipped by the Sniper >> - Updated The Mustachioed Mann so it can be equipped by all classes and >> added a second style >> - Updated The Special Eyes so it can be equipped by the Pyro and added a >> second style >> - Updated The Frenchman's Formals to hide the Scout's dog-tags >> - Updated the equip_region for the Cheater's Lament and added a new style >> - Updated the Backburner to add the pilot light >> - Updated the Rainblower to remove the pilot light >> - Updated several materials to fix issues caused by mat_picmip >> - Updated the localization files >> - Updated pl_borneo >> - Fixed an exploit where players could get outside the map >> - Updated ctf_landfall >> - Fixed some material issues >> - Updated cp_vanguard >> - Added new path to the last point >> - New geometry to reduce sightlines on the middle point >> - Reorganized spawn points to better exit final spawns >> - Fixed Red forward spawn door blocking when held open >> - Fixed some material issues >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >> >> >> >> _______________________________________________ >> >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >> >> >> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >> >> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >> >> > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds > >
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
