Ah, sorry. I was not aware that the problem also existed in other branches and
were yet to be patched. You are absolutely correct.
Saint K.
From: [email protected]
[mailto:[email protected]] On Behalf Of Asher Baker
Sent: Thursday, February 04, 2016 12:17 PM
To: Half-Life dedicated Win32 server mailing list <[email protected]>
Subject: Re: [hlds] Mandatory Team Fortress 2 update released
Full disclosure happens AFTER fixes are released.
As has already been said, there are patches pending release for numerous other
engine branches.
While the ship is halfway to sea given that a patch has released for at least
one engine, It would be irresponsible to expose the several thousand game
servers on the other mainline branches to attack.
~~~~~
"Their heads are green, and their hands are blue,
And they went to sea in a Sieve." - Edward Lear
On Thu, Feb 4, 2016 at 10:54 AM, Saint K. <[email protected]> wrote:
Hi,
I have to agree with the user below. In the field of security it’s absolutely
necessary to disclose full detail of said issue so other people can verify if
they have been compromised or not.
If we don’t know any of the details we neither know what to look for.
Running the servers with least privilege is the absolute minimum you should do.
But as you are probably aware, most systems that get compromised have been
hacked through a whole series of weaknesses. One exploit could open up a way to
execute other exploits, etc.
Regards,
Saint K.
From: [email protected]
[mailto:[email protected]] On Behalf Of Hasser Css
Sent: Wednesday, February 03, 2016 11:01 PM
To: Half-Life dedicated Win32 server mailing list <[email protected]>
Subject: Re: [hlds] Mandatory Team Fortress 2 update released
Thanks for being one of the few Valve people who give any kind of
communication, but that is a pretty bad explanation.
One can say it is unlikely that people have been exploited because it was
disclosed privately and such... but that is not a good security mindset. What
exactly is the harm in saying the scope of the vulnerability, especially now
that it is fixed? :/
On Wed, Feb 3, 2016 at 7:29 PM, John Schoenick <[email protected]> wrote:
The issue in question was discovered and reported to us privately, so we don't
expect any action should be necessary for up-to-date servers.
It is always, of course, a good idea to ensure you are running servers with the
least necessary privilege to limit the scope of any vulnerabilities future or
present.
- John
On 02/02/2016 02:55 PM, Emil Larsson wrote:
What was this security issue exactly? Any concerns for us server owners for
previously leaked rcon passwords? Or files being uploaded that aren't sprays?
Den 2 feb 2016 23:26 skrev "Eric Smith" <[email protected]>:
We've released a mandatory update for TF2. The update notes are below. The new
version is 3271684.
-Eric
-------------------------------
- Fixed a security issue related to the file system (thanks to Simon Pinfold
for this report)
- Fixed a client crash related to the material system
- Fixed a crash when using medium or low texture quality on maps with static
prop lighting
- Fixed not seeing team names when using custom scoreboards
- Fixed leaderboards occasionally not displaying when changing map
- Improved bspzip tool stability when packing maps with large amounts of custom
assets
- Updated the contents of the Gargoyle Case, the Fall 2013 Acorns Crate, the
Love And War Cosmetics Bundle, the Mann Co. Strongbox, and the Mann Co.
Stockpile Crate
- Updated the model/materials for the Crusader's Getup and Arthropod's Aspect
- Updated The HazMat Headcase so it can be equipped by the Sniper
- Updated The Mustachioed Mann so it can be equipped by all classes and added a
second style
- Updated The Special Eyes so it can be equipped by the Pyro and added a second
style
- Updated The Frenchman's Formals to hide the Scout's dog-tags
- Updated the equip_region for the Cheater's Lament and added a new style
- Updated the Backburner to add the pilot light
- Updated the Rainblower to remove the pilot light
- Updated several materials to fix issues caused by mat_picmip
- Updated the localization files
- Updated pl_borneo
- Fixed an exploit where players could get outside the map
- Updated ctf_landfall
- Fixed some material issues
- Updated cp_vanguard
- Added new path to the last point
- New geometry to reduce sightlines on the middle point
- Reorganized spawn points to better exit final spawns
- Fixed Red forward spawn door blocking when held open
- Fixed some material issues
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
_______________________________________________To unsubscribe, edit your list
preferences, or view the list archives, please
visit:https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
