Quake III Arena Point Release (v1.32 & 1.32c) Win32
Quake III Arena Point Release (v1.32 & 1.32c) Win32
File Information
- Author RoboCop
- Uploaded 13th February 2017, 03:12 PM
- Last Updated 13th February 2017, 03:12 PM
- Category Quake 3
- Total Downloads 733
Files
- q3pointrelease_132.zip 28.05 MB
- quake3-1.32c-win.zip 441.9 KB
This is the v1.32 final point release for Quake 3 Arena and Q3A: Team Arena.
Short List of Changes in 1.32 : (see readme for complete list)
General:
- new network protocol, 68
- network code:
improved fragmented messages handling
map change while client loads map no longer causes an 'Invalid .PK3' error
map_restart while client loads map no longer causes a reload
fixing donedl being ignored after autodl if map_restart'ed
- the demo command has a list of compatible protocols, it will loop through 66 67 68
you can do '/demo four' and it will try four.dm_66 four.dm_67 four.dm_68
or you can explicitely give a '/demo demoname.dm_??'
- added mousewheel support in the console:
wheel to scroll, ctrl+wheel to scroll faster, shift+wheel to scroll history
----------------------------------------
Quake III Arena v1.32c Patch Notes:-
CVE-2006-2082: directory traversal / information leak in Quake III Arena auto download feature
Ludwig Nussel and Thilo Shulz discovered a vulnerability letting a malicious client download files from a server if auto download is enabled ( sv_allowDownload 1 ).
Issue #2 ( CVE pending ): R_RemapShaders buffer overflow
A second issue fixed in this release would let a malicious server exploit a buffer overflow to execute a shellcode on connecting clients.
--
Updated binaries for the following games are available:
Quake III Arena - fixed at version 1.32c
Return To Castle Wolfenstein - fixed at version 1.41b
Wolfenstein: Enemy Territory - fixed at version 2.60b
If you run a server with any older version, please upgrade or consider turning off autodownload ( set sv_allowDownload to 0 ). Wolfenstein: Enemy Territory servers http/ftp download feature is not affected by CVE-2006-2082. If you don't wish to upgrade, you can decide to only enable http/ftp downloads and disable legacy downloads in that particular case.
Finally, server administrators should note that game servers should be running in restricted environments as much as possible ( unpriviledged accounts and chroot jails ). It's a good thing to do the same for clients, or at least ensure that you are properly firewalled.
Short List of Changes in 1.32 : (see readme for complete list)
General:
- new network protocol, 68
- network code:
improved fragmented messages handling
map change while client loads map no longer causes an 'Invalid .PK3' error
map_restart while client loads map no longer causes a reload
fixing donedl being ignored after autodl if map_restart'ed
- the demo command has a list of compatible protocols, it will loop through 66 67 68
you can do '/demo four' and it will try four.dm_66 four.dm_67 four.dm_68
or you can explicitely give a '/demo demoname.dm_??'
- added mousewheel support in the console:
wheel to scroll, ctrl+wheel to scroll faster, shift+wheel to scroll history
----------------------------------------
Quake III Arena v1.32c Patch Notes:-
CVE-2006-2082: directory traversal / information leak in Quake III Arena auto download feature
Ludwig Nussel and Thilo Shulz discovered a vulnerability letting a malicious client download files from a server if auto download is enabled ( sv_allowDownload 1 ).
Issue #2 ( CVE pending ): R_RemapShaders buffer overflow
A second issue fixed in this release would let a malicious server exploit a buffer overflow to execute a shellcode on connecting clients.
--
Updated binaries for the following games are available:
Quake III Arena - fixed at version 1.32c
Return To Castle Wolfenstein - fixed at version 1.41b
Wolfenstein: Enemy Territory - fixed at version 2.60b
If you run a server with any older version, please upgrade or consider turning off autodownload ( set sv_allowDownload to 0 ). Wolfenstein: Enemy Territory servers http/ftp download feature is not affected by CVE-2006-2082. If you don't wish to upgrade, you can decide to only enable http/ftp downloads and disable legacy downloads in that particular case.
Finally, server administrators should note that game servers should be running in restricted environments as much as possible ( unpriviledged accounts and chroot jails ). It's a good thing to do the same for clients, or at least ensure that you are properly firewalled.