Announcement

Collapse
No announcement yet.

Ioquake3 Pushes Out Important Security Update

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Ioquake3 Pushes Out Important Security Update

    Phoronix: Ioquake3 Pushes Out Important Security Update

    All of those running ioquake3-powered games are encouraged to update their engine installation as soon as possible...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    Originally posted by phoronix View Post
    that end with the PK3 extension, the container format used by the ioquake3 engine
    Quite misleading. It's a zip, nothing more.

    Comment


    • #3
      Originally posted by eydee View Post
      Quite misleading. It's a zip, nothing more.
      What is informative in this case is ioquake3 released a fix to protect gamers against threat in the form of dll disguised as game package files.

      The fact that legitimate pk3 starts with PK magic number is absolutely irrelevant and uninformative, and diverts attention from the essential.

      The useful knowledge is that the dll is disguised as a game asset container, the format of the legitimate container is absolutely irrelevant, and the threat itself does not use this format!

      [Edit: and pk3 are more than just zip, like odt are more than just zip, there is a defined file hierarchy and nomenclature for content, you have to follow rules to organize the assets, not only compress and put them in the container]
      Last edited by illwieckz; 14 March 2017, 03:14 PM.

      Comment


      • #4
        I have to wonder why a "LoadDLL" function would ever get called on a .pk3 file in the first place... Feels like they put in a workaround instead of a fix. That function should never be called in the first place for PK3 files. Does their code try to process every single file as a potential DLL or something? That seems like a mistake if so.

        Comment

        Working...
        X