Version history/1.2.1

From Zandronum Wiki
Zandronum 1.2.1
Release date 25 May 2014
Previous 1.2
Next 1.2.2

Zandronum 1.2.1 is a minor patch for Zandronum that was released on 25 May 2014.

Changes

Fixes

  • Fixed: A malformed packet could make the server kick the clients. Thanks to Konar6 for supplying a proof-of-concept exploit that allowed to debug the issue. [Torr Samaho]
  • Fixed an exploit with color codes in player names (ported from Konar6's kpatch). [Torr Samaho]
  • Fixed a client memory exhaustion vulnerability. Thanks to AgentME for reporting the vulnerability and submitting a preliminary patch. [Torr Samaho]
  • Fixed a client heap corruption vulnerability. Thanks to AgentME for reporting the vulnerability and submitting a patch. [Torr Samaho]
  • Fixed an exploit based on out of bounds userinfo sent by a malicious client (ported from Konar6's kpatch). [Torr Samaho]
  • Fixed an exploit based on improperly disconnected malicious clients. Kudos to kgsws for finding and reporting this exploit. [Torr Samaho]
  • Fixed an exploit that allowed malicious clients to create additional bodies. Kudos to kgsws for finding and reporting this exploit. [Torr Samaho]
  • Fixed: A malformed packet could crash the server. Thanks to AgentME for reporting the vulnerability and submitting a preliminary patch. [Torr Samaho]
  • The linux binaries are not compiled with -fno-stack-protector anymore. This was originally intended to increase compatibility with distros using older glibc versions but is not necessary anymore since the source is open. Thanks to AgentME for pointing this out. [Torr Samaho]