[hlds] Mandatory Update Today for Counter-Strike: Source, Day of Defeat: Source, Half-Life Deathmatch: Source, Half-Life 2: Deathmatch, and Source SDK 2013 Dedicated Server

[John Schoenick]

A mandatory update for Counter-Strike: Source, Day of Defeat: Source,
Half-Life Deathmatch: Source, Half-Life 2: Deathmatch, as well as the
Source SDK Base 2013 Dedicated Server[1] will be made available later
today. We're aiming for mid-afternoon pacific time unless issues arise.

This update is based on the current prerelease branch build. We
encourage server operators to test their setup against that branch, and
let us know of any blocking issues.

[1] This is a SDK binary update only, and should not require
changes/recompiles to currently shipping SDK games. The prerelease
branch of the SDK multiplayer server is currently based on the
soon-to-be-release beta_test branch.

- John



___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

Re: [hlds] Mandatory Team Fortress 2 update released

[Bartek S]

Half-done fix, possibly. If they tell people where to aim, they'll find
another way to exploit.. Don't get me wrong, that's not hate.
On 3 Feb 2016 23:02, "Hasser Css"  wrote:

> Thanks for being one of the few Valve people who give any kind of
> communication, but that is a pretty bad explanation.
>
> One can say it is unlikely that people have been exploited because it was
> disclosed privately and such... but that is not a good security mindset.
> What exactly is the harm in saying the scope of the vulnerability,
> especially now that it is fixed? :/
>
> On Wed, Feb 3, 2016 at 7:29 PM, John Schoenick 
> wrote:
>
>> The issue in question was discovered and reported to us privately, so we
>> don't expect any action should be necessary for up-to-date servers.
>>
>> It is always, of course, a good idea to ensure you are running servers
>> with the least necessary privilege to limit the scope of any
>> vulnerabilities future or present.
>>
>> - John
>>
>>
>> On 02/02/2016 02:55 PM, Emil Larsson wrote:
>>
>> What was this security issue exactly? Any concerns for us server owners
>> for previously leaked rcon passwords? Or files being uploaded that aren't
>> sprays?
>> Den 2 feb 2016 23:26 skrev "Eric Smith" :
>>
>>> We've released a mandatory update for TF2. The update notes are below.
>>> The new version is 3271684.
>>>
>>> -Eric
>>>
>>> ---
>>>
>>> - Fixed a security issue related to the file system (thanks to Simon
>>> Pinfold for this report)
>>> - Fixed a client crash related to the material system
>>> - Fixed a crash when using medium or low texture quality on maps with
>>> static prop lighting
>>> - Fixed not seeing team names when using custom scoreboards
>>> - Fixed leaderboards occasionally not displaying when changing map
>>> - Improved bspzip tool stability when packing maps with large amounts of
>>> custom assets
>>> - Updated the contents of the Gargoyle Case, the Fall 2013 Acorns Crate,
>>> the Love And War Cosmetics Bundle, the Mann Co. Strongbox, and the Mann Co.
>>> Stockpile Crate
>>> - Updated the model/materials for the Crusader's Getup and Arthropod's
>>> Aspect
>>> - Updated The HazMat Headcase so it can be equipped by the Sniper
>>> - Updated The Mustachioed Mann so it can be equipped by all classes and
>>> added a second style
>>> - Updated The Special Eyes so it can be equipped by the Pyro and added a
>>> second style
>>> - Updated The Frenchman's Formals to hide the Scout's dog-tags
>>> - Updated the equip_region for the Cheater's Lament and added a new style
>>> - Updated the Backburner to add the pilot light
>>> - Updated the Rainblower to remove the pilot light
>>> - Updated several materials to fix issues caused by mat_picmip
>>> - Updated the localization files
>>> - Updated pl_borneo
>>> - Fixed an exploit where players could get outside the map
>>> - Updated ctf_landfall
>>> - Fixed some material issues
>>> - Updated cp_vanguard
>>> - Added new path to the last point
>>> - New geometry to reduce sightlines on the middle point
>>> - Reorganized spawn points to better exit final spawns
>>> - Fixed Red forward spawn door blocking when held open
>>> - Fixed some material issues
>>>
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list archives,
>>> please visit:
>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
>>>
>>
>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives, 
>> please visit:https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
>>
>>
>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
>>
>>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
>
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

Re: [hlds] Mandatory Team Fortress 2 update released

[Hasser Css]

Thanks for being one of the few Valve people who give any kind of
communication, but that is a pretty bad explanation.

One can say it is unlikely that people have been exploited because it was
disclosed privately and such... but that is not a good security mindset.
What exactly is the harm in saying the scope of the vulnerability,
especially now that it is fixed? :/

On Wed, Feb 3, 2016 at 7:29 PM, John Schoenick 
wrote:

> The issue in question was discovered and reported to us privately, so we
> don't expect any action should be necessary for up-to-date servers.
>
> It is always, of course, a good idea to ensure you are running servers
> with the least necessary privilege to limit the scope of any
> vulnerabilities future or present.
>
> - John
>
>
> On 02/02/2016 02:55 PM, Emil Larsson wrote:
>
> What was this security issue exactly? Any concerns for us server owners
> for previously leaked rcon passwords? Or files being uploaded that aren't
> sprays?
> Den 2 feb 2016 23:26 skrev "Eric Smith" :
>
>> We've released a mandatory update for TF2. The update notes are below.
>> The new version is 3271684.
>>
>> -Eric
>>
>> ---
>>
>> - Fixed a security issue related to the file system (thanks to Simon
>> Pinfold for this report)
>> - Fixed a client crash related to the material system
>> - Fixed a crash when using medium or low texture quality on maps with
>> static prop lighting
>> - Fixed not seeing team names when using custom scoreboards
>> - Fixed leaderboards occasionally not displaying when changing map
>> - Improved bspzip tool stability when packing maps with large amounts of
>> custom assets
>> - Updated the contents of the Gargoyle Case, the Fall 2013 Acorns Crate,
>> the Love And War Cosmetics Bundle, the Mann Co. Strongbox, and the Mann Co.
>> Stockpile Crate
>> - Updated the model/materials for the Crusader's Getup and Arthropod's
>> Aspect
>> - Updated The HazMat Headcase so it can be equipped by the Sniper
>> - Updated The Mustachioed Mann so it can be equipped by all classes and
>> added a second style
>> - Updated The Special Eyes so it can be equipped by the Pyro and added a
>> second style
>> - Updated The Frenchman's Formals to hide the Scout's dog-tags
>> - Updated the equip_region for the Cheater's Lament and added a new style
>> - Updated the Backburner to add the pilot light
>> - Updated the Rainblower to remove the pilot light
>> - Updated several materials to fix issues caused by mat_picmip
>> - Updated the localization files
>> - Updated pl_borneo
>> - Fixed an exploit where players could get outside the map
>> - Updated ctf_landfall
>> - Fixed some material issues
>> - Updated cp_vanguard
>> - Added new path to the last point
>> - New geometry to reduce sightlines on the middle point
>> - Reorganized spawn points to better exit final spawns
>> - Fixed Red forward spawn door blocking when held open
>> - Fixed some material issues
>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
>>
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
>
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
>
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

Re: [hlds] Mandatory Team Fortress 2 update released

[Rowedahelicon]

@Hasser, there is a mass update slated for a few Source Games including the
Source SDK 2013 stuff so I imagine the fix needs to be implemented
everywhere? Maybe that's why they can't detail it.

On Wed, Feb 3, 2016 at 5:04 PM, Bartek S  wrote:

> Half-done fix, possibly. If they tell people where to aim, they'll find
> another way to exploit.. Don't get me wrong, that's not hate.
> On 3 Feb 2016 23:02, "Hasser Css"  wrote:
>
>> Thanks for being one of the few Valve people who give any kind of
>> communication, but that is a pretty bad explanation.
>>
>> One can say it is unlikely that people have been exploited because it was
>> disclosed privately and such... but that is not a good security mindset.
>> What exactly is the harm in saying the scope of the vulnerability,
>> especially now that it is fixed? :/
>>
>> On Wed, Feb 3, 2016 at 7:29 PM, John Schoenick 
>> wrote:
>>
>>> The issue in question was discovered and reported to us privately, so we
>>> don't expect any action should be necessary for up-to-date servers.
>>>
>>> It is always, of course, a good idea to ensure you are running servers
>>> with the least necessary privilege to limit the scope of any
>>> vulnerabilities future or present.
>>>
>>> - John
>>>
>>>
>>> On 02/02/2016 02:55 PM, Emil Larsson wrote:
>>>
>>> What was this security issue exactly? Any concerns for us server owners
>>> for previously leaked rcon passwords? Or files being uploaded that aren't
>>> sprays?
>>> Den 2 feb 2016 23:26 skrev "Eric Smith" :
>>>
 We've released a mandatory update for TF2. The update notes are below.
 The new version is 3271684.

 -Eric

 ---

 - Fixed a security issue related to the file system (thanks to Simon
 Pinfold for this report)
 - Fixed a client crash related to the material system
 - Fixed a crash when using medium or low texture quality on maps with
 static prop lighting
 - Fixed not seeing team names when using custom scoreboards
 - Fixed leaderboards occasionally not displaying when changing map
 - Improved bspzip tool stability when packing maps with large amounts
 of custom assets
 - Updated the contents of the Gargoyle Case, the Fall 2013 Acorns
 Crate, the Love And War Cosmetics Bundle, the Mann Co. Strongbox, and the
 Mann Co. Stockpile Crate
 - Updated the model/materials for the Crusader's Getup and Arthropod's
 Aspect
 - Updated The HazMat Headcase so it can be equipped by the Sniper
 - Updated The Mustachioed Mann so it can be equipped by all classes and
 added a second style
 - Updated The Special Eyes so it can be equipped by the Pyro and added
 a second style
 - Updated The Frenchman's Formals to hide the Scout's dog-tags
 - Updated the equip_region for the Cheater's Lament and added a new
 style
 - Updated the Backburner to add the pilot light
 - Updated the Rainblower to remove the pilot light
 - Updated several materials to fix issues caused by mat_picmip
 - Updated the localization files
 - Updated pl_borneo
 - Fixed an exploit where players could get outside the map
 - Updated ctf_landfall
 - Fixed some material issues
 - Updated cp_vanguard
 - Added new path to the last point
 - New geometry to reduce sightlines on the middle point
 - Reorganized spawn points to better exit final spawns
 - Fixed Red forward spawn door blocking when held open
 - Fixed some material issues

 ___
 To unsubscribe, edit your list preferences, or view the list archives,
 please visit:
 https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

>>>
>>>
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list archives, 
>>> please visit:https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
>>>
>>>
>>>
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list archives,
>>> please visit:
>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
>>>
>>>
>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
>>
>>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
>
>


-- 
*Matthew (Rowedahelicon) Robinson*
Web Designer / Artist / Writer
Website - http://www.rowedahelicon.com/
___
To unsubscribe, edit your list preferences, or view the list archives, please 

Re: [hlds] Mandatory Update Today for Counter-Strike: Source, Day of Defeat: Source, Half-Life Deathmatch: Source, Half-Life 2: Deathmatch, and Source SDK 2013 Dedicated Server

[supp...@boomgaming.net]

Is it safe to sat the update won't be coming today? When do you think
you will roll it out? Will it require a SourceMod revision for CSS as
well?

Thank you,
Mike Vail

On Wed, Feb 3, 2016 at 12:47 PM, John Schoenick  wrote:
> A mandatory update for Counter-Strike: Source, Day of Defeat: Source,
> Half-Life Deathmatch: Source, Half-Life 2: Deathmatch, as well as the
> Source SDK Base 2013 Dedicated Server[1] will be made available later
> today. We're aiming for mid-afternoon pacific time unless issues arise.
>
> This update is based on the current prerelease branch build. We
> encourage server operators to test their setup against that branch, and
> let us know of any blocking issues.
>
> [1] This is a SDK binary update only, and should not require
> changes/recompiles to currently shipping SDK games. The prerelease
> branch of the SDK multiplayer server is currently based on the
> soon-to-be-release beta_test branch.
>
> - John
>
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

Re: [hlds] Mandatory Team Fortress 2 update released

[John Schoenick]

The issue in question was discovered and reported to us privately, so we
don't expect any action should be necessary for up-to-date servers.

It is always, of course, a good idea to ensure you are running servers
with the least necessary privilege to limit the scope of any
vulnerabilities future or present.

- John

On 02/02/2016 02:55 PM, Emil Larsson wrote:
>
> What was this security issue exactly? Any concerns for us server
> owners for previously leaked rcon passwords? Or files being uploaded
> that aren't sprays?
>
> Den 2 feb 2016 23:26 skrev "Eric Smith"  >:
>
> We've released a mandatory update for TF2. The update notes are
> below. The new version is 3271684.
>
> -Eric
>
> ---
>
> - Fixed a security issue related to the file system (thanks to
> Simon Pinfold for this report)
> - Fixed a client crash related to the material system
> - Fixed a crash when using medium or low texture quality on maps
> with static prop lighting
> - Fixed not seeing team names when using custom scoreboards
> - Fixed leaderboards occasionally not displaying when changing map
> - Improved bspzip tool stability when packing maps with large
> amounts of custom assets
> - Updated the contents of the Gargoyle Case, the Fall 2013 Acorns
> Crate, the Love And War Cosmetics Bundle, the Mann Co. Strongbox,
> and the Mann Co. Stockpile Crate
> - Updated the model/materials for the Crusader's Getup and
> Arthropod's Aspect
> - Updated The HazMat Headcase so it can be equipped by the Sniper
> - Updated The Mustachioed Mann so it can be equipped by all
> classes and added a second style
> - Updated The Special Eyes so it can be equipped by the Pyro and
> added a second style
> - Updated The Frenchman's Formals to hide the Scout's dog-tags
> - Updated the equip_region for the Cheater's Lament and added a
> new style
> - Updated the Backburner to add the pilot light
> - Updated the Rainblower to remove the pilot light
> - Updated several materials to fix issues caused by mat_picmip
> - Updated the localization files
> - Updated pl_borneo
> - Fixed an exploit where players could get outside the map
> - Updated ctf_landfall
> - Fixed some material issues
> - Updated cp_vanguard
> - Added new path to the last point
> - New geometry to reduce sightlines on the middle point
> - Reorganized spawn points to better exit final spawns
> - Fixed Red forward spawn door blocking when held open
> - Fixed some material issues
>
> ___
> To unsubscribe, edit your list preferences, or view the list
> archives, please visit:
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
>
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds