TeamSpeak Server version 2.0.23.19 in cPGS is Out-of-Date (Security Vulnerabilities)

[Rooter]

Hello,

Thank you for your hard work thus far; I just want to bring attention to a critical update for the TeamSpeak server binary that is not included in the full server package for Linux. There have been additional security fixes and multiple updates released for the Linux TeamSpeak binary since the full package was last compiled; the most current Linux server binary at the time of writing is "2.0.24.1" that was posted September 2, 2007.

Please update the TS daemon binary to the latest available version as seen and recommended here by the TeamSpeak developers:
http://www.teamspeak.com/?page=downloads

TeamSpeak 2 Server
SHA1: 645dc564a7dda61212c8c6e7f2d5e6a3094f9c74
MD5: 05e2bdec80eeed3d935eacb9ada3623e
2.0.23.19
1.10 MB

TeamSpeak 2 Server (Updated Binary)
SHA1: fa589b3502f0f205395856b19374bb111f940f57
MD5: 55dac0e5c05760f1e8232b32a2920db0
2.0.24.1
0.92 MB

Note of Reference:
http://cpgs.cpanel.net/versions.cgi

Gameserver Version: 2.0.23.19

Change-log details can be found in the TeamSpeak Developer Releases Forums:
http://forum.teamspeak.com/forumdisplay.php?f=56
Please note that version "2.0.24.1" is not marked as Beta.

Thank you, again, for your continued support of cPGS.

[Rooter]

Here's a detailed changelog for the current TeamSpeak Server binary for Linux:

###### TeamSpeak 2 Server Changelog ######

### 2.0.24.1 ###
- fixed several \0 char exploits in the TCP query interface which could cause database corruption

### 2.0.23.22 ###
- fixed a security issue which could enable an attcker to read files from your harddisk via the
servers built-in web administration interface

### 2.0.23.21 ###
- fixed a XSS bug in the servers built-in web administration interface

### 2.0.23.20 ###
- fixed a SQL injection issue which only affects servers running on MySQL databases

### 2.0.23.19 ###
- fixed a critical security issue which could enable an attacker to read files from your harddisk

### 2.0.23.17 ###
- fixed a critical TCP query bug which can lead to a subsequent server crash

### 2.0.23.16 ###
- fixed a critical DoS vulnerability from all previous releases which can lead to allocation of high
amounts of RAM and high consumption of CPU time
- fixed a XSS bug in the servers built-in web administration interface

### 2.0.23.15 ###
- fixed a critical bug which could cause runtime errors and server crashes

### 2.0.23.13 ###
- fixed the \0 char exploit which caused problems with the player context menu and banning functionalities
- fixed a memory leak issue from internal release 2.0.23.10
- fixed a small TCP query bug were selected servers were unselected after authenticating as superadmin
- limited max TCP query connections to 100

### 2.0.23.6 ###
- fixed a critical bug from version 2.0.23.5, that can cause a virtual server to become completely
unresponsive

### 2.0.23.5 ###
- voice server now bans your IP address for 10 minutes after 4 failed login attempts to prevent UDP
bruteforce attacks
- fixed a bug where clients could create channels without a name
- fixed a security issue with the TCP query interface where clients could use commands without
authorization

### 2.0.22.3 ###
- fixed crashes which occured on "Exception2 EIdSocketError.Host not found" events

### 2.0.22.2 ###
- fixed crashes which occured on 'msg' commands via TCP queries
- channel descriptions are now limited to 1024 chars

### 2.0.22.1 ###
- server removes tabulator/newline chars from nicknames
- channel names are now limited to 29 chars to fix the 'Invisible player' bug
- channel order can't be set anymore without permission when creating a channel
- fixed crashes which occured on 'serverstop' commands via HTTP or TCP queries

### 2.0.21.3 ###
- fixed a security flaw in the servers web administration interface
- messages with multiple lines are now logged on a per-line basis to prevent faked log entries

Reference:
ftp://ftp.freenet.de/pub/4players/te.../changelog.txt
http://ftp.freenet.de/pub/4players/t.../changelog.txt

[night-fire]

Hello,
Its not hard to make your own cpgs file but if you wait a few hours either myself or some one from the cpgs team will have a prepacked version of teamspeak made. When done ill upload it.

Cheers for the heads up.

[Rooter]

Hello,
Its not hard to make your own cpgs file but if you wait a few hours either myself or some one from the cpgs team will have a prepacked version of teamspeak made. When done ill upload it.

Cheers for the heads up.

Hello,

To date I've been running TeamSpeak as a standalone installation (without cPGS), but I am very interested in migrating to something that offers my clients a spiffier control panel, such as through cPanel and cPGS.

Before migrating I just need cPGS to include MySQL database support with TeamSpeak; the dbExpress MySQL driver included with TeamSpeak is too old so a while back we purchased a license for the Core Lab dbExpress driver for MySQL. At the time the Core Lab driver was v2.x, with 2.60.8 being the most recent of that series; this version still works great so far.

Note: I've not thoroughly TeamSpeak in cPGS yet, so if for some reason it (cPGS) actually does support MySQL with TeamSpeak, please feel free to correct me.

[darren]

Thanks for the heads up. I've built a new package that should trickle down to the mirrors by tomorrow. I've put it on http://cpgs.network3.net/ just now so you can get it there if urgent.
A couple of things to note about TS w/ cPGS is that cPGS doesn't provide an interface for thigns like managing TS users and channels/rooms, etc, it just sets it up and allows for a users to stop/start and change their admin password; it doesn't server to replace the existing user interface. Most hosting companies will install it on a special account and run one instance of it and create channels/admins for their users inside it using their super admin account. It's mainly just for convenience of installing and being available rather than a new frontend. Also, MySQL support may come someday, but currently it's not available with cPGS. This is mainly due to the fact that cPGS can run on just about any Linux server and to automatically set up a new mysql database would require (a) insuring mysql was running and installed (b) the user/password with sufficient grants was easily available to create the database. It goes a wee bit outside the realm that cPGS is supposed to hang out in, but I may be able to add it as a possible feature down the road, but honestly probably not in the near future.

Thanks again for the server binary update heads up!
~darren