TS 3 Server Security Update
18. Jun 2010
TeamSpeak Systems has released an important Server update that fixes a recently discovered security and crash exploit. Please upgrade your servers or let your hosting company upgrade your server to beta25 as soon as possible.
Official information from TeamSpeak SystemsIt was recently brought to our attention that a critical bug in TeamSpeak 3 Server Beta23 or earlier may allow a malicious user to execute server admin commands without having admin privileges as well as cause server instabilities. These security issues were addressed immediately after we received knowledge of the exploit and a new Server Beta25 build has now been released.
They wanted to release the beta25 of the server later, for example as soon the Channel Commander functionality is ready. But they had to release this build now earlier and thats why there are lines in the changelog that refer to the comming Channel Commander functionality.
They have also released a new client version a few days ago (beta22) that should be already running on your system because of the automatic update function of the client. The changelog of this client update is also inside the changelogs part of this news.
Check out the complete changelogs if you want to see in detail all changes to the server and client.
=== Server Release 3.0.0-beta25 17 Jun 2010
+ added CLIENT_ICON_ID to clientlist (parameter -icon)
+ added CHANNEL_ICON_ID to channellist (parameter -icon)
+ added permission i_channel_description_view_power and i_channel_needed_description_view_power
+ startscript and runscript will now work even when executed from a different
location than the server installation folder
+ added serverquery command clientdbinfo (check docu for details)
+ added permission b_virtualserver_client_dbinfo
+ added new parameter "-count" to clientdblist which gives a property "count" with total available client count
+ serverquery commands servergrouppermlist, channelgrouppermlist, channelpermlist, clientpermlist
and channelclientpermlist added new optional parameter "-permsid". gives permID strings instead
of numbers as output
+ added permission b_client_use_channel_commander
- fixed bug where servergrouplist and channelgrouplist wont check for querygroup permissions
- fixed bug where it was not possible to delete channelgroup templates
- permission update respects "machine_id"
NOTE: server_id 0 groups, templates will be updated in any case
- client pruning respects "machine_id"
- fixed that virtualserver_uptime isnt correct in certain cases
for serverinfo, serverlist query commands
- fixed CHANNEL_ICON_ID shown incorrectly in channelinfo
- fixed VIRTUALSERVER_ICON_ID shown incorrectly in serverinfo
- fixed invalid channeldescriptionchanged event while creating new channels
- fixed bug that lead to temporary server groups not being properly cleared
when a client dropped instead of disconnect
- fixed bug where when a client dropped that was muted by some other client
this other client could incorrectly mute some third uninvolved client
! fixed several vulnerabilities
=== Client Release 3.0.0-beta22 - 07 Jun 2010
- Fixed mirror selection of updater
- Typo and text corrections, updated German translation
- Fixed use of current identity name in statusbar. If an identiy was removed
but still used inside a bookmark, the old instead of default name was shown.
- Fixed channel edit trying to change codec or latency when those were reduced
due to permissions.
- Enabled dialog to ask for joining the servers default channel when maximum of
"max family clients" is reached.
- No longer playing away notification when joining a server as "away".
- Client was able to send an offline message to server.
- Fixed G15 plugin which did not detect connections properly.
- It is no longer possible to paste newlines into server/channel groups.
- The identity name now has the same length limitation as a nickanme.
- Fix bug in filetransfer where after a failed transfer a 0 byte file would
remain on the receiver end
- Mac: Fix issue that resulted in an outdated version of our updater being
- Linux: start scripts should now handle when they are executed from a
different location than in the client installation path
+ When using globally away on a server tab, new clients will join and set their
status also to away afterwards.
+ Added context menu to copy client uids to clipboard when listing all clients.