Skip to content

Start typing to see game suggestions. This only suggests apps that have a store page.

Only apps with a store page are suggested. Enter Submit to view all results. Ctrl+Enter View and filter in instant search.
Close ×

Half-Life update for 11 April 2019

 

Share · View all patches · Build 3710249 · Last edited by xPaw

Patchnotes via Steam Community

This list covers the releases between March 20 and April 11 that are each part of a series of security updates.

Larger changes:

  • Added privilege checking to command execution. Commands originating outside of the client are now only able to execute commands that are considered to be safe. Commands such as connect, bind, quit and certain cvars such as cl_filterstuffcmd are now only executable by trusted sources.
  • Setting cl_filterstuffcmd to a value greater than zero (e.g. cl_filterstuffcmd 1) will set a number of commands that are potentially abusable, such as say, fps_max, and setinfo, to also be only executable by privileged sources.

Fixes:

  • Fixed client incorrectly blocking download of custom sprays

Security fixes:

  • All custom resources downloaded from a server now have their file name's checked for safety before being allowed to download
  • Invalid file extensions are now prevented in several commands
  • Dynamic libraries are no longer searched for in custom resource directories
  • Added additional file extensions to custom resource blocked extensions list
  • Fixed buffer overflow in message delta parsing
  • Fixed RCE in weapon message handling
  • Fixed RCE in model loading
  • Fixed RCE in saved game loading
  • Fixed buffer overflows in TGA and BMP loading
  • Fixed buffer overflow in demo playback
  • Fixed buffer overflows in sequence file loading
  • Fixed buffer overflows in model name loading
  • Fixed buffer overflow in music playlist loading
  • Fixed buffer overflow in detail texture loading
  • Fixed buffer overflow in console map listing
  • Fixed command chaining in cvars that specified config files to be passed to the exec command
Base Goldsrc Shared Binaries Depot 2
  • Loading history…
Base Goldsrc Linux Depot 8
  • Loading history…
Base Goldsrc OSX Depot 9
  • Loading history…
Half-Life Base Content Depot 71
  • Loading history…
SteamDB has been running ad-free since 2012.
Find out how you can contribute.
Open link