TeamSpeak Server 3.13.3 [Important Security Update]

We just released an important update for the server.
Please update your server as soon as possible!

Fixed

  • Privilege escalation issue (thanks to alex97000)

You can download the update here. The download page will be updated later.
The Docker update should be available within a day.


You have creative Feedback or issues with that server release?
Tell us! :wave:

24 Likes

:blue_heart:

4 Likes

:heart::heart::heart::heart:

I like this :yum:

1 Like

Can you please share more information?

What kind of priv escalation are we talking about?
When was it introduced?
How severe is it?

2 Likes

May I suggest a mailing list for server owners or something, that is advertised on the server download page? I would have had no idea about this without checking the forum. Security announcements need more visibility than this. Thanks

1 Like

After ~15 hours running this new version my TeamSpeak Server just crashed and generated a crashdump.
@TS.ChrisR, just sent a PM. Lets take a look at the crashdump?

P.S: With 3.13.1 version I had almost ~30 days of uptime with no problem.

Cheers

1 Like
$ docker pull teamspeak:3.13.3
3.13.3: Pulling from library/teamspeak
no matching manifest for linux/amd64 in the manifest list entries

I think that something is not working as it should

1 Like

docker pull teamspeak:latest and docker pull teamspeak:3.13.3 just work fine here.

5 Likes

My post was sent 3 hours ago, the fix has been applied 2 hours ago.
image

Sooo, problem solved, I’ll update my server when possible

1 Like

No. We do not want to advertise details about this issue.

But i can tell “Nobody could get permissions on your operation system or get access to it.”
If that worries you.

Yes. We also want to have such kind of Newsletter for releases.

:+1:

7 Likes

I can understand the security reason behind that (people will abuse it to destroy servers), but in some way it needs to be published, hiding it won’t help in any way.
I hope that the decision is temporary and made to allow people to update their servers, otherwise will sound very bad to me.

At security fixes it would always be interesting which versions are affected. If you know this.

1 Like

It’s an issue about Privilege escalation, so you should consider it as it affects all the versions before the patched one.

1 Like

Telling people how to abuse bugs also helps nobody. It causes more problems that we try to avoid.

No we are not going into details for this.

Anyone is allowed to update anytime. Does not matter if we share more details or not!

6 Likes

Is there a way to find out if this has been exploited on my server?

1 Like

The chances are low that it happened on your server.

You could make a backup and watch if anything suspicious happens. But please don’t start to get paranoid about anything on your server :cowboy_hat_face:.
As said the chances are low.

@All

We discussed that again and decided to give you all some details January 2021 (no fixed day).
We must give hosts enough chance to update their servers first. And some days aren’t enough for this.

11 Likes

Given your track record of broken server versions, I really do not trust you enough to be updating immediately.
And that is precisely why I would like to at least know what versions are affected, so I can make informed decision.

3 Likes

Then is your only option to update next month. Your decision at the end.

8 Likes

When exactly will you release more info about the exploit?