Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[SECURITY] [DSA 949-1] New crawl packages fix potential group games execution
From: joey () infodrom org (Martin Schulze)
Date: Fri, 20 Jan 2006 16:13:36 +0100 (CET)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 949-1                     security () debian org
http://www.debian.org/security/                             Martin Schulze
January 20th, 2006                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : crawl
Vulnerability  : insecure program execution
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2006-0044

Steve Kemp from the Debian Security Audit project discovered a
security related problem in crawl, another console based dungeon
exploration game in the vein of nethack and rogue.  The program
executes commands insecurely when saving or loading games which can
allow local attackers to gain group games privileges.

For the old stable distribution (woody) this problem has been fixed in
version 4.0.0beta23-2woody2.

For the stable distribution (sarge) this problem has been fixed in
version 4.0.0beta26-4sarge0.

For the unstable distribution (sid) this problem has been fixed in
version 4.0.0beta26-7.

We recommend that you upgrade your crawl package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2.dsc
      Size/MD5 checksum:      615 3f43365164bb10f1e1acf6978cb40b96
    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2.diff.gz
      Size/MD5 checksum:     6982 59cb94176b9b70553b12ca6cedd87c34
    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23.orig.tar.gz
      Size/MD5 checksum:  1047863 6b988caff871f0df1c8f3cc907f2fce6

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_alpha.deb
      Size/MD5 checksum:   846396 f9bc757f015f556a80ecaae3b02d48c1

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_arm.deb
      Size/MD5 checksum:   612204 287415a45872ef965aba999a64c83298

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_i386.deb
      Size/MD5 checksum:   597416 d1a3b10417453873118380d75c074516

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_ia64.deb
      Size/MD5 checksum:   873002 b6f756cc288bd81c8be43cc7a1b1cb31

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_hppa.deb
      Size/MD5 checksum:   710704 66c4a5c9277e542247883f1de8775fd1

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_m68k.deb
      Size/MD5 checksum:   582424 ea8e73fad36a8715025aa8b55143c1bd

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_mips.deb
      Size/MD5 checksum:   682570 32a1e35f4f6f337fcffc36f17dd305fe

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_mipsel.deb
      Size/MD5 checksum:   680114 e208b391467dcbe619f3644f890afddd

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_powerpc.deb
      Size/MD5 checksum:   627098 341b7a34dfb134ca29432f46194eba08

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_s390.deb
      Size/MD5 checksum:   595318 cc5e2b868ff1347e31c1439ef0b163d8

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_sparc.deb
      Size/MD5 checksum:   618824 9e320393a2160741925518dac490d3bb


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0.dsc
      Size/MD5 checksum:      605 82e38ba8b803845dfbcedddc5c434951
    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0.diff.gz
      Size/MD5 checksum:     9558 720e80e44a34e38026ba2e92cd54e3bf
    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26.orig.tar.gz
      Size/MD5 checksum:  1111555 8419fb9f161e91e6b1972cdd43b2ac29

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_alpha.deb
      Size/MD5 checksum:   862362 4527606c8e871fd1ee2102ab906becc5

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_amd64.deb
      Size/MD5 checksum:   694574 8beb58cd0111793f82a19022a63b730e

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_arm.deb
      Size/MD5 checksum:   684734 002f5e953c2504f4be1224f93da14eb1

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_i386.deb
      Size/MD5 checksum:   673920 12d2c975ea9f75f4c5bfedaa5c1e297c

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_ia64.deb
      Size/MD5 checksum:   951644 258b23be336ea596e863ca0518e870ed

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_hppa.deb
      Size/MD5 checksum:   769528 fae9f289e054d503b5c0290be2f19712

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_m68k.deb
      Size/MD5 checksum:   594756 6234a30fd30de32b40de5eb8d19e60e4

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_mips.deb
      Size/MD5 checksum:   749624 beeb446cfba816f535c6ae6e4c791151

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_mipsel.deb
      Size/MD5 checksum:   748692 d7cd95b1bab7bbae1739ccca6c72374b

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_powerpc.deb
      Size/MD5 checksum:   701548 e097d40e9a22f2eda2e5da35f71ece6d

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_s390.deb
      Size/MD5 checksum:   656932 5b044f1c47161aea9a0a1d418c989f15

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_sparc.deb
      Size/MD5 checksum:   670026 71a59cdce362ac861e65f172af1c9e93


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce () lists debian org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD0P4gW5ql+IAeqTIRAp9rAJ4vBELMqCUpq8/3sNQ1yJESYo7GjgCfRyM8
yUkz0Lsk17OXiPkOu/UndMk=
=4Few
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [SECURITY] [DSA 949-1] New crawl packages fix potential group games execution Martin Schulze (Jan 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault