lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060314092434.GA7191__41919.4427239292$1142356896$gmane$org@informatik.uni-bremen.de>
Date: Tue, 14 Mar 2006 10:24:34 +0100
From: Moritz Muehlenhoff <jmm@...til.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 1001-1] New crossfire packages fix arbitrary code execution


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1001-1                    security@...ian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
March 14th, 2006                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : crossfire
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2006-1010

It was discovered that Crossfire, a multiplayer adventure game, performs
insufficient bounds checking on network packets when run in "oldsocketmode",
which may possibly lead to the execution of arbitrary code.

For the old stable distribution (woody) this problem has been fixed in
version 1.1.0-1woody1.

For the stable distribution (sarge) this problem has been fixed in
version 1.6.0.dfsg.1-4sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 1.9.0-1.

We recommend that you upgrade your crossfire packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.1.0-1woody1.dsc
      Size/MD5 checksum:      646 4ff35e7baf70ac9b4d876a343df40523
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.1.0-1woody1.diff.gz
      Size/MD5 checksum:    46407 7071659d9ec374fb41e20c5016f3a238
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.1.0.orig.tar.gz
      Size/MD5 checksum:  3057431 824e6d9a91ee0321629a9e99ad4e264f

  Architecture independent components:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-doc_1.1.0-1woody1_all.deb
      Size/MD5 checksum:   584300 aa7bf89a453427102d7eec4901958158

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_alpha.deb
      Size/MD5 checksum:   193680 4553b585641d5db5f9d3e903cbbe6398
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_alpha.deb
      Size/MD5 checksum:  2097780 26d3b684b495b0f76fa405baffff8a9c

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_arm.deb
      Size/MD5 checksum:   156280 fb833dd6ddea050831a878f4d5dac277
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_arm.deb
      Size/MD5 checksum:  1993866 fc828be05ece9869a8b09efda952ac47

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_i386.deb
      Size/MD5 checksum:   141064 04096cf1a3b3f82ad6a1b2d75e125990
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_i386.deb
      Size/MD5 checksum:  1954024 24b5735f4f798b110e11cab773b94e5f

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_ia64.deb
      Size/MD5 checksum:   243704 13d507b4def182c7eb01b0aaa3542e29
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_ia64.deb
      Size/MD5 checksum:  2223706 5ff21345dda8ae6f76165f9b96834b0b

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_hppa.deb
      Size/MD5 checksum:   175512 7a53530fe3a05303eef58f1306c761dc
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_hppa.deb
      Size/MD5 checksum:  2047542 77c5b0976be319841e9f7d9a494633e9

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_m68k.deb
      Size/MD5 checksum:   134514 73f71be557835f00d90110c0e26b585c
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_m68k.deb
      Size/MD5 checksum:  1925234 7b19ddb9146470eed7476a9ddcb6df9d

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_mips.deb
      Size/MD5 checksum:   170386 64dcc9e48ef8cad2c7f49d912c48af4c
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_mips.deb
      Size/MD5 checksum:  2034962 8c961860a9608559ffcbb3491e3aa91d

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_mipsel.deb
      Size/MD5 checksum:   169156 128739ca220efa5f4c99aa75ba372e48
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_mipsel.deb
      Size/MD5 checksum:  2034944 d4c48f6b3321ab16858019fb24a990f4

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_powerpc.deb
      Size/MD5 checksum:   159470 9b7d6cd71d50bf74c0d86de967583e95
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_powerpc.deb
      Size/MD5 checksum:  1998154 e22fc08568e1ad53d00232974ae4a9b1

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_s390.deb
      Size/MD5 checksum:   146038 77725d3b5096df841f4cc07122c7c374
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_s390.deb
      Size/MD5 checksum:  1969130 3419823da4526d93c4ff51422944b292

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_sparc.deb
      Size/MD5 checksum:   156446 5c15333247f6b01c5fe0f82f74793a05
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_sparc.deb
      Size/MD5 checksum:  1986454 86501cb8bbdde74d5ed1daa3e28fa1b1

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.6.0.dfsg.1-4sarge1.dsc
      Size/MD5 checksum:      710 47cf0dc050c3dc4db58feeac549aed6a
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.6.0.dfsg.1-4sarge1.diff.gz
      Size/MD5 checksum:   283564 f407edbb32e765296efe129e603fec6f
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.6.0.dfsg.1.orig.tar.gz
      Size/MD5 checksum:  4329330 67c8ee71b0539d369231764b19cc787e

  Architecture independent components:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-doc_1.6.0.dfsg.1-4sarge1_all.deb
      Size/MD5 checksum:   888620 2fe92277b2bd97e3440234fb65817fac

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_alpha.deb
      Size/MD5 checksum:   374622 e83523a6abcb34c15d1c9f32c371089c
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_alpha.deb
      Size/MD5 checksum:  2758858 28c6d5160b86915dfcdac14bdb4f06c7

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_amd64.deb
      Size/MD5 checksum:   340890 80a175aa2524814233248fac42766563
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_amd64.deb
      Size/MD5 checksum:  2643524 6e1771cf2c74e2154c6cc22c62f4681d

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_arm.deb
      Size/MD5 checksum:   333436 6def0c031898c5ec8246ccc0dd2511e6
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_arm.deb
      Size/MD5 checksum:  2639280 95872038843c495c25793f95c9ba2580

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_i386.deb
      Size/MD5 checksum:   331954 aedcbf3efa10e18e2853d67006aa21d1
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_i386.deb
      Size/MD5 checksum:  2625970 47c01f7b6c84046dfbf9a6a2915ae175

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_ia64.deb
      Size/MD5 checksum:   409386 3f688ee42afd52b1ee6a7a3a46435c14
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_ia64.deb
      Size/MD5 checksum:  2853944 8de1e21285619250aef448616a577bed

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_hppa.deb
      Size/MD5 checksum:   351444 8ee33d936f8e4a07e4035e1160a84036
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_hppa.deb
      Size/MD5 checksum:  2681792 d0a273db4abcfc9231a19332ad843c1d

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_m68k.deb
      Size/MD5 checksum:   307588 9908a5d79b36a911c4f46215ebd02862
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_m68k.deb
      Size/MD5 checksum:  2569634 222e9afbaa4bcb7182031ed72af4bc28

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_mips.deb
      Size/MD5 checksum:   348636 f750bed26179ba592aea5e4d79f3e2bb
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_mips.deb
      Size/MD5 checksum:  2657484 432448d5d3ae242f95604aee81edc252

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_mipsel.deb
      Size/MD5 checksum:   346952 32515c7690ce503fbe1651122b7795ad
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_mipsel.deb
      Size/MD5 checksum:  2656172 7ff1f217d75468a101f09c67e6674604

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_powerpc.deb
      Size/MD5 checksum:   339274 7d54740e5324c9d50b6114c6cb84ccb2
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_powerpc.deb
      Size/MD5 checksum:  2651374 973073875b386fd8ac3fbfa7b77b2147

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_s390.deb
      Size/MD5 checksum:   336618 acb44c42b2a086051324c1a647875bb4
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_s390.deb
      Size/MD5 checksum:  2641718 5713c0271c677bb6d172ce0df82f7b96

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_sparc.deb
      Size/MD5 checksum:   330882 32e90607bd43ebb138af8fb5ba168934
    http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_sparc.deb
      Size/MD5 checksum:  2626822 e763b98558e078806c0bb357ec3fc2ee


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEFotzXm3vHE4uyloRArw4AJ9VOxrt+sHceKJ1vBZHFgKzrACL7QCfVW26
dAZXdtXQq8wmIr8HrnWcYy0=
=YvAw
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ