lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060417084607.GA6844@galadriel.inutil.org>
Date: Mon Apr 17 09:45:45 2006
From: jmm at debian.org (Moritz Muehlenhoff)
Subject: [SECURITY] [DSA 1036-1] New bsdgames packages fix
	local privilege escalation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1036-1                    security@...ian.org
http://www.debian.org/security/                                 Steve Kemp
April 17th, 2006                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : bsdgames
Vulnerability  : buffer overflow
Problem type   : local
Debian-specific: no
Debian Bug     : 360989
CVE ID         : CVE-2006-1744

A buffer overflow problem has been discovered in sail, a game contained
in the bsdgames package, a collection of classic textual Unix games, which
could lead to games group privilege escalation.

For the old stable distribution (woody) this problem has been fixed in
version 2.13-7woody0.

For the stable distribution (sarge) this problem has been fixed in
version 2.7.59-7sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 2.17-7.

We recommend that you upgrade your bsdgames package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0.dsc
      Size/MD5 checksum:      619 0cbc1e14e3f0b4984e8d98985c6d1f6a
    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0.diff.gz
      Size/MD5 checksum:    11953 3df403ce4490285f5cd42c2be3b28157
    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13.orig.tar.gz
      Size/MD5 checksum:  2340094 cf33f61ce1f0c09a7473ac26a4a0a6ec

  Alpha architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_alpha.deb
      Size/MD5 checksum:   951546 01c6877b6279474d70038c04769fe10b

  ARM architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_arm.deb
      Size/MD5 checksum:   825156 aa85fd9b7d5b1b0686d617f70c986415

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_i386.deb
      Size/MD5 checksum:   792272 0df5fd34239cdaf52e77b51bd964fec1

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_ia64.deb
      Size/MD5 checksum:  1080424 f6c31e672b7fb022957fdf5ffffcc2b3

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_hppa.deb
      Size/MD5 checksum:   902062 ce94b4c1236ff0a547b8787542163a99

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_m68k.deb
      Size/MD5 checksum:   773600 e9e234782008e026f4f9d6fcfcc3663c

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_mips.deb
      Size/MD5 checksum:   886536 90b5e1cb86e8a6af42238312377b0b3e

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_mipsel.deb
      Size/MD5 checksum:   877910 bc782bfdbf7f06c7c0493e8087c0e0c2

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_powerpc.deb
      Size/MD5 checksum:   844230 79740beab215f0bbe9c2db402f618980

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_s390.deb
      Size/MD5 checksum:   831284 668c366d766dfde80fad3db29022f20a

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_sparc.deb
      Size/MD5 checksum:   928022 b122af325cfdbc115a4f65ace24acf67


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1.dsc
      Size/MD5 checksum:      640 4f711fd516a61813f1a3365699b5228e
    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1.diff.gz
      Size/MD5 checksum:    11320 a83f445ca93fcc857e23774658adf6e0
    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17.orig.tar.gz
      Size/MD5 checksum:  2563311 238a38a3a017ca9b216fc42bde405639

  Alpha architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_alpha.deb
      Size/MD5 checksum:  1174660 5efca9433af26290a847a2038e0ae4e6

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_amd64.deb
      Size/MD5 checksum:  1026244 131a5f257d2dd1318e035b24ac0fab2a

  ARM architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_arm.deb
      Size/MD5 checksum:   990704 f20c4c664fc79a956e9fb8e1d83fc4dd

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_i386.deb
      Size/MD5 checksum:   963154 521cc98b003db27c2bbf05afba7cea27

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_ia64.deb
      Size/MD5 checksum:  1312824 fb241efb5d1e5fb2d81ac95884e5ce6c

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_hppa.deb
      Size/MD5 checksum:  1090242 358e7b6a7b3e3bd64dcee450a188ca88

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_m68k.deb
      Size/MD5 checksum:   915186 ca87f4cfd2269b14e01e9a5e477ae572

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_mips.deb
      Size/MD5 checksum:  1123552 2760a604b73c3790bc03d822642a57c3

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_mipsel.deb
      Size/MD5 checksum:  1113750 f33c43e795393cce5c4970da3337d85c

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_powerpc.deb
      Size/MD5 checksum:  1050436 3bf8227a181b7884559c7061ea693335

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_s390.deb
      Size/MD5 checksum:  1029590 5ec74d0de424b23f5e2bbc39673e30bb

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_sparc.deb
      Size/MD5 checksum:   998460 11ae88f58a70f60aad5ccbb62e96f211


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEQ1V4Xm3vHE4uyloRAoA8AJ4s7din/cXclukgbL6lYyjkyqhXaQCgxxdv
3+uOL2eiejdTQYMt/GPamGA=
=cyiV
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ