lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20071015064624.EAFA1101DE@finlandia.home.infodrom.org>
Date: Mon, 15 Oct 2007 08:46:24 +0200 (CEST)
From: joey@...odrom.org (Martin Schulze)
To: debian-security-announce@...ts.debian.org (Debian Security Announcements)
Subject: [SECURITY] [DSA 1386-1] New wesnoth packages fix
	denial of service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1386-1                    security@...ian.org
http://www.debian.org/security/                             Martin Schulze
October 15th, 2007                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : wesnoth
Vulnerability  : progrmaming error
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2007-3917

A problem has been discovered in the processing of chat messages.
Overly long messages are truncated by the server to a fixed length,
without paying attention to the multibyte characters.  This leads to
invalid UTF-8 on clients and causes an uncaught exception.  Note that
both wesnoth and the wesnoth server are affected.

For the old stable distribution (sarge) this problem has been fixed in
version 0.9.0-6 and in version 1.2.7-1~bpo31+1 of sarge-backports.

For the stable distribution (etch) this problem has been fixed in
version 1.2-2 and in version 1.2.7-1~bpo40+1 of etch-backports.

For the unstable distribution (sid) this problem has been fixed in
version 1.2.7-1.

Packages for the oldstable mips architecture will be added to the
archive later.

We recommend that you upgrade your wesnoth packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6.dsc
      Size/MD5 checksum:      850 86291ea2c7a18b90f85eb39b53f7ca70
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6.diff.gz
      Size/MD5 checksum:    35409 ece9ff9a4cf64ed981a53021194dc204
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0.orig.tar.gz
      Size/MD5 checksum: 36051074 8dd59719631e0e6329a0a25e1dcbf302

  Architecture independent components:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-data_0.9.0-6_all.deb
      Size/MD5 checksum: 14752878 ebb6d4c489fb2d407bd86420e27c8dd5
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-ei_0.9.0-6_all.deb
      Size/MD5 checksum:   681962 0b79cab0648b8724af0009c31c8cf7ad
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-httt_0.9.0-6_all.deb
      Size/MD5 checksum:  4373962 d7b166b55e9acd60c01ad236499b98ff
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-music_0.9.0-6_all.deb
      Size/MD5 checksum:  9936830 7ebc2d096866786625189ea20ea66c46
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-sotbe_0.9.0-6_all.deb
      Size/MD5 checksum:  1844794 dbf5d86593828a3e6519b442fd0ffd57
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-tdh_0.9.0-6_all.deb
      Size/MD5 checksum:    66000 b59719ef1470afa2048a9211cf7fc136
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-trow_0.9.0-6_all.deb
      Size/MD5 checksum:  1717942 7b91a835e816b3b56030f200ecde0b96

  Alpha architecture:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_alpha.deb
      Size/MD5 checksum:  1901144 b8cff98e1a1bdbd5bab93c0e9a414116
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_alpha.deb
      Size/MD5 checksum:  1518366 2b96bd84f4b327f54a6630218070a916
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_alpha.deb
      Size/MD5 checksum:   229474 065684977aebda989fa5bc47acf06a22

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_amd64.deb
      Size/MD5 checksum:  1521520 bc72757fa955b6abdbab1fdd0471a503
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_amd64.deb
      Size/MD5 checksum:  1209900 2f9b55c89ea8b102ce347c1169c154f7
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_amd64.deb
      Size/MD5 checksum:   197616 fc19ba05943d2e5dca1386c39b70075a

  ARM architecture:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_arm.deb
      Size/MD5 checksum:  2608368 17708b565e206b6e636f71be9a137ee4
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_arm.deb
      Size/MD5 checksum:  2031758 a9381b3845b6a305716781cf9e3adf8f
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_arm.deb
      Size/MD5 checksum:   261258 473b78f19604915bcfc647afb02f5f71

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_hppa.deb
      Size/MD5 checksum:  2158256 1baa5680aae24322cae58fc95f35607b
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_hppa.deb
      Size/MD5 checksum:  1711028 e6cda58fe480eb8ddf651c8fc8c1bef0
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_hppa.deb
      Size/MD5 checksum:   247362 3860037bd76d66c9f1b6f9f9c4ea1402

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_i386.deb
      Size/MD5 checksum:  1564748 fb1abacd6f67f44ff26328ce7518f023
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_i386.deb
      Size/MD5 checksum:  1236824 f9708b0fb024c7ecebe2228ce6407031
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_i386.deb
      Size/MD5 checksum:   199806 571df40f963bb6063a21b3384bbc0f01

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_ia64.deb
      Size/MD5 checksum:  2179346 c7561122c10032825635fb45ec33d9d1
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_ia64.deb
      Size/MD5 checksum:  1751082 6e614c2c4aebfc3f27c9ec3f4206d7cf
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_ia64.deb
      Size/MD5 checksum:   260296 2b48beb77863780e89b6eec625669ab8

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_m68k.deb
      Size/MD5 checksum:  1752714 41f99a69afd924bce90274aadf783cd5
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_m68k.deb
      Size/MD5 checksum:  1381188 e7c3c0bc8946ca83a42f89480a5f0463
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_m68k.deb
      Size/MD5 checksum:   206340 71a4e60951fd27f8460d55329551d260

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_mipsel.deb
      Size/MD5 checksum:  1600034 864b17d2bafbcb149865ed73d2884339
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_mipsel.deb
      Size/MD5 checksum:  1297804 73d554e43189ac6ba73b5fa0da0b28ca
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_mipsel.deb
      Size/MD5 checksum:   218490 ec7a24163c7f7a1256d707212eabf98b

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_powerpc.deb
      Size/MD5 checksum:  1572426 e4e0080b2c5315f4fd7bcb4b74623d3c
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_powerpc.deb
      Size/MD5 checksum:  1257238 78b4f7b1b9a59999d90aa15ecc5facc5
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_powerpc.deb
      Size/MD5 checksum:   205200 4eafd50a6367df679f6c5cb72183043a

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_s390.deb
      Size/MD5 checksum:  1290316 25eb64f921ed5249285d45b459e5796c
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_s390.deb
      Size/MD5 checksum:  1034626 5801d36272262bf2e9329f40ba9bf04c
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_s390.deb
      Size/MD5 checksum:   189230 bd78146c81a6463fce3a1b38eec33109

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_sparc.deb
      Size/MD5 checksum:  1527554 2affc47e6aa371a8c6827ff80eb8b9db
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_sparc.deb
      Size/MD5 checksum:  1211058 6892a9ed170ad6e7198f9c1868475cc3
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_sparc.deb
      Size/MD5 checksum:   191834 36d475617567547e8b6ed0e1f25da41f


Debian GNU/Linux 4.0 alias etch
- -------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6.dsc
      Size/MD5 checksum:      850 86291ea2c7a18b90f85eb39b53f7ca70
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6.diff.gz
      Size/MD5 checksum:    35409 ece9ff9a4cf64ed981a53021194dc204
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0.orig.tar.gz
      Size/MD5 checksum: 36051074 8dd59719631e0e6329a0a25e1dcbf302

  Architecture independent components:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-data_0.9.0-6_all.deb
      Size/MD5 checksum: 14752878 ebb6d4c489fb2d407bd86420e27c8dd5
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-ei_0.9.0-6_all.deb
      Size/MD5 checksum:   681962 0b79cab0648b8724af0009c31c8cf7ad
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-httt_0.9.0-6_all.deb
      Size/MD5 checksum:  4373962 d7b166b55e9acd60c01ad236499b98ff
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-music_0.9.0-6_all.deb
      Size/MD5 checksum:  9936830 7ebc2d096866786625189ea20ea66c46
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-sotbe_0.9.0-6_all.deb
      Size/MD5 checksum:  1844794 dbf5d86593828a3e6519b442fd0ffd57
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-tdh_0.9.0-6_all.deb
      Size/MD5 checksum:    66000 b59719ef1470afa2048a9211cf7fc136
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-trow_0.9.0-6_all.deb
      Size/MD5 checksum:  1717942 7b91a835e816b3b56030f200ecde0b96

  Alpha architecture:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_alpha.deb
      Size/MD5 checksum:  1901144 b8cff98e1a1bdbd5bab93c0e9a414116
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_alpha.deb
      Size/MD5 checksum:  1518366 2b96bd84f4b327f54a6630218070a916
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_alpha.deb
      Size/MD5 checksum:   229474 065684977aebda989fa5bc47acf06a22

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_amd64.deb
      Size/MD5 checksum:  1521520 bc72757fa955b6abdbab1fdd0471a503
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_amd64.deb
      Size/MD5 checksum:  1209900 2f9b55c89ea8b102ce347c1169c154f7
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_amd64.deb
      Size/MD5 checksum:   197616 fc19ba05943d2e5dca1386c39b70075a

  ARM architecture:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_arm.deb
      Size/MD5 checksum:  2608368 17708b565e206b6e636f71be9a137ee4
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_arm.deb
      Size/MD5 checksum:  2031758 a9381b3845b6a305716781cf9e3adf8f
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_arm.deb
      Size/MD5 checksum:   261258 473b78f19604915bcfc647afb02f5f71

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_hppa.deb
      Size/MD5 checksum:  2158256 1baa5680aae24322cae58fc95f35607b
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_hppa.deb
      Size/MD5 checksum:  1711028 e6cda58fe480eb8ddf651c8fc8c1bef0
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_hppa.deb
      Size/MD5 checksum:   247362 3860037bd76d66c9f1b6f9f9c4ea1402

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_i386.deb
      Size/MD5 checksum:  1564748 fb1abacd6f67f44ff26328ce7518f023
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_i386.deb
      Size/MD5 checksum:  1236824 f9708b0fb024c7ecebe2228ce6407031
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_i386.deb
      Size/MD5 checksum:   199806 571df40f963bb6063a21b3384bbc0f01

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_ia64.deb
      Size/MD5 checksum:  2179346 c7561122c10032825635fb45ec33d9d1
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_ia64.deb
      Size/MD5 checksum:  1751082 6e614c2c4aebfc3f27c9ec3f4206d7cf
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_ia64.deb
      Size/MD5 checksum:   260296 2b48beb77863780e89b6eec625669ab8

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_m68k.deb
      Size/MD5 checksum:  1752714 41f99a69afd924bce90274aadf783cd5
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_m68k.deb
      Size/MD5 checksum:  1381188 e7c3c0bc8946ca83a42f89480a5f0463
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_m68k.deb
      Size/MD5 checksum:   206340 71a4e60951fd27f8460d55329551d260

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_mipsel.deb
      Size/MD5 checksum:  1600034 864b17d2bafbcb149865ed73d2884339
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_mipsel.deb
      Size/MD5 checksum:  1297804 73d554e43189ac6ba73b5fa0da0b28ca
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_mipsel.deb
      Size/MD5 checksum:   218490 ec7a24163c7f7a1256d707212eabf98b

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_powerpc.deb
      Size/MD5 checksum:  1572426 e4e0080b2c5315f4fd7bcb4b74623d3c
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_powerpc.deb
      Size/MD5 checksum:  1257238 78b4f7b1b9a59999d90aa15ecc5facc5
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_powerpc.deb
      Size/MD5 checksum:   205200 4eafd50a6367df679f6c5cb72183043a

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_s390.deb
      Size/MD5 checksum:  1290316 25eb64f921ed5249285d45b459e5796c
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_s390.deb
      Size/MD5 checksum:  1034626 5801d36272262bf2e9329f40ba9bf04c
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_s390.deb
      Size/MD5 checksum:   189230 bd78146c81a6463fce3a1b38eec33109

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_sparc.deb
      Size/MD5 checksum:  1527554 2affc47e6aa371a8c6827ff80eb8b9db
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_sparc.deb
      Size/MD5 checksum:  1211058 6892a9ed170ad6e7198f9c1868475cc3
    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_sparc.deb
      Size/MD5 checksum:   191834 36d475617567547e8b6ed0e1f25da41f


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHEwzAW5ql+IAeqTIRAmZHAKCrqtmIIDisG++tHfWxdtTZ5OMJYgCdFUje
99skTjGfbZ1f66FrchpXpFQ=
=vEzv
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ