Debian: mah-jong multiple vulnerabilities

    Date08 Sep 2003
    CategoryDebian
    2295
    Posted ByLinuxSecurity Advisories
    Nicolas Boullis discovered two vulnerabilities in mah-jong.
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 378-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Matt Zimmerman
    September 7th, 2003                      http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : mah-jong
    Vulnerability  : buffer overflows, denial of service
    Problem-Type   : remote
    Debian-specific: no
    CVE Ids        : CAN-2003-0705 CAN-2003-0706
    
    Nicolas Boullis discovered two vulnerabilities in mah-jong, a
    network-enabled game.
    
     - CAN-2003-0705 (buffer overflow)
    
       This vulnerability could be exploited by a remote attacker to
       execute arbitrary code with the privileges of the user running the
       mah-jong server.
    
    - - CAN-2003-0706 (denial of service)
    
      This vulnerability could be exploited by a remote attacker to cause
      the mah-jong server to enter a tight loop and stop responding to
      commands.
    
    For the stable distribution (woody) these problems have been fixed in
    version 1.4-2.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 1.5.6-2.
    
    We recommend that you update your mah-jong package.
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2.dsc
          Size/MD5 checksum:      579 b473dfb32c1765f3b96a1d4897a728a5
         http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2.diff.gz
          Size/MD5 checksum:    23814 c0465cd149b6f9bfc7f0096ab5d0d192
         http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4.orig.tar.gz
          Size/MD5 checksum:   259474 21cc99ddb9ae91cbe02b2119586f8860
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_alpha.deb
          Size/MD5 checksum:   311378 0ff83a703283cad7faa06609d330d9ef
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_arm.deb
          Size/MD5 checksum:   272324 e6974d354918f6f4d0dffa3bb3eb4b9f
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_i386.deb
          Size/MD5 checksum:   250012 a4f7d586918c3a712d073aa9e8e42bd5
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_ia64.deb
          Size/MD5 checksum:   379856 b63ee72a1a2f4ac16e902ae0f8b5b3e1
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_hppa.deb
          Size/MD5 checksum:   286728 c4c544f15f09199b753848cb7ee417d9
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_m68k.deb
          Size/MD5 checksum:   234410 91682fc41ab6fb8b57ebfb09681f3180
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_mips.deb
          Size/MD5 checksum:   261874 977e1d059bbaca988a3cb60636e74d17
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_mipsel.deb
          Size/MD5 checksum:   261666 45e1785dd5c17dcbec971fc8024b8787
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_powerpc.deb
          Size/MD5 checksum:   271566 5d25f219fdb987ca014775ae4ae9ee9c
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_s390.deb
          Size/MD5 checksum:   246116 be071c93713eb1257f9a8b8225968ad8
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_sparc.deb
          Size/MD5 checksum:   269392 78b122c5b4145b039dda06d4e16cfe48
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.