Debian: New crawl packages fix potential group games execution

    Date27 Jan 2006
    CategoryDebian
    3401
    Posted ByJoe Shakespeare
    Steve Kemp from the Debian Security Audit project discovered a security related problem in crawl, another console based dungeon exploration game in the vein of nethack and rogue. The program executes commands insecurely when saving or loading games which can allow local attackers to gain group games privileges.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 949-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    January 20th, 2006                      http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : crawl
    Vulnerability  : insecure program execution
    Problem type   : local
    Debian-specific: no
    CVE ID         : CVE-2006-0044
    
    Steve Kemp from the Debian Security Audit project discovered a
    security related problem in crawl, another console based dungeon
    exploration game in the vein of nethack and rogue.  The program
    executes commands insecurely when saving or loading games which can
    allow local attackers to gain group games privileges.
    
    For the old stable distribution (woody) this problem has been fixed in
    version 4.0.0beta23-2woody2.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 4.0.0beta26-4sarge0.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 4.0.0beta26-7.
    
    We recommend that you upgrade your crawl package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2.dsc
          Size/MD5 checksum:      615 3f43365164bb10f1e1acf6978cb40b96
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2.diff.gz
          Size/MD5 checksum:     6982 59cb94176b9b70553b12ca6cedd87c34
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23.orig.tar.gz
          Size/MD5 checksum:  1047863 6b988caff871f0df1c8f3cc907f2fce6
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_alpha.deb
          Size/MD5 checksum:   846396 f9bc757f015f556a80ecaae3b02d48c1
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_arm.deb
          Size/MD5 checksum:   612204 287415a45872ef965aba999a64c83298
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_i386.deb
          Size/MD5 checksum:   597416 d1a3b10417453873118380d75c074516
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_ia64.deb
          Size/MD5 checksum:   873002 b6f756cc288bd81c8be43cc7a1b1cb31
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_hppa.deb
          Size/MD5 checksum:   710704 66c4a5c9277e542247883f1de8775fd1
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_m68k.deb
          Size/MD5 checksum:   582424 ea8e73fad36a8715025aa8b55143c1bd
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_mips.deb
          Size/MD5 checksum:   682570 32a1e35f4f6f337fcffc36f17dd305fe
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_mipsel.deb
          Size/MD5 checksum:   680114 e208b391467dcbe619f3644f890afddd
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_powerpc.deb
          Size/MD5 checksum:   627098 341b7a34dfb134ca29432f46194eba08
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_s390.deb
          Size/MD5 checksum:   595318 cc5e2b868ff1347e31c1439ef0b163d8
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_sparc.deb
          Size/MD5 checksum:   618824 9e320393a2160741925518dac490d3bb
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0.dsc
          Size/MD5 checksum:      605 82e38ba8b803845dfbcedddc5c434951
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0.diff.gz
          Size/MD5 checksum:     9558 720e80e44a34e38026ba2e92cd54e3bf
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26.orig.tar.gz
          Size/MD5 checksum:  1111555 8419fb9f161e91e6b1972cdd43b2ac29
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_alpha.deb
          Size/MD5 checksum:   862362 4527606c8e871fd1ee2102ab906becc5
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_amd64.deb
          Size/MD5 checksum:   694574 8beb58cd0111793f82a19022a63b730e
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_arm.deb
          Size/MD5 checksum:   684734 002f5e953c2504f4be1224f93da14eb1
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_i386.deb
          Size/MD5 checksum:   673920 12d2c975ea9f75f4c5bfedaa5c1e297c
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_ia64.deb
          Size/MD5 checksum:   951644 258b23be336ea596e863ca0518e870ed
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_hppa.deb
          Size/MD5 checksum:   769528 fae9f289e054d503b5c0290be2f19712
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_m68k.deb
          Size/MD5 checksum:   594756 6234a30fd30de32b40de5eb8d19e60e4
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_mips.deb
          Size/MD5 checksum:   749624 beeb446cfba816f535c6ae6e4c791151
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_mipsel.deb
          Size/MD5 checksum:   748692 d7cd95b1bab7bbae1739ccca6c72374b
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_powerpc.deb
          Size/MD5 checksum:   701548 e097d40e9a22f2eda2e5da35f71ece6d
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_s390.deb
          Size/MD5 checksum:   656932 5b044f1c47161aea9a0a1d418c989f15
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_sparc.deb
          Size/MD5 checksum:   670026 71a59cdce362ac861e65f172af1c9e93
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"40","type":"x","order":"1","pct":48.78,"resources":[]},{"id":"88","title":"Should be more technical","votes":"13","type":"x","order":"2","pct":15.85,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"29","type":"x","order":"3","pct":35.37,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.