Debian: New crossfire packages fix arbitrary code execution

    Date13 Mar 2006
    CategoryDebian
    5140
    Posted ByLinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1001-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                         Moritz Muehlenhoff
    March 14th, 2006                        http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : crossfire
    Vulnerability  : buffer overflow
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CVE-2006-1010
    
    It was discovered that Crossfire, a multiplayer adventure game, performs
    insufficient bounds checking on network packets when run in "oldsocketmode",
    which may possibly lead to the execution of arbitrary code.
    
    For the old stable distribution (woody) this problem has been fixed in
    version 1.1.0-1woody1.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 1.6.0.dfsg.1-4sarge1.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 1.9.0-1.
    
    We recommend that you upgrade your crossfire packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.1.0-1woody1.dsc
          Size/MD5 checksum:      646 4ff35e7baf70ac9b4d876a343df40523
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.1.0-1woody1.diff.gz
          Size/MD5 checksum:    46407 7071659d9ec374fb41e20c5016f3a238
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.1.0.orig.tar.gz
          Size/MD5 checksum:  3057431 824e6d9a91ee0321629a9e99ad4e264f
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-doc_1.1.0-1woody1_all.deb
          Size/MD5 checksum:   584300 aa7bf89a453427102d7eec4901958158
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_alpha.deb
          Size/MD5 checksum:   193680 4553b585641d5db5f9d3e903cbbe6398
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_alpha.deb
          Size/MD5 checksum:  2097780 26d3b684b495b0f76fa405baffff8a9c
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_arm.deb
          Size/MD5 checksum:   156280 fb833dd6ddea050831a878f4d5dac277
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_arm.deb
          Size/MD5 checksum:  1993866 fc828be05ece9869a8b09efda952ac47
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_i386.deb
          Size/MD5 checksum:   141064 04096cf1a3b3f82ad6a1b2d75e125990
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_i386.deb
          Size/MD5 checksum:  1954024 24b5735f4f798b110e11cab773b94e5f
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_ia64.deb
          Size/MD5 checksum:   243704 13d507b4def182c7eb01b0aaa3542e29
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_ia64.deb
          Size/MD5 checksum:  2223706 5ff21345dda8ae6f76165f9b96834b0b
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_hppa.deb
          Size/MD5 checksum:   175512 7a53530fe3a05303eef58f1306c761dc
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_hppa.deb
          Size/MD5 checksum:  2047542 77c5b0976be319841e9f7d9a494633e9
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_m68k.deb
          Size/MD5 checksum:   134514 73f71be557835f00d90110c0e26b585c
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_m68k.deb
          Size/MD5 checksum:  1925234 7b19ddb9146470eed7476a9ddcb6df9d
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_mips.deb
          Size/MD5 checksum:   170386 64dcc9e48ef8cad2c7f49d912c48af4c
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_mips.deb
          Size/MD5 checksum:  2034962 8c961860a9608559ffcbb3491e3aa91d
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_mipsel.deb
          Size/MD5 checksum:   169156 128739ca220efa5f4c99aa75ba372e48
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_mipsel.deb
          Size/MD5 checksum:  2034944 d4c48f6b3321ab16858019fb24a990f4
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_powerpc.deb
          Size/MD5 checksum:   159470 9b7d6cd71d50bf74c0d86de967583e95
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_powerpc.deb
          Size/MD5 checksum:  1998154 e22fc08568e1ad53d00232974ae4a9b1
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_s390.deb
          Size/MD5 checksum:   146038 77725d3b5096df841f4cc07122c7c374
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_s390.deb
          Size/MD5 checksum:  1969130 3419823da4526d93c4ff51422944b292
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_sparc.deb
          Size/MD5 checksum:   156446 5c15333247f6b01c5fe0f82f74793a05
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_sparc.deb
          Size/MD5 checksum:  1986454 86501cb8bbdde74d5ed1daa3e28fa1b1
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.6.0.dfsg.1-4sarge1.dsc
          Size/MD5 checksum:      710 47cf0dc050c3dc4db58feeac549aed6a
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.6.0.dfsg.1-4sarge1.diff.gz
          Size/MD5 checksum:   283564 f407edbb32e765296efe129e603fec6f
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.6.0.dfsg.1.orig.tar.gz
          Size/MD5 checksum:  4329330 67c8ee71b0539d369231764b19cc787e
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-doc_1.6.0.dfsg.1-4sarge1_all.deb
          Size/MD5 checksum:   888620 2fe92277b2bd97e3440234fb65817fac
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_alpha.deb
          Size/MD5 checksum:   374622 e83523a6abcb34c15d1c9f32c371089c
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_alpha.deb
          Size/MD5 checksum:  2758858 28c6d5160b86915dfcdac14bdb4f06c7
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_amd64.deb
          Size/MD5 checksum:   340890 80a175aa2524814233248fac42766563
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_amd64.deb
          Size/MD5 checksum:  2643524 6e1771cf2c74e2154c6cc22c62f4681d
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_arm.deb
          Size/MD5 checksum:   333436 6def0c031898c5ec8246ccc0dd2511e6
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_arm.deb
          Size/MD5 checksum:  2639280 95872038843c495c25793f95c9ba2580
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_i386.deb
          Size/MD5 checksum:   331954 aedcbf3efa10e18e2853d67006aa21d1
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_i386.deb
          Size/MD5 checksum:  2625970 47c01f7b6c84046dfbf9a6a2915ae175
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_ia64.deb
          Size/MD5 checksum:   409386 3f688ee42afd52b1ee6a7a3a46435c14
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_ia64.deb
          Size/MD5 checksum:  2853944 8de1e21285619250aef448616a577bed
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_hppa.deb
          Size/MD5 checksum:   351444 8ee33d936f8e4a07e4035e1160a84036
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_hppa.deb
          Size/MD5 checksum:  2681792 d0a273db4abcfc9231a19332ad843c1d
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_m68k.deb
          Size/MD5 checksum:   307588 9908a5d79b36a911c4f46215ebd02862
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_m68k.deb
          Size/MD5 checksum:  2569634 222e9afbaa4bcb7182031ed72af4bc28
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_mips.deb
          Size/MD5 checksum:   348636 f750bed26179ba592aea5e4d79f3e2bb
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_mips.deb
          Size/MD5 checksum:  2657484 432448d5d3ae242f95604aee81edc252
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_mipsel.deb
          Size/MD5 checksum:   346952 32515c7690ce503fbe1651122b7795ad
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_mipsel.deb
          Size/MD5 checksum:  2656172 7ff1f217d75468a101f09c67e6674604
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_powerpc.deb
          Size/MD5 checksum:   339274 7d54740e5324c9d50b6114c6cb84ccb2
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_powerpc.deb
          Size/MD5 checksum:  2651374 973073875b386fd8ac3fbfa7b77b2147
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_s390.deb
          Size/MD5 checksum:   336618 acb44c42b2a086051324c1a647875bb4
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_s390.deb
          Size/MD5 checksum:  2641718 5713c0271c677bb6d172ce0df82f7b96
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_sparc.deb
          Size/MD5 checksum:   330882 32e90607bd43ebb138af8fb5ba168934
        http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_sparc.deb
          Size/MD5 checksum:  2626822 e763b98558e078806c0bb357ec3fc2ee
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.