-------------------------------------------------------------------------- Debian Security Advisory DSA 334-1 security@debian.org Debian -- Security Information Matt Zimmerman June 28th, 2003 Debian -- Debian security FAQ -------------------------------------------------------------------------- Package : xgalaga Vulnerability : buffer overflows Problem-Type : local Debian-specific: no CVE Ids : CAN-2003-0454 Steve Kemp discovered several buffer overflows in xgalaga, a game, which can be triggered by a long HOME environment variable. This vulnerability could be exploited by a local attacker to gain gid 'games'. For the stable distribution (woody) this problem has been fixed in version 2.0.34-19woody1. For the unstable distribution (sid) this problem is fixed in version 2.0.34-22. We recommend that you update your xgalaga package. Upgrade Instructions -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody -------------------------------- Source archives: Size/MD5 checksum: 576 746a62bbc0e1fe3e402ebf0baf7d409f Size/MD5 checksum: 33875 cca65c5c025fe964e574ed286bf1a48e Size/MD5 checksum: 314189 9f7ee685e9c4741b5f0edc3f91df9510 Alpha architecture: Size/MD5 checksum: 208352 2ee48a6c41ed2912f9c04b7e5bab0b2f ARM architecture: Size/MD5 checksum: 198666 3bba4b2486e3c48f6d116f55b521180d Intel IA-32 architecture: Size/MD5 checksum: 191654 4fd57335930cb976e93b48993fc159e0 Intel IA-64 architecture: Size/MD5 checksum: 225428 0030ed8957fda5d7787415deceb05b41 HP Precision architecture: Size/MD5 checksum: 211990 8877bd894336e2b4eeae5e90bb76bae9 Motorola 680x0 architecture: Size/MD5 checksum: 192832 5edfdbf20d05364609abd78121e86839 Big endian MIPS architecture: Size/MD5 checksum: 205460 928639b6561e32e4e8f7820dbae789ed Little endian MIPS architecture: Size/MD5 checksum: 202588 27e65f0489cee88c3b2af603764ae66f PowerPC architecture: Size/MD5 checksum: 199984 f0baf858ea5f44368fe14fceb581862f IBM S/390 architecture: Size/MD5 checksum: 200876 a816f3a90931f141ed0d0450d77feb44 Sun Sparc architecture: Size/MD5 checksum: 205648 ce754d6e1665737c7160a14ca47d21f8 These files will probably be moved into the stable distribution on its next revision. --------------------------------------------------------------------------------- For apt-get: deb Debian -- Security Information stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show' and https://packages.debian.org/
Debian: xgalaga Buffer overflow vulnerability
June 28, 2003
Steve Kemp discovered several buffer overflows in xgalaga, a game,which can be triggered by a long HOME environment variable
Summary
Steve Kemp discovered several buffer overflows in xgalaga, a game,
which can be triggered by a long HOME environment variable. This
vulnerability could be exploited by a local attacker to gain gid
'games'.
For the stable distribution (woody) this problem has been fixed in
version 2.0.34-19woody1.
For the unstable distribution (sid) this problem is fixed in version
2.0.34-22.
We recommend that you update your xgalaga package.
Upgrade Instructions
--------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
--------------------------------
Source archives:
Size/MD5 checksum: 576 746a62bbc0e1fe3e402ebf0baf7d409f
Size/MD5 checksum: 33875 cca65c5c025fe964e574ed286bf1a48e
Size/MD5 checksum: 314189 9f7ee685e9c4741b5f0edc3f91df9510
Alpha architecture:
Size/MD5 checksum: 208352 2ee48a6c41ed2912f9c04b7e5bab0b2f
ARM architecture:
Size/MD5 checksum: 198666 3bba4b2486e3c48f6d116f55b521180d
Intel IA-32 architecture:
Size/MD5 checksum: 191654 4fd57335930cb976e93b48993fc159e0
Intel IA-64 architecture:
Size/MD5 checksum: 225428 0030ed8957fda5d7787415deceb05b41
HP Precision architecture:
Size/MD5 checksum: 211990 8877bd894336e2b4eeae5e90bb76bae9
Motorola 680x0 architecture:
Size/MD5 checksum: 192832 5edfdbf20d05364609abd78121e86839
Big endian MIPS architecture:
Size/MD5 checksum: 205460 928639b6561e32e4e8f7820dbae789ed
Little endian MIPS architecture:
Size/MD5 checksum: 202588 27e65f0489cee88c3b2af603764ae66f
PowerPC architecture:
Size/MD5 checksum: 199984 f0baf858ea5f44368fe14fceb581862f
IBM S/390 architecture:
Size/MD5 checksum: 200876 a816f3a90931f141ed0d0450d77feb44
Sun Sparc architecture:
Size/MD5 checksum: 205648 ce754d6e1665737c7160a14ca47d21f8
These files will probably be moved into the stable distribution on
its next revision.
Severity
Package : xgalaga
Vulnerability : buffer overflows
Problem-Type : local
Debian-specific: no
CVE Ids : CAN-2003-0454
News
HOWTOs
Features
About Us
Powered By
