security advisorybuffer overflowcritical
Steve Kemp discovered several buffer overflows in xgalaga, a game,which can be triggered by a long HOME environment variable. Thisvulnerability could be exploited by a local attacker to gain gid'games'.. -------------------------------------------------------------------------- Debian Security Advisory DSA 334-1 This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Matt Zimmerman June 28th, 2003 Debian -- Debian security FAQ -------------------------------------------------------------------------- Package : xgalaga Vulnerability : buffer overflows Problem-Type : local Debian-specific: no CVE Ids : CAN-2003-0454 Steve Kemp discovered several buffer overflows in xgalaga, a game, which can be triggered by a long HOME environment variable. This vulnerability could be exploited by a local attacker to gain gid 'games'. For the stable distribution (woody) this problem has been fixed in version 2.0.34-19woody1. For the unstable distribution (sid) this problem is fixed in version 2.0.34-22. We recommend that you update your xgalaga package. Upgrade Instructions -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody -------------------------------- Source archives: Size/MD5 checksum: 576 746a62bbc0e1fe3e402ebf0baf7d409f Size/MD5 checksum: 33875 cca65c5c025fe964e574ed286bf1a48e Size/MD5 checksum: 314189 9f7ee685e9c4741b5f0edc3f91df9510 Alpha architecture: Size/MD5 checksum: 208352 2ee48a6c41ed2912f9c04b7e5bab0b2f ARM architecture: Size/MD5 checksum: 198666 3bba4b2486e3c48f6d116f55b521180d Intel IA-32 architecture: Size/MD5 checksum: 191654 4fd57335930cb976e93b48993fc159e0 Intel IA-64 architecture: Size/MD5 checksum: 225428 0030ed8957fda5d7787415deceb05b41 HP Precision architecture: Size/MD5 checksum: 211990 8877bd894336e2b4eeae5e90bb76bae9 Motorola 680x0 architecture: Size/MD5 checksum: 192832 5edfdbf20d05364609abd78121e86839 Big endian MIPS architecture: Size/MD5 checksum: 205460 928639b6561e32e4e8f7820dbae789ed Little endian MIPS architecture: Size/MD5 checksum: 202588 27e65f0489cee88c3b2af603764ae66f PowerPC architecture: Size/MD5 checksum: 199984 f0baf858ea5f44368fe14fceb581862f IBM S/390 architecture: Size/MD5 checksum: 200876 a816f3a90931f141ed0d0450d77feb44 Sun Sparc architecture: Size/MD5 checksum: 205648 ce754d6e1665737c7160a14ca47d21f8 These files will probably be moved into the stable distribution on its next revision. --------------------------------------------------------------------------------- For apt-get: deb Debian -- Security Information stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Xgalaga has critical buffer overflow issues allowing local attackers to gain unwanted privileges; update recommended.. Debian Security,xgalaga Exploit,Local Attack,Buffer Overflow,Game Security. . Severity: Critical. LinuxSecurity.com Team
Jun 28, 2003
•Critical
Debian
Refine advisories
