From jmm@inutil.org Tue Mar 14 10:46:45 2006 From: Moritz Muehlenhoff Resent-From: list@murphy.debian.org (Mailing List Manager) To: debian-security-announce@lists.debian.org Date: Tue, 14 Mar 2006 10:24:34 +0100 Reply-To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] [SECURITY] [DSA 1001-1] New crossfire packages fix arbitrary code execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1001-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 14th, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : crossfire Vulnerability : buffer overflow Problem-Type : remote Debian-specific: no CVE ID : CVE-2006-1010 It was discovered that Crossfire, a multiplayer adventure game, performs insufficient bounds checking on network packets when run in "oldsocketmode", which may possibly lead to the execution of arbitrary code. For the old stable distribution (woody) this problem has been fixed in version 1.1.0-1woody1. For the stable distribution (sarge) this problem has been fixed in version 1.6.0.dfsg.1-4sarge1. For the unstable distribution (sid) this problem has been fixed in version 1.9.0-1. We recommend that you upgrade your crossfire packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.1.0-1woody1.dsc Size/MD5 checksum: 646 4ff35e7baf70ac9b4d876a343df40523 http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.1.0-1woody1.diff.gz Size/MD5 checksum: 46407 7071659d9ec374fb41e20c5016f3a238 http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.1.0.orig.tar.gz Size/MD5 checksum: 3057431 824e6d9a91ee0321629a9e99ad4e264f Architecture independent components: http://security.debian.org/pool/updates/main/c/crossfire/crossfire-doc_1.1.0-1woody1_all.deb Size/MD5 checksum: 584300 aa7bf89a453427102d7eec4901958158 Alpha architecture: http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_alpha.deb Size/MD5 checksum: 193680 4553b585641d5db5f9d3e903cbbe6398 http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_alpha.deb Size/MD5 checksum: 2097780 26d3b684b495b0f76fa405baffff8a9c ARM architecture: http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_arm.deb Size/MD5 checksum: 156280 fb833dd6ddea050831a878f4d5dac277 http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_arm.deb Size/MD5 checksum: 1993866 fc828be05ece9869a8b09efda952ac47 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_i386.deb Size/MD5 checksum: 141064 04096cf1a3b3f82ad6a1b2d75e125990 http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_i386.deb Size/MD5 checksum: 1954024 24b5735f4f798b110e11cab773b94e5f Intel IA-64 architecture: http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_ia64.deb Size/MD5 checksum: 243704 13d507b4def182c7eb01b0aaa3542e29 http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_ia64.deb Size/MD5 checksum: 2223706 5ff21345dda8ae6f76165f9b96834b0b HP Precision architecture: http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_hppa.deb Size/MD5 checksum: 175512 7a53530fe3a05303eef58f1306c761dc http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_hppa.deb Size/MD5 checksum: 2047542 77c5b0976be319841e9f7d9a494633e9 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_m68k.deb Size/MD5 checksum: 134514 73f71be557835f00d90110c0e26b585c http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_m68k.deb Size/MD5 checksum: 1925234 7b19ddb9146470eed7476a9ddcb6df9d Big endian MIPS architecture: http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_mips.deb Size/MD5 checksum: 170386 64dcc9e48ef8cad2c7f49d912c48af4c http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_mips.deb Size/MD5 checksum: 2034962 8c961860a9608559ffcbb3491e3aa91d Little endian MIPS architecture: http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_mipsel.deb Size/MD5 checksum: 169156 128739ca220efa5f4c99aa75ba372e48 http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_mipsel.deb Size/MD5 checksum: 2034944 d4c48f6b3321ab16858019fb24a990f4 PowerPC architecture: http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_powerpc.deb Size/MD5 checksum: 159470 9b7d6cd71d50bf74c0d86de967583e95 http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_powerpc.deb Size/MD5 checksum: 1998154 e22fc08568e1ad53d00232974ae4a9b1 IBM S/390 architecture: http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_s390.deb Size/MD5 checksum: 146038 77725d3b5096df841f4cc07122c7c374 http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_s390.deb Size/MD5 checksum: 1969130 3419823da4526d93c4ff51422944b292 Sun Sparc architecture: http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_sparc.deb Size/MD5 checksum: 156446 5c15333247f6b01c5fe0f82f74793a05 http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_sparc.deb Size/MD5 checksum: 1986454 86501cb8bbdde74d5ed1daa3e28fa1b1 Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.6.0.dfsg.1-4sarge1.dsc Size/MD5 checksum: 710 47cf0dc050c3dc4db58feeac549aed6a http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.6.0.dfsg.1-4sarge1.diff.gz Size/MD5 checksum: 283564 f407edbb32e765296efe129e603fec6f http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.6.0.dfsg.1.orig.tar.gz Size/MD5 checksum: 4329330 67c8ee71b0539d369231764b19cc787e Architecture independent components: http://security.debian.org/pool/updates/main/c/crossfire/crossfire-doc_1.6.0.dfsg.1-4sarge1_all.deb Size/MD5 checksum: 888620 2fe92277b2bd97e3440234fb65817fac Alpha architecture: http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_alpha.deb Size/MD5 checksum: 374622 e83523a6abcb34c15d1c9f32c371089c http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_alpha.deb Size/MD5 checksum: 2758858 28c6d5160b86915dfcdac14bdb4f06c7 AMD64 architecture: http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_amd64.deb Size/MD5 checksum: 340890 80a175aa2524814233248fac42766563 http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_amd64.deb Size/MD5 checksum: 2643524 6e1771cf2c74e2154c6cc22c62f4681d ARM architecture: http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_arm.deb Size/MD5 checksum: 333436 6def0c031898c5ec8246ccc0dd2511e6 http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_arm.deb Size/MD5 checksum: 2639280 95872038843c495c25793f95c9ba2580 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_i386.deb Size/MD5 checksum: 331954 aedcbf3efa10e18e2853d67006aa21d1 http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_i386.deb Size/MD5 checksum: 2625970 47c01f7b6c84046dfbf9a6a2915ae175 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_ia64.deb Size/MD5 checksum: 409386 3f688ee42afd52b1ee6a7a3a46435c14 http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_ia64.deb Size/MD5 checksum: 2853944 8de1e21285619250aef448616a577bed HP Precision architecture: http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_hppa.deb Size/MD5 checksum: 351444 8ee33d936f8e4a07e4035e1160a84036 http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_hppa.deb Size/MD5 checksum: 2681792 d0a273db4abcfc9231a19332ad843c1d Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_m68k.deb Size/MD5 checksum: 307588 9908a5d79b36a911c4f46215ebd02862 http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_m68k.deb Size/MD5 checksum: 2569634 222e9afbaa4bcb7182031ed72af4bc28 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_mips.deb Size/MD5 checksum: 348636 f750bed26179ba592aea5e4d79f3e2bb http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_mips.deb Size/MD5 checksum: 2657484 432448d5d3ae242f95604aee81edc252 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_mipsel.deb Size/MD5 checksum: 346952 32515c7690ce503fbe1651122b7795ad http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_mipsel.deb Size/MD5 checksum: 2656172 7ff1f217d75468a101f09c67e6674604 PowerPC architecture: http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_powerpc.deb Size/MD5 checksum: 339274 7d54740e5324c9d50b6114c6cb84ccb2 http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_powerpc.deb Size/MD5 checksum: 2651374 973073875b386fd8ac3fbfa7b77b2147 IBM S/390 architecture: http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_s390.deb Size/MD5 checksum: 336618 acb44c42b2a086051324c1a647875bb4 http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_s390.deb Size/MD5 checksum: 2641718 5713c0271c677bb6d172ce0df82f7b96 Sun Sparc architecture: http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_sparc.deb Size/MD5 checksum: 330882 32e90607bd43ebb138af8fb5ba168934 http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_sparc.deb Size/MD5 checksum: 2626822 e763b98558e078806c0bb357ec3fc2ee These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEFotzXm3vHE4uyloRArw4AJ9VOxrt+sHceKJ1vBZHFgKzrACL7QCfVW26 dAZXdtXQq8wmIr8HrnWcYy0= =YvAw -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/