-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 949-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze January 20th, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------
Package : crawl Vulnerability : insecure program execution Problem type : local Debian-specific: no CVE ID : CVE-2006-0044 Steve Kemp from the Debian Security Audit project discovered a security related problem in crawl, another console based dungeon exploration game in the vein of nethack and rogue. The program executes commands insecurely when saving or loading games which can allow local attackers to gain group games privileges. For the old stable distribution (woody) this problem has been fixed in version 4.0.0beta23-2woody2. For the stable distribution (sarge) this problem has been fixed in version 4.0.0beta26-4sarge0. For the unstable distribution (sid) this problem has been fixed in version 4.0.0beta26-7. We recommend that you upgrade your crawl package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2.dsc Size/MD5 checksum: 615 3f43365164bb10f1e1acf6978cb40b96 http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2.diff.gz Size/MD5 checksum: 6982 59cb94176b9b70553b12ca6cedd87c34 http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23.orig.tar.gz Size/MD5 checksum: 1047863 6b988caff871f0df1c8f3cc907f2fce6 Alpha architecture: http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_alpha.deb Size/MD5 checksum: 846396 f9bc757f015f556a80ecaae3b02d48c1 ARM architecture: http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_arm.deb Size/MD5 checksum: 612204 287415a45872ef965aba999a64c83298 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_i386.deb Size/MD5 checksum: 597416 d1a3b10417453873118380d75c074516 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_ia64.deb Size/MD5 checksum: 873002 b6f756cc288bd81c8be43cc7a1b1cb31 HP Precision architecture: http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_hppa.deb Size/MD5 checksum: 710704 66c4a5c9277e542247883f1de8775fd1 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_m68k.deb Size/MD5 checksum: 582424 ea8e73fad36a8715025aa8b55143c1bd Big endian MIPS architecture: http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_mips.deb Size/MD5 checksum: 682570 32a1e35f4f6f337fcffc36f17dd305fe Little endian MIPS architecture: http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_mipsel.deb Size/MD5 checksum: 680114 e208b391467dcbe619f3644f890afddd PowerPC architecture: http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_powerpc.deb Size/MD5 checksum: 627098 341b7a34dfb134ca29432f46194eba08 IBM S/390 architecture: http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_s390.deb Size/MD5 checksum: 595318 cc5e2b868ff1347e31c1439ef0b163d8 Sun Sparc architecture: http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_sparc.deb Size/MD5 checksum: 618824 9e320393a2160741925518dac490d3bb Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0.dsc Size/MD5 checksum: 605 82e38ba8b803845dfbcedddc5c434951 http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0.diff.gz Size/MD5 checksum: 9558 720e80e44a34e38026ba2e92cd54e3bf http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26.orig.tar.gz Size/MD5 checksum: 1111555 8419fb9f161e91e6b1972cdd43b2ac29 Alpha architecture: http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_alpha.deb Size/MD5 checksum: 862362 4527606c8e871fd1ee2102ab906becc5 AMD64 architecture: http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_amd64.deb Size/MD5 checksum: 694574 8beb58cd0111793f82a19022a63b730e ARM architecture: http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_arm.deb Size/MD5 checksum: 684734 002f5e953c2504f4be1224f93da14eb1 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_i386.deb Size/MD5 checksum: 673920 12d2c975ea9f75f4c5bfedaa5c1e297c Intel IA-64 architecture: http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_ia64.deb Size/MD5 checksum: 951644 258b23be336ea596e863ca0518e870ed HP Precision architecture: http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_hppa.deb Size/MD5 checksum: 769528 fae9f289e054d503b5c0290be2f19712 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_m68k.deb Size/MD5 checksum: 594756 6234a30fd30de32b40de5eb8d19e60e4 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_mips.deb Size/MD5 checksum: 749624 beeb446cfba816f535c6ae6e4c791151 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_mipsel.deb Size/MD5 checksum: 748692 d7cd95b1bab7bbae1739ccca6c72374b PowerPC architecture: http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_powerpc.deb Size/MD5 checksum: 701548 e097d40e9a22f2eda2e5da35f71ece6d IBM S/390 architecture: http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_s390.deb Size/MD5 checksum: 656932 5b044f1c47161aea9a0a1d418c989f15 Sun Sparc architecture: http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_sparc.deb Size/MD5 checksum: 670026 71a59cdce362ac861e65f172af1c9e93 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFD0P4gW5ql+IAeqTIRAp9rAJ4vBELMqCUpq8/3sNQ1yJESYo7GjgCfRyM8 yUkz0Lsk17OXiPkOu/UndMk= =4Few -----END PGP SIGNATURE-----