DSA 1102-1: New pinball packages fix privilege escalation
Posted on: 06/26/2006 05:12 AM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1102-1 security@debian.org
http://www.debian.org/security/ Steve Kemp
June 26th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : pinball
Vulnerability : design error
Problem type : local
Debian-specific: no
CVE ID : CVE-2006-2196

Steve Kemp from the Debian Security Audit project discovered that
pinball, a pinball simulator, can be tricked into loading level
plugins from user-controlled directories without dropping privileges.

The old stable distribution (woody) does not contain this package.

For the stable distribution (sarge) this problem has been fixed in
version 0.3.1-3sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 0.3.1-6.

We recommend that you upgrade your pinball package.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1.dsc
Size/MD5 checksum: 811 17ac5604e5bb7e13b938d84012c6ea7c
http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1.diff.gz
Size/MD5 checksum: 320626 5473ae87027018899b08f12c34ddd538
http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1.orig.tar.gz
Size/MD5 checksum: 6082982 f28e8f49e0db8e9491e4d9f0c13c36c6

Architecture independent components:

http://security.debian.org/pool/updates/main/p/pinball/pinball-data_0.3.1-3sarge1_all.deb
Size/MD5 checksum: 5542524 c586ed47103f89443cf32f57984ac95c

Alpha architecture:

http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_alpha.deb
Size/MD5 checksum: 189898 6168d325d265c72da1007aaa83c7b9bd
http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_alpha.deb
Size/MD5 checksum: 325654 caeae82e416a40ad943ff38ce8c5eb98

AMD64 architecture:

http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_amd64.deb
Size/MD5 checksum: 167050 af8664da7ef5e0d1fd1e1eb86e2a7fc1
http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_amd64.deb
Size/MD5 checksum: 242432 36c44eed9de2d48089e7c396e270c98e

ARM architecture:

http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_arm.deb
Size/MD5 checksum: 193056 52d5e3fb06e529326ae361f739915169
http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_arm.deb
Size/MD5 checksum: 294198 4bc5b7e9d5b1cc0f0b90f91290cf0999

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_i386.deb
Size/MD5 checksum: 159576 b7fcaf42621d2c356de66c90ea19fab0
http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_i386.deb
Size/MD5 checksum: 219780 7a4877a175b976ca20d25040e0fcab11

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_ia64.deb
Size/MD5 checksum: 221146 717fb85a21f4bd4a535200a7420e16b9
http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_ia64.deb
Size/MD5 checksum: 315856 a9a8496a1d029a0d64afb00b0c5fd116

HP Precision architecture:

http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_hppa.deb
Size/MD5 checksum: 191708 e97c652fb430dbaeb5d367f196ea1ba0
http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_hppa.deb
Size/MD5 checksum: 300260 606404a0da99b9884229bee10849413e

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_m68k.deb
Size/MD5 checksum: 160442 1ff1dd9d285de6e7300f8e7eb027c766
http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_m68k.deb
Size/MD5 checksum: 223038 a7a4a5a997a05cf929b45529cd81942f

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_mips.deb
Size/MD5 checksum: 166400 05f3ea274037ffb1a2b76fa5a802ff87
http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_mips.deb
Size/MD5 checksum: 263344 ab1b99a12b3be3151f84e94a6073b27f

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_mipsel.deb
Size/MD5 checksum: 165114 5275bf21b63a2a2c30148d7a7a3aface
http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_mipsel.deb
Size/MD5 checksum: 263394 f287e3ee0a11745580f175585112632b

PowerPC architecture:

http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_powerpc.deb
Size/MD5 checksum: 170788 bb51f1dc4d1f9a5cd7b244111b61bb42
http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_powerpc.deb
Size/MD5 checksum: 245192 d390d54045f7ac70bf63164ba672a4d0

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_s390.deb
Size/MD5 checksum: 152218 873670da1cc02dbe495c7254d4c5e316
http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_s390.deb
Size/MD5 checksum: 214592 074ea5085ed5c727b9e4fcf9ce0574c2

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_sparc.deb
Size/MD5 checksum: 159116 43ba78279f91e1da5268c71af524b3ab
http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_sparc.deb
Size/MD5 checksum: 233376 ec2531c5979bc0e6df6ec5f34d4d7d48


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEn1jjW5ql+IAeqTIRAvCLAJ9SRvjwVuQClzXvrpNch1WBBgtB5wCdHqhZ
bFTwjMf8G4MaC4jc9+hTxYs=
=s19d
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1102_1_new_pinball_packages_fix_privilege_escalation.html)