DSA 949-1: New crawl packages fix potential group games execution
Posted on: 01/20/2006 04:52 PM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 949-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 20th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : crawl
Vulnerability : insecure program execution
Problem type : local
Debian-specific: no
CVE ID : CVE-2006-0044

Steve Kemp from the Debian Security Audit project discovered a
security related problem in crawl, another console based dungeon
exploration game in the vein of nethack and rogue. The program
executes commands insecurely when saving or loading games which can
allow local attackers to gain group games privileges.

For the old stable distribution (woody) this problem has been fixed in
version 4.0.0beta23-2woody2.

For the stable distribution (sarge) this problem has been fixed in
version 4.0.0beta26-4sarge0.

For the unstable distribution (sid) this problem has been fixed in
version 4.0.0beta26-7.

We recommend that you upgrade your crawl package.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2.dsc
Size/MD5 checksum: 615 3f43365164bb10f1e1acf6978cb40b96
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2.diff.gz
Size/MD5 checksum: 6982 59cb94176b9b70553b12ca6cedd87c34
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23.orig.tar.gz
Size/MD5 checksum: 1047863 6b988caff871f0df1c8f3cc907f2fce6

Alpha architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_alpha.deb
Size/MD5 checksum: 846396 f9bc757f015f556a80ecaae3b02d48c1

ARM architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_arm.deb
Size/MD5 checksum: 612204 287415a45872ef965aba999a64c83298

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_i386.deb
Size/MD5 checksum: 597416 d1a3b10417453873118380d75c074516

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_ia64.deb
Size/MD5 checksum: 873002 b6f756cc288bd81c8be43cc7a1b1cb31

HP Precision architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_hppa.deb
Size/MD5 checksum: 710704 66c4a5c9277e542247883f1de8775fd1

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_m68k.deb
Size/MD5 checksum: 582424 ea8e73fad36a8715025aa8b55143c1bd

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_mips.deb
Size/MD5 checksum: 682570 32a1e35f4f6f337fcffc36f17dd305fe

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_mipsel.deb
Size/MD5 checksum: 680114 e208b391467dcbe619f3644f890afddd

PowerPC architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_powerpc.deb
Size/MD5 checksum: 627098 341b7a34dfb134ca29432f46194eba08

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_s390.deb
Size/MD5 checksum: 595318 cc5e2b868ff1347e31c1439ef0b163d8

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_sparc.deb
Size/MD5 checksum: 618824 9e320393a2160741925518dac490d3bb


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0.dsc
Size/MD5 checksum: 605 82e38ba8b803845dfbcedddc5c434951
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0.diff.gz
Size/MD5 checksum: 9558 720e80e44a34e38026ba2e92cd54e3bf
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26.orig.tar.gz
Size/MD5 checksum: 1111555 8419fb9f161e91e6b1972cdd43b2ac29

Alpha architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_alpha.deb
Size/MD5 checksum: 862362 4527606c8e871fd1ee2102ab906becc5

AMD64 architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_amd64.deb
Size/MD5 checksum: 694574 8beb58cd0111793f82a19022a63b730e

ARM architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_arm.deb
Size/MD5 checksum: 684734 002f5e953c2504f4be1224f93da14eb1

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_i386.deb
Size/MD5 checksum: 673920 12d2c975ea9f75f4c5bfedaa5c1e297c

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_ia64.deb
Size/MD5 checksum: 951644 258b23be336ea596e863ca0518e870ed

HP Precision architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_hppa.deb
Size/MD5 checksum: 769528 fae9f289e054d503b5c0290be2f19712

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_m68k.deb
Size/MD5 checksum: 594756 6234a30fd30de32b40de5eb8d19e60e4

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_mips.deb
Size/MD5 checksum: 749624 beeb446cfba816f535c6ae6e4c791151

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_mipsel.deb
Size/MD5 checksum: 748692 d7cd95b1bab7bbae1739ccca6c72374b

PowerPC architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_powerpc.deb
Size/MD5 checksum: 701548 e097d40e9a22f2eda2e5da35f71ece6d

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_s390.deb
Size/MD5 checksum: 656932 5b044f1c47161aea9a0a1d418c989f15

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_sparc.deb
Size/MD5 checksum: 670026 71a59cdce362ac861e65f172af1c9e93


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD0P4gW5ql+IAeqTIRAp9rAJ4vBELMqCUpq8/3sNQ1yJESYo7GjgCfRyM8
yUkz0Lsk17OXiPkOu/UndMk=
=4Few
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_949_1_new_crawl_packages_fix_potential_group_games_execution.html)