[SECURITY] [DSA 1001-1] New crossfire packages fix arbitrary code execution
Date: Tue, 14 Mar 2006 10:24:34 +0100
From: Moritz Muehlenhoff <jmm@inutil.org.>
Subject: [SECURITY] [DSA 1001-1] New crossfire packages fix arbitrary code execution
Priority: urgent
Resent-Message-ID: <216FcC.A.qpG.xvoFEB@murphy.>
Reply-To: [email protected]
Mail-Followup-To: [email protected]
To: [email protected]
Resent-Date: Tue, 14 Mar 2006 03:25:05 -0600 (CST)
Resent-From: [email protected] (Mailing List Manager)
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1001-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
March 14th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : crossfire
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-1010
It was discovered that Crossfire, a multiplayer adventure game, performs
insufficient bounds checking on network packets when run in "oldsocketmode",
which may possibly lead to the execution of arbitrary code.
For the old stable distribution (woody) this problem has been fixed in
version 1.1.0-1woody1.
For the stable distribution (sarge) this problem has been fixed in
version 1.6.0.dfsg.1-4sarge1.
For the unstable distribution (sid) this problem has been fixed in
version 1.9.0-1.
We recommend that you upgrade your crossfire packages.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.1.0-1woody1.dsc
Size/MD5 checksum: 646 4ff35e7baf70ac9b4d876a343df40523
http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.1.0-1woody1.diff.gz
Size/MD5 checksum: 46407 7071659d9ec374fb41e20c5016f3a238
http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.1.0.orig.tar.gz
Size/MD5 checksum: 3057431 824e6d9a91ee0321629a9e99ad4e264f
Architecture independent components:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-doc_1.1.0-1woody1_all.deb
Size/MD5 checksum: 584300 aa7bf89a453427102d7eec4901958158
Alpha architecture:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_alpha.deb
Size/MD5 checksum: 193680 4553b585641d5db5f9d3e903cbbe6398
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_alpha.deb
Size/MD5 checksum: 2097780 26d3b684b495b0f76fa405baffff8a9c
ARM architecture:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_arm.deb
Size/MD5 checksum: 156280 fb833dd6ddea050831a878f4d5dac277
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_arm.deb
Size/MD5 checksum: 1993866 fc828be05ece9869a8b09efda952ac47
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_i386.deb
Size/MD5 checksum: 141064 04096cf1a3b3f82ad6a1b2d75e125990
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_i386.deb
Size/MD5 checksum: 1954024 24b5735f4f798b110e11cab773b94e5f
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_ia64.deb
Size/MD5 checksum: 243704 13d507b4def182c7eb01b0aaa3542e29
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_ia64.deb
Size/MD5 checksum: 2223706 5ff21345dda8ae6f76165f9b96834b0b
HP Precision architecture:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_hppa.deb
Size/MD5 checksum: 175512 7a53530fe3a05303eef58f1306c761dc
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_hppa.deb
Size/MD5 checksum: 2047542 77c5b0976be319841e9f7d9a494633e9
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_m68k.deb
Size/MD5 checksum: 134514 73f71be557835f00d90110c0e26b585c
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_m68k.deb
Size/MD5 checksum: 1925234 7b19ddb9146470eed7476a9ddcb6df9d
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_mips.deb
Size/MD5 checksum: 170386 64dcc9e48ef8cad2c7f49d912c48af4c
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_mips.deb
Size/MD5 checksum: 2034962 8c961860a9608559ffcbb3491e3aa91d
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_mipsel.deb
Size/MD5 checksum: 169156 128739ca220efa5f4c99aa75ba372e48
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_mipsel.deb
Size/MD5 checksum: 2034944 d4c48f6b3321ab16858019fb24a990f4
PowerPC architecture:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_powerpc.deb
Size/MD5 checksum: 159470 9b7d6cd71d50bf74c0d86de967583e95
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_powerpc.deb
Size/MD5 checksum: 1998154 e22fc08568e1ad53d00232974ae4a9b1
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_s390.deb
Size/MD5 checksum: 146038 77725d3b5096df841f4cc07122c7c374
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_s390.deb
Size/MD5 checksum: 1969130 3419823da4526d93c4ff51422944b292
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_sparc.deb
Size/MD5 checksum: 156446 5c15333247f6b01c5fe0f82f74793a05
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_sparc.deb
Size/MD5 checksum: 1986454 86501cb8bbdde74d5ed1daa3e28fa1b1
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.6.0.dfsg.1-4sarge1.dsc
Size/MD5 checksum: 710 47cf0dc050c3dc4db58feeac549aed6a
http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.6.0.dfsg.1-4sarge1.diff.gz
Size/MD5 checksum: 283564 f407edbb32e765296efe129e603fec6f
http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.6.0.dfsg.1.orig.tar.gz
Size/MD5 checksum: 4329330 67c8ee71b0539d369231764b19cc787e
Architecture independent components:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-doc_1.6.0.dfsg.1-4sarge1_all.deb
Size/MD5 checksum: 888620 2fe92277b2bd97e3440234fb65817fac
Alpha architecture:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_alpha.deb
Size/MD5 checksum: 374622 e83523a6abcb34c15d1c9f32c371089c
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_alpha.deb
Size/MD5 checksum: 2758858 28c6d5160b86915dfcdac14bdb4f06c7
AMD64 architecture:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_amd64.deb
Size/MD5 checksum: 340890 80a175aa2524814233248fac42766563
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_amd64.deb
Size/MD5 checksum: 2643524 6e1771cf2c74e2154c6cc22c62f4681d
ARM architecture:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_arm.deb
Size/MD5 checksum: 333436 6def0c031898c5ec8246ccc0dd2511e6
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_arm.deb
Size/MD5 checksum: 2639280 95872038843c495c25793f95c9ba2580
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_i386.deb
Size/MD5 checksum: 331954 aedcbf3efa10e18e2853d67006aa21d1
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_i386.deb
Size/MD5 checksum: 2625970 47c01f7b6c84046dfbf9a6a2915ae175
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_ia64.deb
Size/MD5 checksum: 409386 3f688ee42afd52b1ee6a7a3a46435c14
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_ia64.deb
Size/MD5 checksum: 2853944 8de1e21285619250aef448616a577bed
HP Precision architecture:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_hppa.deb
Size/MD5 checksum: 351444 8ee33d936f8e4a07e4035e1160a84036
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_hppa.deb
Size/MD5 checksum: 2681792 d0a273db4abcfc9231a19332ad843c1d
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_m68k.deb
Size/MD5 checksum: 307588 9908a5d79b36a911c4f46215ebd02862
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_m68k.deb
Size/MD5 checksum: 2569634 222e9afbaa4bcb7182031ed72af4bc28
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_mips.deb
Size/MD5 checksum: 348636 f750bed26179ba592aea5e4d79f3e2bb
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_mips.deb
Size/MD5 checksum: 2657484 432448d5d3ae242f95604aee81edc252
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_mipsel.deb
Size/MD5 checksum: 346952 32515c7690ce503fbe1651122b7795ad
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_mipsel.deb
Size/MD5 checksum: 2656172 7ff1f217d75468a101f09c67e6674604
PowerPC architecture:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_powerpc.deb
Size/MD5 checksum: 339274 7d54740e5324c9d50b6114c6cb84ccb2
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_powerpc.deb
Size/MD5 checksum: 2651374 973073875b386fd8ac3fbfa7b77b2147
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_s390.deb
Size/MD5 checksum: 336618 acb44c42b2a086051324c1a647875bb4
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_s390.deb
Size/MD5 checksum: 2641718 5713c0271c677bb6d172ce0df82f7b96
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_sparc.deb
Size/MD5 checksum: 330882 32e90607bd43ebb138af8fb5ba168934
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_sparc.deb
Size/MD5 checksum: 2626822 e763b98558e078806c0bb357ec3fc2ee
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEFotzXm3vHE4uyloRArw4AJ9VOxrt+sHceKJ1vBZHFgKzrACL7QCfVW26
dAZXdtXQq8wmIr8HrnWcYy0=
=YvAw
-----END PGP SIGNATURE-----