dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


Advisories, January 22, 2006

Jan 23, 2006, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 946-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 20th, 2006 http://www.debian.org/security/faq


Package : sudo
Vulnerability : missing input sanitising
Problem type : local
Debian-specific: no
CVE IDs : CVE-2005-4158 CVE-2006-0151
Debian Bug : 342948

It has been discovered that sudo, a privileged program, that provides limited super user privileges to specific users, passes several environment variables to the program that runs with elevated privileges. In the case of include paths (e.g. for Perl, Python, Ruby or other scripting languages) this can cause arbitrary code to be executed as privileged user if the attacker points to a manipulated version of a system library.

This update alters the former behaviour of sudo and limits the number of supported environment variables to LC_*, LANG, LANGUAGE and TERM. Additional variables are only passed through when set as env_check in /etc/sudoers, which might be required for some scripts to continue to work.

For the old stable distribution (woody) this problem has been fixed in version 1.6.6-1.5.

For the stable distribution (sarge) this problem has been fixed in version 1.6.8p7-1.3.

For the unstable distribution (sid) this problem has been fixed in version 1.6.8p12-1.

We recommend that you upgrade your sudo package. For unstable "Defaults = env_reset" need to be addeed to /etc/sudoers manually.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.5.dsc
      Size/MD5 checksum: 587 5283a27497c0b72d5b6e76f9b667e01e
    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.5.diff.gz
      Size/MD5 checksum: 12656 f222453e31614c7acfc5f2dacfa50b7b
    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6.orig.tar.gz
      Size/MD5 checksum: 333074 4da4bf6cf31634cc7a17ec3b69fdc333

Alpha architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.5_alpha.deb
      Size/MD5 checksum: 151566 0962195516363a6c70b74f41891df48a

ARM architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.5_arm.deb
      Size/MD5 checksum: 141552 b302ac8539e200fa462b36486496c4d3

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.5_i386.deb
      Size/MD5 checksum: 135038 6a4e4f7c16f10019bed84e62ba8ec57f

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.5_ia64.deb
      Size/MD5 checksum: 172514 5ddbbf5863765b4cea3f385e0f0fe47a

HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.5_hppa.deb
      Size/MD5 checksum: 147622 b285216580ae99baf70a03dfe42281f4

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.5_m68k.deb
      Size/MD5 checksum: 132792 08c2595bb7daf654dbbfd8714f1e1d3e

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.5_mips.deb
      Size/MD5 checksum: 144486 c58264be61e612b1e5bc79d20c956cfb

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.5_mipsel.deb
      Size/MD5 checksum: 144358 e84c5ae3472ea691625e5e8884873891

PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.5_powerpc.deb
      Size/MD5 checksum: 140702 29508f07787ae9ae35d8d9ad631a3201

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.5_s390.deb
      Size/MD5 checksum: 140338 f4872d03a171887c001f93ab86ef79b2

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.5_sparc.deb
      Size/MD5 checksum: 143150 d80fb2c644c9171a19834711abde3df1

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.3.dsc
      Size/MD5 checksum: 571 f913c6cb8244c9d003518129d88295e8
    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.3.diff.gz
      Size/MD5 checksum: 20818 b14d0f907459fa845431348b56a23649
    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7.orig.tar.gz
      Size/MD5 checksum: 585302 ad65d24f20c736597360d242515e412c

Alpha architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.3_alpha.deb
      Size/MD5 checksum: 176530 646d6d0833893f6a27a238c4c5be553b

AMD64 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.3_amd64.deb
      Size/MD5 checksum: 170024 b83d86e9bf071815692c463eacda677c

ARM architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.3_arm.deb
      Size/MD5 checksum: 163560 95555bc3a9c1f49580fe23af83519fca

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.3_i386.deb
      Size/MD5 checksum: 159630 f0548efecaa7216ff89c9af09c43b01f

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.3_ia64.deb
      Size/MD5 checksum: 195026 2b209260c170ef372bfb7b5b7df4d8a3

HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.3_hppa.deb
      Size/MD5 checksum: 170398 b94e896f58fe39ad4a4cc2d3e93ca667

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.3_m68k.deb
      Size/MD5 checksum: 154978 8d963b31019230fbf94225c5af7e894d

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.3_mips.deb
      Size/MD5 checksum: 168416 36e928d024d13ad2cccab3113b1cdf6e

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.3_mipsel.deb
      Size/MD5 checksum: 168322 5151ab7efe69f880b47c2ee5075707f4

PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.3_powerpc.deb
      Size/MD5 checksum: 165084 ce88c7f407b2825e221ae5da015bcbb9

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.3_s390.deb
      Size/MD5 checksum: 168052 42f00b514e932afd4027b36b2c1bf64e

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.3_sparc.deb
      Size/MD5 checksum: 162408 bb253571ca9c46d8c8675869e52c68b0

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 947-1 security@debian.org
http://www.debian.org/security/ Michael Stone
January 21st, 2006 http://www.debian.org/security/faq


Package : clamav
Vulnerability : heap overflow
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-0162
Debian Bug : 320014

A heap overflow has been discovered in ClamAV, a virus scanner, which could allow an attacker to execute arbitrary code by sending a carefully crafted UPX-encoded executable to a system runnig ClamAV. In addition, other potential overflows have been corrected.

The old stable distribution (woody) does not include ClamAV.

For the stable distribution (sarge) this problem has been fixed in version 0.84-2.sarge.7.

For the unstable distribution (sid) this problem has been fixed in version 0.86.2-1.

We recommend that you upgrade your clamav package immediately.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7.dsc
      Size/MD5 checksum: 872 df3aecc6060155de842ad1851143d85c
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7.diff.gz
      Size/MD5 checksum: 179637 b25e29ec071c32768df2689f3d7061a4
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
      Size/MD5 checksum: 4006624 c43213da01d510faf117daa9a4d5326c

Architecture independent components:

    http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.7_all.deb
      Size/MD5 checksum: 154692 5149fc2bd991fd87863932ed0ac3e7fd
    http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.7_all.deb
      Size/MD5 checksum: 690338 5b7e9db683622fb49b766bfbd9168a4d
    http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.7_all.deb
      Size/MD5 checksum: 123696 6707d97d0544a6cd245d75f3aa1542b1

Alpha architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_alpha.deb
      Size/MD5 checksum: 74672 bfd688e1fa1041d819c3319aa15a8530
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_alpha.deb
      Size/MD5 checksum: 48798 673fc52d2a3fe74bef2637114f2cd453
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_alpha.deb
      Size/MD5 checksum: 2176344 49586708a8006ec8f32e0128e817d2a7
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_alpha.deb
      Size/MD5 checksum: 42110 2f52766489cba71f29daf38455b52020
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_alpha.deb
      Size/MD5 checksum: 255576 f813f572a9b8b83225e4e9ad24461a17
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_alpha.deb
      Size/MD5 checksum: 285310 0135368aab8cb6def0573b62de849964

AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_amd64.deb
      Size/MD5 checksum: 68868 cd0022f63fbd4b64b662c8c8aa092d3e
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_amd64.deb
      Size/MD5 checksum: 44190 4db755a324f658589732bd2ce6aa4b8d
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_amd64.deb
      Size/MD5 checksum: 2173202 cb7d17d25ee13d02ce8c72e0ed06a3e9
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_amd64.deb
      Size/MD5 checksum: 39994 63e129299ea15b26a4ade57e96a452b8
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_amd64.deb
      Size/MD5 checksum: 176356 5846918c951fac82f23a88619a2cea3d
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_amd64.deb
      Size/MD5 checksum: 259488 5df5123b2619575ea5e955550ba71f24

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_i386.deb
      Size/MD5 checksum: 65156 1946d6cf8d0af3ebf4ed758f59c19b65
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_i386.deb
      Size/MD5 checksum: 40204 c64e261503f707d6c647521feda8b4bf
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_i386.deb
      Size/MD5 checksum: 2171518 502a36afbd597e4b0389b4e2621a63ce
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_i386.deb
      Size/MD5 checksum: 38016 b4538b96bf9460a87ffc96a7eeae0f22
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_i386.deb
      Size/MD5 checksum: 159468 50857534f3bac68c8a1825c622fca79d
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_i386.deb
      Size/MD5 checksum: 254174 23d65ce39c60118ad01a5e2f631dcaa7

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_ia64.deb
      Size/MD5 checksum: 81718 b61f42422463bc3ffb660ed4aa580fa4
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_ia64.deb
      Size/MD5 checksum: 55100 301227c416f24fd8d2ef0ab36c9603ba
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_ia64.deb
      Size/MD5 checksum: 2180080 8f4e17639f1c984dd5aea42e938f2f10
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_ia64.deb
      Size/MD5 checksum: 49204 a37aeeba10fb089f32ad70c94bfed116
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_ia64.deb
      Size/MD5 checksum: 251894 02f094895cd7590fb2b2ce2f91d59dcc
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_ia64.deb
      Size/MD5 checksum: 317446 b627015d823405aec3429dc9b7b21e53

HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_hppa.deb
      Size/MD5 checksum: 68186 63eec7e0e90b6fc8f86c3babc6e82f56
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_hppa.deb
      Size/MD5 checksum: 43250 11ba8ecd4a732575461275a7484909f2
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_hppa.deb
      Size/MD5 checksum: 2173636 8e7c104c58b497e7a433ade110d2c180
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_hppa.deb
      Size/MD5 checksum: 39442 ebac1fc335c9439a50bd8d3e006ad453
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_hppa.deb
      Size/MD5 checksum: 202424 3d002ce40e0fc3998ac8a6378e9ca8ce
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_hppa.deb
      Size/MD5 checksum: 283226 4a06474427572cdb4e12b1319f75b04d

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_m68k.deb
      Size/MD5 checksum: 62464 7027409bec94fabd943ff225bd9223e2
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_m68k.deb
      Size/MD5 checksum: 38076 472e2770dbe8604f6cb7911f5eae3476
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_m68k.deb
      Size/MD5 checksum: 2170434 4e34f115c603d78ad8bda209e6af637d
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_m68k.deb
      Size/MD5 checksum: 35070 a23dd7f83de0edd777ec2273779d1bfa
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_m68k.deb
      Size/MD5 checksum: 146176 1a4cea45e3ced312277798317a02f435
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_m68k.deb
      Size/MD5 checksum: 250122 c4da2db2305664e34a1d8c63ceab5e42

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_mips.deb
      Size/MD5 checksum: 67854 863b035070058be0aba33ed4d3dcf05c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_mips.deb
      Size/MD5 checksum: 43676 cf16ba18ec6c1f781305ecc51d58e09d
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_mips.deb
      Size/MD5 checksum: 2172970 117d308e5403c682cfdedfd9adf1794c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_mips.deb
      Size/MD5 checksum: 37674 d4c7280abc505d092eb71bfe3f512a4e
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_mips.deb
      Size/MD5 checksum: 195386 d1b4cf396c148c451ab75b0a330bb564
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_mips.deb
      Size/MD5 checksum: 257298 1c9e948e084bce86929a3607005e63d8

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_mipsel.deb
      Size/MD5 checksum: 67484 9e3d8af7bbe1467e758cc77a4ea8cd01
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_mipsel.deb
      Size/MD5 checksum: 43510 93d697215e9097c1b8591b0bc0b5e63c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_mipsel.deb
      Size/MD5 checksum: 2172916 ff2c34e00fbef8ab22cb9d7dba130fca
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_mipsel.deb
      Size/MD5 checksum: 37966 c7fed399a7710a8b97735fea92582fb7
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_mipsel.deb
      Size/MD5 checksum: 191722 5c1a2761a44b4cd3ef84ffd263de795c
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_mipsel.deb
      Size/MD5 checksum: 254890 ac8cccfc09c1514ca3b3b36f17bfdf4f

PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_powerpc.deb
      Size/MD5 checksum: 69222 23d6780eaef8b389e592bfa56966ad12
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_powerpc.deb
      Size/MD5 checksum: 44584 ebfefcf4dae235511c7e7fa894ebca79
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_powerpc.deb
      Size/MD5 checksum: 2173550 c83136cb13f45502680a4dddb6ba222c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_powerpc.deb
      Size/MD5 checksum: 38872 cd220dfa23ebb70b61ac58ffa4007189
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_powerpc.deb
      Size/MD5 checksum: 187578 a3d58d08dd81372d517cbdf675d60b21
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_powerpc.deb
      Size/MD5 checksum: 264616 76f9bd4db6421a3ddc648995c80d8668

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_s390.deb
      Size/MD5 checksum: 67780 ce6e06ba73a315849d11493941fb9e81
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_s390.deb
      Size/MD5 checksum: 43438 8c9b2489a98ac88e64f8fbda83185fda
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_s390.deb
      Size/MD5 checksum: 2172856 cfbff79cb40c7160a87d0c292657d5bb
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_s390.deb
      Size/MD5 checksum: 38936 a83437aa3b3d90c521e84af

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 948-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
January 20th, 2005 http://www.debian.org/security/faq


Package : kdelibs
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-0019

Maksim Orlovich discovered that the kjs Javascript interpreter, used in the Konqueror web browser and in other parts of KDE, performs insufficient bounds checking when parsing UTF-8 encoded Uniform Resource Identifiers, which may lead to a heap based buffer overflow and the execution of arbitrary code.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in version 3.3.2-6.4

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your kdelibs package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.4.dsc
      Size/MD5 checksum: 1255 3476894f94312ebd9c2c8a09fa226b87
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.4.diff.gz
      Size/MD5 checksum: 404799 fcd85446682b6dc93ff4f286eeaa9a66
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2.orig.tar.gz
      Size/MD5 checksum: 18250342 04f10ddfa8bf9e359f391012806edc04

Architecture independent components:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.3.2-6.4_all.deb
      Size/MD5 checksum: 7094358 0ef3c6eab6e97a739396eb2fc3d6d64e
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.3.2-6.4_all.deb
      Size/MD5 checksum: 11532706 aa95fe32a20da29f86f7e2aa266beb45
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.4_all.deb
      Size/MD5 checksum: 27936 b36ba70cd31eed4b283612df82d06ac5

Alpha architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_alpha.deb
      Size/MD5 checksum: 995496 4bfb3202b2c09187a3db6353651616e7
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_alpha.deb
      Size/MD5 checksum: 9283450 89c2d4bf7eaafffbdcbe2f5cde9989d6
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_alpha.deb
      Size/MD5 checksum: 1245938 359d7c089f1fc049e48e6b51b16788af

AMD64 architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_amd64.deb
      Size/MD5 checksum: 923642 18c3ce5715619fa03aad58f705d9d2fa
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_amd64.deb
      Size/MD5 checksum: 8514354 3e36f3fa8e412aa65b02257e57c1f5d4
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_amd64.deb
      Size/MD5 checksum: 1241634 22b57b5cf22a17b96aa9f5e5ab6428a4

ARM architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_arm.deb
      Size/MD5 checksum: 810878 5386387b194090aeb29f4c4b06af9024
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_arm.deb
      Size/MD5 checksum: 7595288 4bce1f87ecc765cbf899707c0ecac72c
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_arm.deb
      Size/MD5 checksum: 1239290 a8ace690bf0f720d2b6d32b001d380f3

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_i386.deb
      Size/MD5 checksum: 864336 95856f030d0317644a8dac9664166149
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_i386.deb
      Size/MD5 checksum: 8203306 35ae7ad514fbf1ddd5dc3f5c0ffdfb62
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_i386.deb
      Size/MD5 checksum: 1240288 34248445bfa13b95d53f64819d6cda06

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_ia64.deb
      Size/MD5 checksum: 1148478 e1f8faca8072df9854593b7f67c2b611
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_ia64.deb
      Size/MD5 checksum: 10773556 a7dd56a0a94c28eeeab4a7951f479ad9
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_ia64.deb
      Size/MD5 checksum: 1253454 d9c800a9873f5316b57d13b48225d34f

HP Precision architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_hppa.deb
      Size/MD5 checksum: 945076 1f5f53b8d1817f13f2221f777afff224
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_hppa.deb
      Size/MD5 checksum: 9306172 2a2adf406cb31274a17a6bead03e2f7c
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_hppa.deb
      Size/MD5 checksum: 1243582 404a5c61b81426c89c652b9cb51eff18

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_m68k.deb
      Size/MD5 checksum: 837914 d2b462486dc13e4022dbeb1f561f3ea3
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_m68k.deb
      Size/MD5 checksum: 7917378 c1104ff4459b4db71c0312b97d5fb459
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_m68k.deb
      Size/MD5 checksum: 1237728 e4eca74d73b772424d47ca51fbc88c22

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_mips.deb
      Size/MD5 checksum: 876708 012788ab2c0bd7690e0c7494de089b73
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_mips.deb
      Size/MD5 checksum: 7427034 cbe98f1799cc84cb8522efa99e0f56eb
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_mips.deb
      Size/MD5 checksum: 1238294 1d261691486374ff3df5b553d4e228b0

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_mipsel.deb
      Size/MD5 checksum: 872932 2c5db668a9f0a7c02cf42388a565492c
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_mipsel.deb
      Size/MD5 checksum: 7298648 3d938b37843f5f116b3f532bc5e1f794
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_mipsel.deb
      Size/MD5 checksum: 1238174 def3ec949a9b0a228288d99d37526158

PowerPC architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_powerpc.deb
      Size/MD5 checksum: 903514 d907e35f87bbbaedf63c281f7ef94329
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_powerpc.deb
      Size/MD5 checksum: 7923290 817aa4e67c2197debb26f59e16b0127d
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_powerpc.deb
      Size/MD5 checksum: 1242328 431fe37180daffc6700a58588be37d50

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_s390.deb
      Size/MD5 checksum: 892238 85c3de8934b28a8108b1a976cfe4487c
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_s390.deb
      Size/MD5 checksum: 8637560 0289a19093fa788cb7d0872e417b1172
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_s390.deb
      Size/MD5 checksum: 1239678 7b791ffbd6f8abe426025d9bca6de14b

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_sparc.deb
      Size/MD5 checksum: 825084 603b60797e651ebdc570758193f16900
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_sparc.deb
      Size/MD5 checksum: 7747066 3d934ccbb9aa437e03bde173960bee60
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_sparc.deb
      Size/MD5 checksum: 1238936 832a05b1e9c356f2f3ad3350a3edc204

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 949-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 20th, 2006 http://www.debian.org/security/faq


Package : crawl
Vulnerability : insecure program execution
Problem type : local
Debian-specific: no
CVE ID : CVE-2006-0044

Steve Kemp from the Debian Security Audit project discovered a security related problem in crawl, another console based dungeon exploration game in the vein of nethack and rogue. The program executes commands insecurely when saving or loading games which can allow local attackers to gain group games privileges.

For the old stable distribution (woody) this problem has been fixed in version 4.0.0beta23-2woody2.

For the stable distribution (sarge) this problem has been fixed in version 4.0.0beta26-4sarge0.

For the unstable distribution (sid) this problem has been fixed in version 4.0.0beta26-7.

We recommend that you upgrade your crawl package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2.dsc
      Size/MD5 checksum: 615 3f43365164bb10f1e1acf6978cb40b96
    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2.diff.gz
      Size/MD5 checksum: 6982 59cb94176b9b70553b12ca6cedd87c34
    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23.orig.tar.gz
      Size/MD5 checksum: 1047863 6b988caff871f0df1c8f3cc907f2fce6

Alpha architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_alpha.deb
      Size/MD5 checksum: 846396 f9bc757f015f556a80ecaae3b02d48c1

ARM architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_arm.deb
      Size/MD5 checksum: 612204 287415a45872ef965aba999a64c83298

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_i386.deb
      Size/MD5 checksum: 597416 d1a3b10417453873118380d75c074516

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_ia64.deb
      Size/MD5 checksum: 873002 b6f756cc288bd81c8be43cc7a1b1cb31

HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_hppa.deb
      Size/MD5 checksum: 710704 66c4a5c9277e542247883f1de8775fd1

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_m68k.deb
      Size/MD5 checksum: 582424 ea8e73fad36a8715025aa8b55143c1bd

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_mips.deb
      Size/MD5 checksum: 682570 32a1e35f4f6f337fcffc36f17dd305fe

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_mipsel.deb
      Size/MD5 checksum: 680114 e208b391467dcbe619f3644f890afddd

PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_powerpc.deb
      Size/MD5 checksum: 627098 341b7a34dfb134ca29432f46194eba08

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_s390.deb
      Size/MD5 checksum: 595318 cc5e2b868ff1347e31c1439ef0b163d8

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_sparc.deb
      Size/MD5 checksum: 618824 9e320393a2160741925518dac490d3bb

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0.dsc
      Size/MD5 checksum: 605 82e38ba8b803845dfbcedddc5c434951
    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0.diff.gz
      Size/MD5 checksum: 9558 720e80e44a34e38026ba2e92cd54e3bf
    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26.orig.tar.gz
      Size/MD5 checksum: 1111555 8419fb9f161e91e6b1972cdd43b2ac29

Alpha architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_alpha.deb
      Size/MD5 checksum: 862362 4527606c8e871fd1ee2102ab906becc5

AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_amd64.deb
      Size/MD5 checksum: 694574 8beb58cd0111793f82a19022a63b730e

ARM architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_arm.deb
      Size/MD5 checksum: 684734 002f5e953c2504f4be1224f93da14eb1

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_i386.deb
      Size/MD5 checksum: 673920 12d2c975ea9f75f4c5bfedaa5c1e297c

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_ia64.deb
      Size/MD5 checksum: 951644 258b23be336ea596e863ca0518e870ed

HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_hppa.deb
      Size/MD5 checksum: 769528 fae9f289e054d503b5c0290be2f19712

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_m68k.deb
      Size/MD5 checksum: 594756 6234a30fd30de32b40de5eb8d19e60e4

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_mips.deb
      Size/MD5 checksum: 749624 beeb446cfba816f535c6ae6e4c791151

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4