Linux Today: Linux News On Internet Time.

More on LinuxToday

Advisories, February 16, 2006

Feb 17, 2006, 04:45 (0 Talkback[s])

Debian GNU/Linux

Debian Security Advisory DSA 977-1 Martin Schulze
February 16th, 2006

Package : heimdal
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-0582 CVE-2006-0677

Two vulnerabilities have been discovered in heimdal, a free implementation of Kerberos 5. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:


Privilege escalation in the rsh server allows an authenticated attacker to overwrite arbitrary files and gain ownership of them.


A remote attacker could force the telnet server to crash before the user logged in, resulting in inetd turning telnetd off because it forked too fast.

The old stable distribution (woody) does not expose rsh and telnet servers.

For the stable distribution (sarge) these problems have been fixed in version 0.6.3-10sarge2.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your heimdal packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:
      Size/MD5 checksum: 1022 e10ac60af505b2c808c8e06109237753
      Size/MD5 checksum: 3220033 df09ee1a184485a19e6985b75d5f96cf
      Size/MD5 checksum: 3321408 2a9d4bfbdaade7132279758ccd5c0c4f

Architecture independent components:
      Size/MD5 checksum: 1166966 4e8c53168e9d1c884cc288d5fe3df8d1

Alpha architecture:
      Size/MD5 checksum: 308168 d3dec13290df9230d69cc52655c023d2
      Size/MD5 checksum: 70068 eb02f90108c50bfe2edf48c41d49ca4b
      Size/MD5 checksum: 584820 8cfceef35c62d06fa50d8c690b025459
      Size/MD5 checksum: 146738 7b513c8d5db45e7ca49a8a66297446ea
      Size/MD5 checksum: 197460 44958184561d6014ba189d096c56da76
      Size/MD5 checksum: 46004 40ca4b4bfaa57adabeb9145612a47fc1
      Size/MD5 checksum: 77658 3d66c5918c0b37c6e489679914218eb7
      Size/MD5 checksum: 57760 22fee002e9dfbdc56cc63edd740ae6d4
      Size/MD5 checksum: 54470 dc7803799fee7d03d9bab860507eb19d
      Size/MD5 checksum: 39528 af0a21decdadd174d6940f4f1ef2f5d3
      Size/MD5 checksum: 50552 c3a1f1f7900a81942bd418a81e97a150
      Size/MD5 checksum: 38752 b9e9389950f3725f7f05e17274b6a6e1
      Size/MD5 checksum: 157166 a55fc05a97a33b70a06167ebbe3fb77d

AMD64 architecture:
      Size/MD5 checksum: 278562 efb82c9064af44b973ff55b1ee861f61
      Size/MD5 checksum: 66104 f6a3836d17846185a5faffe5d129744d
      Size/MD5 checksum: 471726 489cca63277b77aa71fb10521f73fdda
      Size/MD5 checksum: 136088 edf527cd867f5aaf2f973cbeef7c4b87
      Size/MD5 checksum: 176986 83afbcd448d68088a9cc8faf08a16098
      Size/MD5 checksum: 43224 5709c72070fd717af264069408a21654
      Size/MD5 checksum: 76946 e62281d669e215b7a4a4237d62ce9c84
      Size/MD5 checksum: 53722 d41adf4bc367f61d2c3df6eef087f6cb
      Size/MD5 checksum: 53280 f9e877adf55190db75433c1bf1c88c60
      Size/MD5 checksum: 38402 116c38d3d37143bab2dacb20d950efbe
      Size/MD5 checksum: 48712 88b7d654753b0a0233228dedda33e319
      Size/MD5 checksum: 37336 6def1fb454c66692efa21cc2a79b06d6
      Size/MD5 checksum: 143916 814278fa66f0d60d3befd289dced1d6a

ARM architecture:
      Size/MD5 checksum: 252008 16774d5e4f558af2f2f69c6f0dd82b49
      Size/MD5 checksum: 61834 09eae77631fc52ff1b5c5a527316e6db
      Size/MD5 checksum: 438256 d2c01b64fbcbfdcb734d2f9d28325d36
      Size/MD5 checksum: 124384 be3b9af9bf14fa2674833b361a23d3cd
      Size/MD5 checksum: 160202 4541ae8a15b806d1543b0c38d44b1790
      Size/MD5 checksum: 40562 8e81e4b4dd54b6f01517cc81099070d6
      Size/MD5 checksum: 69310 fc602b684a11928c7689bbc522fd585f
      Size/MD5 checksum: 49976 ddd2a83b7a7ae8e073963ffd6275c84f
      Size/MD5 checksum: 48846 ea9c744c55b867a7644d1585867528ed
      Size/MD5 checksum: 35796 8f0ab4830278c14a9ecd27fc50bd57f9
      Size/MD5 checksum: 43680 ea9404504494f9c06251a338905d7403
      Size/MD5 checksum: 34978 83c5c78107bb94f1496219fc29cf356a
      Size/MD5 checksum: 122806 e084fecf1817edaa50c8834141b456bb

Intel IA-32 architecture:
      Size/MD5 checksum: 253024 095b7895ebf45d2884cfa07d47e111fc
      Size/MD5 checksum: 62224 08bbbd9955100f562691e02f2e94a0dc
      Size/MD5 checksum: 420202 8ff98ab463f9375391797a115c42821f
      Size/MD5 checksum: 126940 f845aa5b23a492a335f870dec75f04da
      Size/MD5 checksum: 162378 a93e74e250f61363c5a83d6e4a31959b
      Size/MD5 checksum: 41428 c7f2e3548ee7e5ddfe6993328852edd6
      Size/MD5 checksum: 75802 5f6a83946f6b8ce519ae9f98f00fa711
      Size/MD5 checksum: 52022 06f2bf9be33e1bdd8664685fea4202dd
      Size/MD5 checksum: 51270 bf3a7a9e63b2fb8a21c7d4621580cf91
      Size/MD5 checksum: 37184 0007b5c855739fb5d36ef5206e02ed9f
      Size/MD5 checksum: 46586 7b3b77f29b3fe448427e8b7f0e880a11
      Size/MD5 checksum: 36120 c5de63ff37629be92d4e9ba69bdec37d
      Size/MD5 checksum: 132878 c800b72bfed47f4d297b517cd46b2b23

Intel IA-64 architecture:
      Size/MD5 checksum: 359684 3f89b62694dba5abf5a4f904295c4afc
      Size/MD5 checksum: 76322 666102cdf71b3aa70d6ae9a0953901dd
      Size/MD5 checksum: 574446 24cfec6a894bed516ed31b52abc87674
      Size/MD5 checksum: 167470 566591403cf6fd985f0a038ba8a7b84a
      Size/MD5 checksum: 223840 70dfbc8ac68fb1ca1d9aa23771517b44
      Size/MD5 checksum: 49062 a490d5d259e12ae4b7c946d2f2f63d38
      Size/MD5 checksum: 86966 4fd49ad65267ec59f77110184c1c49b7
      Size/MD5 checksum: 63298 4d94187db188607071d34eab1af32ed1
      Size/MD5 checksum: 61766 0a691141fca338a4b142ea0db98d5123
      Size/MD5 checksum: 41848 6a8e2618ecd56af7a1e9f501c7d0f808
      Size/MD5 checksum: 55212 73fed674b63b8572da72e3ba86da5ec4
      Size/MD5 checksum: 41782 62a5b908aa424f6bfe45907ed2137a52
      Size/MD5 checksum: 181324 dfc849b3b38fcfe039b0ef2003d25c6c

HP Precision architecture:
      Size/MD5 checksum: 282562 345796850062c1019b97e687b052a47c
      Size/MD5 checksum: 65862 7ad8b87c9f664cf0855ffd8834a14319
      Size/MD5 checksum: 472902 5170ae4e84357e0748d9d8e0900054b9
      Size/MD5 checksum: 134316 5537896e01aa9c0dc1d0bb1f8bad4870
      Size/MD5 checksum: 178012 eb355699315286f0ec9a2ec620bcf61a
      Size/MD5 checksum: 42800 ee2f4e7743292c846e6dee48c8c42dc9
      Size/MD5 checksum: 75876 e98c4350cea1fb10560083cfe0772c1f
      Size/MD5 checksum: 54084 21292023be20d864fb94a919fd76b32d
      Size/MD5 checksum: 54618 ca993b4b2c35be3bfdc1f05d976ea681
      Size/MD5 checksum: 38596 36331ca10868ead56c7b02fffb453af3
      Size/MD5 checksum: 49014 7918b3107fdb8068e13d67b1ae6dbe72
      Size/MD5 checksum: 38150 6f0e5f85b0624ab8646b75413eb21a01
      Size/MD5 checksum: 149118 6952c32cf7b1ac93a9dc2b5fd4b31e82

Motorola 680x0 architecture:
      Size/MD5 checksum: 238546 64969d98e1d59e73e0311df841dab969
      Size/MD5 checksum: 59806 4024904f586f9ae555c6b74338287c51
      Size/MD5 checksum: 386518 6d7701aa9e7fa04184f7a76cdc897f31
      Size/MD5 checksum: 121714 e599a14f334f282c394e8991a6acaa6c
      Size/MD5 checksum: 149354 0cb258e342dc2b6ecaf6cf9fd3e82b59
      Size/MD5 checksum: 40100 b12e4d1f35a19985d02c096e8cd45f38
      Size/MD5 checksum: 62774 2b045ce0eb7d02f2409fb4583f992bc7
      Size/MD5 checksum: 49024 b12967671830fde5fac964d8c8f06fc5
      Size/MD5 checksum: 48238 3a567410926d2de691d53545a218356f
      Size/MD5 checksum: 36126 ef23ecc33c0b8ba2b525aa1096dd1861
      Size/MD5 checksum: 44148 189e4f57b0d0fc6f3ec50bcfa5b422b9
      Size/MD5 checksum: 35148 2ef92b05e4522c44c184149c6660114f
      Size/MD5 checksum: 122890 79088d5df6abc2f1fa607cc484f425d5

Big endian MIPS architecture:
      Size/MD5 checksum: 304102 6d480252912fd1ce32bfa827287369fc
      Size/MD5 checksum: 64830 13dbdb0677038db374a63992690c236a
      Size/MD5 checksum: 475062 9be38e31d4b8f3eec269c5ad2c714201
      Size/MD5 checksum: 145792 9b0c6b487097f8138007bb7a7c1ed2bf
      Size/MD5 checksum: 178858 671ddaad1853d4d4403561778b406fef
      Size/MD5 checksum: 43108 48d33736a237c639097af6f1b6755867
      Size/MD5 checksum: 67504 705dcfd8ad9980314467851fcb0ed150
      Size/MD5 checksum: 50972 aeb27bb296bfbdc4257a4d41d52e7b9b
      Size/MD5 checksum: 49892 d78d82ca357a0f4d83caf405f6df1afe
      Size/MD5 checksum: 36948 94b37bee2a659ae60f22d90efc6cc24b
      Size/MD5 checksum: 45722 7da2fb362d462a5a81246c42d6a6ad7a
      Size/MD5 checksum: 36642 d16a318061526d97be0ccb7b69dfd6e5
      Size/MD5 checksum: 136546 d9b59743566f6ae54283e538164aaddd

Little endian MIPS architecture:
      Size/MD5 checksum: 303770 193b9dcc657a4617aee83bccd8f51521
      Size/MD5 checksum: 64836 23430f0c4319990f0fe14e7c333fad33
      Size/MD5 checksum: 475892 666ef86c4bc5e742cda43bc8eac1a1f3
      Size/MD5 checksum: 145968 70f141e3a42087a983c8a77ee035fcb9
      Size/MD5 checksum: 178692 fb76ef8c826b3b61128dd87049551750
      Size/MD5 checksum: 43064 f67aba409c832f4d5f957cbe7d318c97
      Size/MD5 checksum: 66966 eb35e18dc6a72e638a7036bf4ae40819
      Size/MD5 checksum: 50952 273ec332cdc3e4c1be461f52bff51269
      Size/MD5 checksum: 49644 1f8d69286675079276cb095c87d193c7
      Size/MD5 checksum: 36822 87bb578cb7d69ee8317bcc23cc8609f7
      Size/MD5 checksum: 45614 bd9e21a8ca7109de4e2f8785eb2955e3
      Size/MD5 checksum: 36660 e066186853493a021b12c5924a021a2e
      Size/MD5 checksum: 135588 e80babce9b56d393eaa7317f8f85bcfa

PowerPC architecture:
      Size/MD5 checksum: 285114 b2e5662295b29a94f16553dde81f4c4b
      Size/MD5 checksum: 66366 29b55b0a0c37d34ee4824463e7e29d77
      Size/MD5 checksum: 447702 412884fae086005cbac305dc0a9520fc
      Size/MD5 checksum: 139880 0e4e0160598ab1737238ee36b2603d94
      Size/MD5 checksum: 174640 90954dc5050720f8dc283a20a2fc9216
      Size/MD5 checksum: 43230 af7cb15c62a2bb6dcfde90e6d657c32b
      Size/MD5 checksum: 67664 ec11b36e61a7bf21d000c6976e3b8435
      Size/MD5 checksum: 53484 f482056647a282c273ff68dedd877395
      Size/MD5 checksum: 51510 adb1330dffc3aac84483f1b996d8f8e2
      Size/MD5 checksum: 38116 40bc44f8f04564dcd3b03f807c3a3116
      Size/MD5 checksum: 47596 987efb593aa10b278745dae8d6dbb425
      Size/MD5 checksum: 38186 7085f96d3b800e8b70ba90ba5e2a38b2
      Size/MD5 checksum: 135990 a56809a8f541be1741c4a474d9d8c0fe

IBM S/390 architecture:
      Size/MD5 checksum: 273176 8e7dabaeec5664bf1bd55eef0e8542db
      Size/MD5 checksum: 65380 e4e1d5df8d5976ea10f833b168a36cd8
      Size/MD5 checksum: 451490 850d40f1004c8f851cf1f5ccd805c7d4
      Size/MD5 checksum: 134184 b16df02132587697d32e929654579521
      Size/MD5 checksum: 177260 036625e25b2c0cf8ce2c3c7119cd539d
      Size/MD5 checksum: 43098 73b1d17f38918628b204494269c696d0
      Size/MD5 checksum: 73762 de3a61c6b126b4dec165070e5826e47a
      Size/MD5 checksum: 54840 401afa79056a47af71a76304e0919ea5
      Size/MD5 checksum: 53532 8acf1ac5cdc7587ae23bfde6ede3be49
      Size/MD5 checksum: 38266 76a05ba1c70fdd6c1500703f04a36502
      Size/MD5 checksum: 48958 241223bcef51c769b5ba5a7f54422b65
      Size/MD5 checksum: 37710 984099f6da5d17cb0b498e7ab884444d
      Size/MD5 checksum: 151668 8acf34f0d5aae2f2eabb1028c6692d02

Sun Sparc architecture:
      Size/MD5 checksum: 251694 83fd9620c1f944b2a7dc4bd350b5fc6c
      Size/MD5 checksum: 61200 f5b50fcb6b8769d15b7fdf1cda65c3af
      Size/MD5 checksum: 411580 e68162ff9195fafb453583ae2376b476
      Size/MD5 checksum: 122446 f0bfca04d84e3b66aff03e0de1a01219
      Size/MD5 checksum: 160942 667353263890ca7b35f4b6ea1139b0e8
      Size/MD5 checksum: 40400 7f6d034dd8eceddc7894d9aed3141e25
      Size/MD5 checksum: 63272 db66800a6cc1dbc618b9a5f7f98040d6
      Size/MD5 checksum: 49804 8c209d0f5cc9bb20fa9f7d441c81a360
      Size/MD5 checksum: 48756 2e8b526b2a22023f9cf68be03507b09c
      Size/MD5 checksum: 35876 7c0565f301e0c88f76e7f056de9141f1
      Size/MD5 checksum: 44334 deaf7ac9178e9c4b5b077c2c1f6d9009
      Size/MD5 checksum: 35464 149a92914dc99002162d03037fc098dc
      Size/MD5 checksum: 125432 22e248894abbb22ae7482e2cc97eff13

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200602-08

Severity: High
Title: libtasn1, GNU TLS: Security flaw in DER decoding
Date: February 16, 2006
Bugs: #122307
ID: 200602-08


A flaw in the parsing of Distinguished Encoding Rules (DER) has been discovered in libtasn1, potentially resulting in the execution of arbitrary code.


Libtasn1 is a library used to parse ASN.1 (Abstract Syntax Notation One) objects, and perform DER (Distinguished Encoding Rules) decoding. Libtasn1 is included with the GNU TLS library, which is used by applications to provide a cryptographically secure communications channel.

Affected packages

     Package            /  Vulnerable  /                    Unaffected

1 dev-libs/libtasn1 < 0.2.18 >= 0.2.18 2 net-libs/gnutls < 1.2.10 >= 1.2.10 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures.


Evgeny Legerov has reported a flaw in the DER decoding routines provided by libtasn1, which could cause an out of bounds access to occur.


A remote attacker could cause an application using libtasn1 to crash and potentially execute arbitrary code by sending specially crafted input.


There is no known workaround at this time.


All libtasn1 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/libtasn1-0.2.18"

All GNU TLS users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-libs/gnutls-1.2.10"


[ 1 ] CVE-2006-0645


This GLSA and any updates to it are available for viewing at the Gentoo Security Website:


Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to or alternatively, you may file a bug at


Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

Gentoo Linux Security Advisory GLSA 200602-09

Severity: High
Title: BomberClone: Remote execution of arbitrary code
Date: February 16, 2006
Bugs: #121605
ID: 200602-09


BomberClone is vulnerable to a buffer overflow which may lead to remote execution of arbitrary code.


BomberClone is a remake of the classic game "BomberMan". It supports multiple players via IP network connection.

Affected packages

     Package                   /    Vulnerable    /         Unaffected

  1  games-action/bomberclone      <        >=


Stefan Cornelius of the Gentoo Security team discovered multiple missing buffer checks in BomberClone's code.


By sending overly long error messages to the game via network, a remote attacker may exploit buffer overflows to execute arbitrary code with the rights of the user running BomberClone.


There is no known workaround at this time.


All BomberClone users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=games-action/bomberclone-"


[ 1 ] CVE-2006-0460