---

Advisories, April 17, 2006

Debian GNU/Linux


Debian Security Advisory DSA 1036-1 security@debian.org
http://www.debian.org/security/
Steve Kemp
April 17th, 2006 http://www.debian.org/security/faq


Package : bsdgames
Vulnerability : buffer overflow
Problem type : local
Debian-specific: no
Debian Bug : 360989
CVE ID : CVE-2006-1744

A buffer overflow problem has been discovered in sail, a game
contained in the bsdgames package, a collection of classic textual
Unix games, which could lead to games group privilege
escalation.

For the old stable distribution (woody) this problem has been
fixed in version 2.13-7woody0.

For the stable distribution (sarge) this problem has been fixed
in version 2.7.59-7sarge1.

For the unstable distribution (sid) this problem has been fixed
in version 2.17-7.

We recommend that you upgrade your bsdgames package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0.dsc

      Size/MD5 checksum: 619
0cbc1e14e3f0b4984e8d98985c6d1f6a
    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0.diff.gz

      Size/MD5 checksum: 11953
3df403ce4490285f5cd42c2be3b28157
    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13.orig.tar.gz

      Size/MD5 checksum: 2340094
cf33f61ce1f0c09a7473ac26a4a0a6ec

Alpha architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_alpha.deb

      Size/MD5 checksum: 951546
01c6877b6279474d70038c04769fe10b

ARM architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_arm.deb

      Size/MD5 checksum: 825156
aa85fd9b7d5b1b0686d617f70c986415

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_i386.deb

      Size/MD5 checksum: 792272
0df5fd34239cdaf52e77b51bd964fec1

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_ia64.deb

      Size/MD5 checksum: 1080424
f6c31e672b7fb022957fdf5ffffcc2b3

HP Precision architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_hppa.deb

      Size/MD5 checksum: 902062
ce94b4c1236ff0a547b8787542163a99

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_m68k.deb

      Size/MD5 checksum: 773600
e9e234782008e026f4f9d6fcfcc3663c

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_mips.deb

      Size/MD5 checksum: 886536
90b5e1cb86e8a6af42238312377b0b3e

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_mipsel.deb

      Size/MD5 checksum: 877910
bc782bfdbf7f06c7c0493e8087c0e0c2

PowerPC architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_powerpc.deb

      Size/MD5 checksum: 844230
79740beab215f0bbe9c2db402f618980

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_s390.deb

      Size/MD5 checksum: 831284
668c366d766dfde80fad3db29022f20a

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_sparc.deb

      Size/MD5 checksum: 928022
b122af325cfdbc115a4f65ace24acf67

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1.dsc

      Size/MD5 checksum: 640
4f711fd516a61813f1a3365699b5228e
    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1.diff.gz

      Size/MD5 checksum: 11320
a83f445ca93fcc857e23774658adf6e0
    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17.orig.tar.gz

      Size/MD5 checksum: 2563311
238a38a3a017ca9b216fc42bde405639

Alpha architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_alpha.deb

      Size/MD5 checksum: 1174660
5efca9433af26290a847a2038e0ae4e6

AMD64 architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_amd64.deb

      Size/MD5 checksum: 1026244
131a5f257d2dd1318e035b24ac0fab2a

ARM architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_arm.deb

      Size/MD5 checksum: 990704
f20c4c664fc79a956e9fb8e1d83fc4dd

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_i386.deb

      Size/MD5 checksum: 963154
521cc98b003db27c2bbf05afba7cea27

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_ia64.deb

      Size/MD5 checksum: 1312824
fb241efb5d1e5fb2d81ac95884e5ce6c

HP Precision architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_hppa.deb

      Size/MD5 checksum: 1090242
358e7b6a7b3e3bd64dcee450a188ca88

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_m68k.deb

      Size/MD5 checksum: 915186
ca87f4cfd2269b14e01e9a5e477ae572

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_mips.deb

      Size/MD5 checksum: 1123552
2760a604b73c3790bc03d822642a57c3

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_mipsel.deb

      Size/MD5 checksum: 1113750
f33c43e795393cce5c4970da3337d85c

PowerPC architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_powerpc.deb

      Size/MD5 checksum: 1050436
3bf8227a181b7884559c7061ea693335

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_s390.deb

      Size/MD5 checksum: 1029590
5ec74d0de424b23f5e2bbc39673e30bb

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_sparc.deb

      Size/MD5 checksum: 998460
11ae88f58a70f60aad5ccbb62e96f211

These files will probably be moved into the stable distribution
on its next update.


For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200604-08


http://security.gentoo.org/


Severity: Normal
Title: libapreq2: Denial of Service vulnerability
Date: April 17, 2006
Bugs: #128610
ID: 200604-08


Synopsis

A vulnerability has been reported in libapreq2 which could lead
to a Denial of Service.

Background

libapreq is a shared library with associated modules for
manipulating client request data via the Apache API.

Affected packages


     Package               /  Vulnerable  /                 Unaffected

  1  www-apache/libapreq2       < 2.07                         >= 2.07

Description

A vulnerability has been reported in the apreq_parse_headers()
and apreq_parse_urlencoded() functions of Apache2::Request.

Impact

A remote attacker could possibly exploit the vulnerability to
cause a Denial of Service by CPU consumption.

Workaround

There is no known workaround at this time.

Resolution

All libapreq2 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apache/libapreq2-2.07"

References

[ 1 ] CVE-2006-0042

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0042

[ 2 ] libapreq2 Changes


http://svn.apache.org/viewcvs.cgi/httpd/apreq/tags/v2_07/CHANGES?rev=376998&view=markup

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200604-08.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Mandriva Linux


Mandriva Linux Security Advisory MDKSA-2006:072
http://www.mandriva.com/security/


Package : kernel
Date : April 17, 2006
Affected: Corporate 3.0, Multi Network Firewall 2.0


Problem Description:

A number of vulnerabilities were discovered and corrected in the
Linux 2.6 kernel:

Prior to Linux kernel 2.6.5, a numeric casting discrepancy in
sdla_xfer allowed local users to read portions of kernel memory
(CVE-2004-2607).

Prior to 2.6.12, multiple “range checking flaws” in ISO9660
filesystem handler could allow attackers to cause a DoS or corrupt
memory via a crafted filesystem (CVE-2005-0815).

Prior to 2.6.14-rc5, when running IPv6, the udp_v6_get_port
function allowed local users to cause a DoS (infinite loop and
crash) (CVE-2005-2973).

A race condition when threads are sharing memory mapping via
CLONE_VM could allow local users to cause a DoS (deadlock) by
triggering a core dump (CVE-2005-3106).

When one thread is tracing another thread that shares the same
memory map, could allow local users to cause a DoS (deadlock) by
forcing a core dump (CVE-2005-3107).

A race condition in the ebtables netfilter module, when running
on an SMP system under heavy load, might allow remote attackers to
cause a DoS (crash) via series of packets that cause a value to be
modified after if has been read but before it has been locked
(CVE-2005-3110).

Prior to 2.6.14.2, the ptrace functionality, using CLONE_THREAD,
does not use the thread group ID to check whether it is attaching
to itself, allowing local users to cause a DoS (crash)
(CVE-2005-3783).

Prior to 2.6.14, the IPv6 flow label handling code modified the
wrong variable in certain circumstances, which allowed local user
to corrupt kernel memory or cause a DoS (crash) by triggering a
free of nonallocated memory (CVE-2005-3806).

Prior to 2.6.12.6 and 2.6.13, a memory leak in the
icmp_push_reply function allowed remote attackers to cause a DoS
(memory consumption) via a large number of crafted packets
(CVE-2005-3848).

Prior to 2.6.15-rc3, the time_out_leases function allowed local
users to cause a DoS (kernel log message consumption) by causing a
large number of broken leases, which is recorded to the log using
the printk function (CVE-2005-3857).

In addition to these security fixes, other fixes have been
included such as:

  • fix nfs blocksize setting (bk tree)
  • update sata_sil to 0.9
  • update ndiswrapper to 1.0
  • update 3w-9xxx to 2.26.04.007 (9550SX support)
  • update tg3 “ng” (3.6)
  • add support for ATI IXP400 audio (alsa) and ide
  • add support for new sata_sil chipset for RS480 platforms
    (NEC)
  • add support for MCP51 IDE & NIC (nForce 430)
  • various x86_64 fixes from newer kernels
  • sata_nv: support for MCP51
  • piix: ICH7 support
  • add netcell and piccolo support
  • updated e100 and e1000 drivers from 2006
  • updated aic79xx

The provided packages are patched to fix these vulnerabilities.
All users are encouraged to upgrade to these updated kernels.

To update your kernel, please follow the directions located
at:

http://www.mandriva.com/en/security/kernelupdate


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2607

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0815

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2973

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3106

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3107

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3110

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3783

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3806

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3848

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3857


Updated Packages:

Corporate 3.0:
f6616fba9e654a35e4790cc4503d7dc0
corporate/3.0/RPMS/kernel-2.6.3.31mdk-1-1mdk.i586.rpm
9e435e279b3a2de6bc3b893600d18933
corporate/3.0/RPMS/kernel-BOOT-2.6.3.31mdk-1-1mdk.i586.rpm
5f74a8004d02ec87b7f12bba021c6f6a
corporate/3.0/RPMS/kernel-enterprise-2.6.3.31mdk-1-1mdk.i586.rpm

463709928da83f9eaff7347dca277731
corporate/3.0/RPMS/kernel-i686-up-4GB-2.6.3.31mdk-1-1mdk.i586.rpm

4d623beb36a409f300adb9a2abcb782d
corporate/3.0/RPMS/kernel-p3-smp-64GB-2.6.3.31mdk-1-1mdk.i586.rpm

ae070db81ce88a70a74e60e6ed0ddd9a
corporate/3.0/RPMS/kernel-secure-2.6.3.31mdk-1-1mdk.i586.rpm
ed34b5257ddceff31b4e7097c90da9d3
corporate/3.0/RPMS/kernel-smp-2.6.3.31mdk-1-1mdk.i586.rpm
e2916491b2b1e9e8fcace72656c6c6d8
corporate/3.0/RPMS/kernel-source-2.6.3-31mdk.i586.rpm
71c1e84859bd10aa13dbfdf38b27107f
corporate/3.0/RPMS/kernel-source-stripped-2.6.3-31mdk.i586.rpm
e93989bf2e25c73258bf769b8cff61fb
corporate/3.0/SRPMS/kernel-2.6.3.31mdk-1-1mdk.src.rpm

Corporate 3.0/X86_64:
06e84e162e5daaa17121aec16fde8a37
x86_64/corporate/3.0/RPMS/kernel-2.6.3.31mdk-1-1mdk.x86_64.rpm
2cca09b2cb90cefe786e7766fa732fa9
x86_64/corporate/3.0/RPMS/kernel-BOOT-2.6.3.31mdk-1-1mdk.x86_64.rpm

1f56b193cb6b4412a09243e90595524a
x86_64/corporate/3.0/RPMS/kernel-secure-2.6.3.31mdk-1-1mdk.x86_64.rpm

baf7a827f2e0994eac1d93e99060e5b0
x86_64/corporate/3.0/RPMS/kernel-smp-2.6.3.31mdk-1-1mdk.x86_64.rpm

85949fefb7e2be8248d843e1977ffa28
x86_64/corporate/3.0/RPMS/kernel-source-2.6.3-31mdk.x86_64.rpm
3d6bd0850c3dc497d68097a023800593
x86_64/corporate/3.0/RPMS/kernel-source-stripped-2.6.3-31mdk.x86_64.rpm

e93989bf2e25c73258bf769b8cff61fb
x86_64/corporate/3.0/SRPMS/kernel-2.6.3.31mdk-1-1mdk.src.rpm

Multi Network Firewall 2.0:
8f28ce72ba80cfe274f6b874ffd872a7
mnf/2.0/RPMS/kernel-2.6.3.31mdk-1-1mdk.i586.rpm
d920396687b976d6be02952319a346b9
mnf/2.0/RPMS/kernel-i686-up-4GB-2.6.3.31mdk-1-1mdk.i586.rpm
8ce1c9bf7091048152723d06cdad7e04
mnf/2.0/RPMS/kernel-p3-smp-64GB-2.6.3.31mdk-1-1mdk.i586.rpm
5ce744875a7d3e5f29cd8e29c02460e5
mnf/2.0/RPMS/kernel-secure-2.6.3.31mdk-1-1mdk.i586.rpm
5139ebdc96d687e5ac6f10dc05c87849
mnf/2.0/RPMS/kernel-smp-2.6.3.31mdk-1-1mdk.i586.rpm
57345c3e2c354da4ddbc11449ceb124c
mnf/2.0/SRPMS/kernel-2.6.3.31mdk-1-1mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis