Debian Security Advisory DSA 398-1 | security@debian.org |
http://www.debian.org/security/ | Martin Schulze |
November 10th, 2003 | http://www.debian.org/security/faq |
Package | : | conquest |
Vulnerability | : | buffer overlow |
Problem-Type | : | local |
Debian-specific | : | no |
CVE Id | : | CAN-2003-0933 |
Steve Kemp discovered a buffer overflow in the environment
variable handling of conquest, a curses based, real-time,
multi-player space warfare game, which could lead a local attacker
to gain unauthorised access to the group conquest.
For the stable distribution (woody) this problem has been fixed
in version 7.1.1-6woody1.
For the unstable distribution (sid) this problem has been fixed
in version 7.2-5.
We recommend that you upgrade your conquest package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1.dsc
Size/MD5 checksum: 606 89c7be20d34d9176d18eb51f28c7806e
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1.diff.gz
Size/MD5 checksum: 32749 27d90e0b6719579833cb064a2b70dcdb
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1.orig.tar.gz
Size/MD5 checksum: 255029 c02891f6c0c4b8c73a82c1c8185e3025
Alpha architecture:
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_alpha.deb
Size/MD5 checksum: 366064 b6d212bd4a4880488195d47002e66981
ARM architecture:
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_arm.deb
Size/MD5 checksum: 227160 42399fea69c68ce63890e63b1b6c00ef
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_i386.deb
Size/MD5 checksum: 228846 f03fd6daf700e6f3bf8def68eff30d72
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_ia64.deb
Size/MD5 checksum: 402110 ffbff5ca106ee2d41b28aa15e61f74ce
HP Precision architecture:
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_hppa.deb
Size/MD5 checksum: 260870 1348a3b191e52a84302ee6304654007f
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_m68k.deb
Size/MD5 checksum: 215282 02fc3e118af479c039dde99cf400dac7
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_mips.deb
Size/MD5 checksum: 277570 a538cc763893262f56dbcc247d63f75f
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_mipsel.deb
Size/MD5 checksum: 275324 ca3d4e2831592b7a0a9b302845895699
PowerPC architecture:
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_powerpc.deb
Size/MD5 checksum: 267460 6c14f9505b9a70a26b251086fb0a4283
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_s390.deb
Size/MD5 checksum: 241432 f427b9ce0febfe66370b773c84e30a2e
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_sparc.deb
Size/MD5 checksum: 302096 50f45c32dc171f547ade2d0439e3ebe0
These files will probably be moved into the stable distribution
on its next revision.
Debian Security Advisory DSA 399-1 | security@debian.org |
http://www.debian.org/security/ | Martin Schulze |
November 10th, 2003 | http://www.debian.org/security/faq |
Package | : | epic4 |
Vulnerability | : | buffer overflow |
Problem-Type | : | remote |
Debian-specific | : | no |
CVE Id | : | CAN-2003-0328 |
Jeremy Nelson discovered a remotely exploitable buffer overflow
in EPIC4, a popular client for Internet Relay Chat (IRC). A
malicious server could craft a reply which triggers the client to
allocate a negative amount of memory. This could lead to a denial
of service if the client only crashes, but may also lead to
executing of arbitrary code under the user id of the chatting
user.
For the stable distribution (woody) this problem has been fixed
in version 1.1.2.20020219-2.2.
For the unstable distribution (sid) this problem has been fixed
in version 1.1.11.20030409-2.
We recommend that you upgrade your epic4 package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2.dsc
Size/MD5 checksum: 632 3bfdb704855cba1347f0d817a14ac811
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2.diff.gz
Size/MD5 checksum: 13465 bc712024ef53fc4f1e50e1d0a8430720
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219.orig.tar.gz
Size/MD5 checksum: 647989 2f5d39e7cc17fd83e455cbc442f45dd0
Alpha architecture:
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_alpha.deb
Size/MD5 checksum: 451484 235857ceb58e9bd9e609e4e7afac8a07
ARM architecture:
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_arm.deb
Size/MD5 checksum: 374938 8c227e918cc44976951b235d2da29355
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_i386.deb
Size/MD5 checksum: 357100 9ef2ed5afc44e11b0c3d60c53e19991e
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_ia64.deb
Size/MD5 checksum: 541986 4d6c24d75acdcf326633afe0188f200d
HP Precision architecture:
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_hppa.deb
Size/MD5 checksum: 423238 17447b982271b8c233a004491f76f372
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_m68k.deb
Size/MD5 checksum: 337644 cdbc15cd7dea8abd7a407e93dded2a26
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_mips.deb
Size/MD5 checksum: 388442 53b524501e1671bd8912cf1607a50f74
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_mipsel.deb
Size/MD5 checksum: 389438 e8fa4bcebaab3ec6b6039d500535a1a3
PowerPC architecture:
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_powerpc.deb
Size/MD5 checksum: 384452 80bcac652557ddf726cf81b649a7c4f6
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_s390.deb
Size/MD5 checksum: 370862 beb0dcb0d0fc71d6182cd12133bc58e8
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_sparc.deb
Size/MD5 checksum: 372884 c6db693e131441d8b6ff0147bf99625a
These files will probably be moved into the stable distribution
on its next revision.
Debian Security Advisory DSA 400-1 | security@debian.org |
http://www.debian.org/security/ | Martin Schulze |
November 11th, 2003 | http://www.debian.org/security/faq |
Package | : | omega-rpg |
Vulnerability | : | buffer overlow |
Problem-Type | : | local |
Debian-specific | : | no |
CVE Id | : | CAN-2003-0932 |
Steve Kemp discovered a buffer overflow in the commandline and
environment variable handling of omega-rpg, a text-based
rogue-style game of dungeon exploration, which could lead a local
attacker to gain unauthorised access to the group games.
For the stable distribution (woody) this problem has been fixed
in version 0.90-pa9-7woody1.
For the unstable distribution (sid) this problem has been fixed
in version 0.90-pa9-11.
We recommend that you upgrade your omega-rpg package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1.dsc
Size/MD5 checksum: 616 ec09d79e6db8d2a26b2419118c82b6d9
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1.diff.gz
Size/MD5 checksum: 9264 9a1c91a88685a9a3ebbd3d303d9af458
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9.orig.tar.gz
Size/MD5 checksum: 425670 decf9c9c5e217a243d87c5693069016f
Alpha architecture:
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_alpha.deb
Size/MD5 checksum: 433086 e0b2fab139c48fd165856261346509ea
ARM architecture:
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_arm.deb
Size/MD5 checksum: 329224 8821937e31ffdeb13ca7707be44f2ee2
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_i386.deb
Size/MD5 checksum: 313176 5f6e8d376c2dcf9eec749a6589410090
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_ia64.deb
Size/MD5 checksum: 499828 aa1d2895cf9bf64ee15e4632286f819c
HP Precision architecture:
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_hppa.deb
Size/MD5 checksum: 367390 bf3008b562d94d34af03cbcecc90e99f
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_m68k.deb
Size/MD5 checksum: 295016 70d31cc87a332a44155ef356ad8e41b5
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_mips.deb
Size/MD5 checksum: 373454 39d6c1c8570fe8aae62a9c7e1c970c6a
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_mipsel.deb
Size/MD5 checksum: 372138 c21602808847f8edf799d7ee4e562899
PowerPC architecture:
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_powerpc.deb
Size/MD5 checksum: 355306 3b6e082c0568bc3e090b017d1366bf97
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_s390.deb
Size/MD5 checksum: 330438 90c057f921d7861f3a511b684d22a630
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_sparc.deb
Size/MD5 checksum: 347386 40762ef4e8f790f1260c7c84bfd24809
These files will probably be moved into the stable distribution
on its next revision.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>