---

Debian GNU/Linux Advisories: conquest, epic4, omega-rpg


Debian Security Advisory DSA 398-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
November 10th, 2003 http://www.debian.org/security/faq

Package : conquest
Vulnerability : buffer overlow
Problem-Type : local
Debian-specific : no
CVE Id : CAN-2003-0933

Steve Kemp discovered a buffer overflow in the environment
variable handling of conquest, a curses based, real-time,
multi-player space warfare game, which could lead a local attacker
to gain unauthorised access to the group conquest.

For the stable distribution (woody) this problem has been fixed
in version 7.1.1-6woody1.

For the unstable distribution (sid) this problem has been fixed
in version 7.2-5.

We recommend that you upgrade your conquest package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:


http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1.dsc

Size/MD5 checksum: 606 89c7be20d34d9176d18eb51f28c7806e

http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1.diff.gz

Size/MD5 checksum: 32749 27d90e0b6719579833cb064a2b70dcdb

http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1.orig.tar.gz

Size/MD5 checksum: 255029 c02891f6c0c4b8c73a82c1c8185e3025

Alpha architecture:


http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_alpha.deb

Size/MD5 checksum: 366064 b6d212bd4a4880488195d47002e66981

ARM architecture:


http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_arm.deb

Size/MD5 checksum: 227160 42399fea69c68ce63890e63b1b6c00ef

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_i386.deb

Size/MD5 checksum: 228846 f03fd6daf700e6f3bf8def68eff30d72

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_ia64.deb

Size/MD5 checksum: 402110 ffbff5ca106ee2d41b28aa15e61f74ce

HP Precision architecture:


http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_hppa.deb

Size/MD5 checksum: 260870 1348a3b191e52a84302ee6304654007f

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_m68k.deb

Size/MD5 checksum: 215282 02fc3e118af479c039dde99cf400dac7

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_mips.deb

Size/MD5 checksum: 277570 a538cc763893262f56dbcc247d63f75f

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_mipsel.deb

Size/MD5 checksum: 275324 ca3d4e2831592b7a0a9b302845895699

PowerPC architecture:


http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_powerpc.deb

Size/MD5 checksum: 267460 6c14f9505b9a70a26b251086fb0a4283

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_s390.deb

Size/MD5 checksum: 241432 f427b9ce0febfe66370b773c84e30a2e

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_sparc.deb

Size/MD5 checksum: 302096 50f45c32dc171f547ade2d0439e3ebe0

These files will probably be moved into the stable distribution
on its next revision.


Debian Security Advisory DSA 399-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
November 10th, 2003 http://www.debian.org/security/faq

Package : epic4
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific : no
CVE Id : CAN-2003-0328

Jeremy Nelson discovered a remotely exploitable buffer overflow
in EPIC4, a popular client for Internet Relay Chat (IRC). A
malicious server could craft a reply which triggers the client to
allocate a negative amount of memory. This could lead to a denial
of service if the client only crashes, but may also lead to
executing of arbitrary code under the user id of the chatting
user.

For the stable distribution (woody) this problem has been fixed
in version 1.1.2.20020219-2.2.

For the unstable distribution (sid) this problem has been fixed
in version 1.1.11.20030409-2.

We recommend that you upgrade your epic4 package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:


http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2.dsc

Size/MD5 checksum: 632 3bfdb704855cba1347f0d817a14ac811

http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2.diff.gz

Size/MD5 checksum: 13465 bc712024ef53fc4f1e50e1d0a8430720

http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219.orig.tar.gz

Size/MD5 checksum: 647989 2f5d39e7cc17fd83e455cbc442f45dd0

Alpha architecture:


http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_alpha.deb

Size/MD5 checksum: 451484 235857ceb58e9bd9e609e4e7afac8a07

ARM architecture:


http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_arm.deb

Size/MD5 checksum: 374938 8c227e918cc44976951b235d2da29355

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_i386.deb

Size/MD5 checksum: 357100 9ef2ed5afc44e11b0c3d60c53e19991e

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_ia64.deb

Size/MD5 checksum: 541986 4d6c24d75acdcf326633afe0188f200d

HP Precision architecture:


http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_hppa.deb

Size/MD5 checksum: 423238 17447b982271b8c233a004491f76f372

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_m68k.deb

Size/MD5 checksum: 337644 cdbc15cd7dea8abd7a407e93dded2a26

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_mips.deb

Size/MD5 checksum: 388442 53b524501e1671bd8912cf1607a50f74

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_mipsel.deb

Size/MD5 checksum: 389438 e8fa4bcebaab3ec6b6039d500535a1a3

PowerPC architecture:


http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_powerpc.deb

Size/MD5 checksum: 384452 80bcac652557ddf726cf81b649a7c4f6

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_s390.deb

Size/MD5 checksum: 370862 beb0dcb0d0fc71d6182cd12133bc58e8

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_sparc.deb

Size/MD5 checksum: 372884 c6db693e131441d8b6ff0147bf99625a

These files will probably be moved into the stable distribution
on its next revision.


Debian Security Advisory DSA 400-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
November 11th, 2003 http://www.debian.org/security/faq

Package : omega-rpg
Vulnerability : buffer overlow
Problem-Type : local
Debian-specific : no
CVE Id : CAN-2003-0932

Steve Kemp discovered a buffer overflow in the commandline and
environment variable handling of omega-rpg, a text-based
rogue-style game of dungeon exploration, which could lead a local
attacker to gain unauthorised access to the group games.

For the stable distribution (woody) this problem has been fixed
in version 0.90-pa9-7woody1.

For the unstable distribution (sid) this problem has been fixed
in version 0.90-pa9-11.

We recommend that you upgrade your omega-rpg package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:


http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1.dsc

Size/MD5 checksum: 616 ec09d79e6db8d2a26b2419118c82b6d9

http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1.diff.gz

Size/MD5 checksum: 9264 9a1c91a88685a9a3ebbd3d303d9af458

http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9.orig.tar.gz

Size/MD5 checksum: 425670 decf9c9c5e217a243d87c5693069016f

Alpha architecture:


http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_alpha.deb

Size/MD5 checksum: 433086 e0b2fab139c48fd165856261346509ea

ARM architecture:


http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_arm.deb

Size/MD5 checksum: 329224 8821937e31ffdeb13ca7707be44f2ee2

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_i386.deb

Size/MD5 checksum: 313176 5f6e8d376c2dcf9eec749a6589410090

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_ia64.deb

Size/MD5 checksum: 499828 aa1d2895cf9bf64ee15e4632286f819c

HP Precision architecture:


http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_hppa.deb

Size/MD5 checksum: 367390 bf3008b562d94d34af03cbcecc90e99f

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_m68k.deb

Size/MD5 checksum: 295016 70d31cc87a332a44155ef356ad8e41b5

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_mips.deb

Size/MD5 checksum: 373454 39d6c1c8570fe8aae62a9c7e1c970c6a

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_mipsel.deb

Size/MD5 checksum: 372138 c21602808847f8edf799d7ee4e562899

PowerPC architecture:


http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_powerpc.deb

Size/MD5 checksum: 355306 3b6e082c0568bc3e090b017d1366bf97

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_s390.deb

Size/MD5 checksum: 330438 90c057f921d7861f3a511b684d22a630

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_sparc.deb

Size/MD5 checksum: 347386 40762ef4e8f790f1260c7c84bfd24809

These files will probably be moved into the stable distribution
on its next revision.


For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis