---

Home Security

Debian GNU/Linux Advisories: noweb, typespeed

By
Debian Security Advisory DSA 323-1 [email protected]
http://www.debian.org/security/ Matt Zimmerman
June 16th, 2003 http://www.debian.org/security/faq
Package : noweb
Vulnerability : insecure temporary files
Problem-Type : local
Debian-specific : no
CVE Id : CAN-2003-0381

Jakob Lell discovered a bug in the ‘noroff’ script included in
noweb whereby a temporary file was created insecurely. During a
review, several other instances of this problem were found and
fixed. Any of these bugs could be exploited by a local user to
overwrite arbitrary files owned by the user invoking the
script.

For the stable distribution (woody) these problems have been
fixed in version 2.9a-7.3.

For old stable distribution (potato) this problem has been fixed
in version 2.9a-5.1.

For the unstable distribution (sid) this problem will be fixed
soon.

We recommend that you update your noweb package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 2.2 alias potato

Source archives:


http://security.debian.org/pool/updates/main/n/noweb/noweb_2.9a-5.1.dsc

Size/MD5 checksum: 597 137a3145bc50159f0b9abd217d9f2f62

http://security.debian.org/pool/updates/main/n/noweb/noweb_2.9a-5.1.diff.gz

Size/MD5 checksum: 69048 a77cc9e502d6e891c6aa74df7b0c9fe5

http://security.debian.org/pool/updates/main/n/noweb/noweb_2.9a.orig.tar.gz

Size/MD5 checksum: 687372 1096b16aaa281a97e269eb5d80236296

Alpha architecture:


http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-5.1_alpha.deb

Size/MD5 checksum: 1327308 10b065044f506c8c548bb6e2c76c5fec

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-5.1_i386.deb

Size/MD5 checksum: 976072 ffa9f84860085bfda89791c79867d3fd

Debian GNU/Linux 3.0 alias woody

Source archives:


http://security.debian.org/pool/updates/main/n/noweb/noweb_2.9a-7.2.dsc

Size/MD5 checksum: 607 ac68c7e4f9057d9b5a38238c28f7d266

http://security.debian.org/pool/updates/main/n/noweb/noweb_2.9a-7.2.diff.gz

Size/MD5 checksum: 41136 122211b0a7590e7cdc21aaa9a890d082

http://security.debian.org/pool/updates/main/n/noweb/noweb_2.9a.orig.tar.gz

Size/MD5 checksum: 687372 1096b16aaa281a97e269eb5d80236296

Alpha architecture:


http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-7.3_alpha.deb

Size/MD5 checksum: 1339532 6f3f10aa4a5056d003c91b3f4564871c

ARM architecture:


http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-7.3_arm.deb

Size/MD5 checksum: 1061418 6ca2d4bd8026333006c2566f918f12ca

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-7.3_i386.deb

Size/MD5 checksum: 966664 b4a1b216e98e3dda4bd62eb37618f1ca

HP Precision architecture:


http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-7.3_hppa.deb

Size/MD5 checksum: 1257458 4d13eb89c7cf9ba72ab0a30e4d5cb7ab

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-7.3_m68k.deb

Size/MD5 checksum: 920562 110bd24b5abaa99d2633121b8b103825

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-7.3_mips.deb

Size/MD5 checksum: 1145274 7dbf6bdbe25c08f94984fbf9b5e2979f

These files will probably be moved into the stable distribution
on its next revision.

Debian Security Advisory DSA 322-1 [email protected]
http://www.debian.org/security/ Matt Zimmerman
June 16th, 2003 http://www.debian.org/security/faq
Package : typespeed
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific : no
CVE Id : CAN-2003-0435

typespeed is a game which challenges the player to type words
correctly and quickly. It contains a network play mode which allows
players on different systems to play competitively. The network
code contains a buffer overflow which could allow a remote attacker
to execute arbitrary code under the privileges of the user invoking
typespeed, in addition to gid games.

For the stable distribution (woody) this problem has been fixed
in version 0.4.1-2.2.

For the old stable distribution (potato) this problem has been
fixed in version 0.4.0-5.2.

For the unstable distribution (sid) this problem will be fixed
soon.

We recommend that you update your typespeed package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 2.2 alias potato

Source archives:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2.dsc

Size/MD5 checksum: 575 767dd2e18754d28aa6358088e28c4093

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2.diff.gz

Size/MD5 checksum: 6972 0c9ccfdb4de0d590c2564dc7234890c3

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0.orig.tar.gz

Size/MD5 checksum: 33037 587b3ca15b32142d24bd452881c64dd1

Alpha architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_alpha.deb

Size/MD5 checksum: 40806 9e3294ddcf9a1cd50ab22f68bc70398f

ARM architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_arm.deb

Size/MD5 checksum: 34768 9f2e9f3a5816625f285a77a6af4d7cba

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_i386.deb

Size/MD5 checksum: 34342 11e219001c13f46d83692e5af4c2297e

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_m68k.deb

Size/MD5 checksum: 33564 cd348d47dac0b37a9d0a5b7a44f2d694

PowerPC architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_powerpc.deb

Size/MD5 checksum: 37066 c1b7f3e5609290a609093b7ac7484cdf

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_sparc.deb

Size/MD5 checksum: 39186 e62aa0e652a33f178b2605036e48fd94

Debian GNU/Linux 3.0 alias woody

Source archives:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2.dsc

Size/MD5 checksum: 575 024a4d1ab64016f9eba9e4044650648d

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2.diff.gz

Size/MD5 checksum: 8355 6dfd0374cbf59287711d6a906db6d9ff

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1.orig.tar.gz

Size/MD5 checksum: 35492 0af9809cd20bd9010732ced930090f32

Alpha architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_alpha.deb

Size/MD5 checksum: 44396 0369a05fe541e5a971fa2c3a51241fce

ARM architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_arm.deb

Size/MD5 checksum: 39072 646893ab59053e1f917ff07bcfd0959b

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_i386.deb

Size/MD5 checksum: 38778 fed120a0eb74f05b64aa3605b893f1aa

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_ia64.deb

Size/MD5 checksum: 50038 7ab9b9c6c4dd8137dd081166d6e665cf

HP Precision architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_hppa.deb

Size/MD5 checksum: 41976 798a5e04cd5f0fb389f0b6f5588104c0

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_m68k.deb

Size/MD5 checksum: 37472 1629b0912b07469909daa6ed168799f6

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_mips.deb

Size/MD5 checksum: 41132 f92ab74c13116dd5e72cd8c8472b8291

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_mipsel.deb

Size/MD5 checksum: 41152 c2232aba2146b647d98ac86ef12110ea

PowerPC architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_powerpc.deb

Size/MD5 checksum: 41324 2937d98be2af68983b8f529f38e6f832

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_s390.deb

Size/MD5 checksum: 38932 a070a445396df2f7a615a16500f49e65

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_sparc.deb

Size/MD5 checksum: 43040 5292c53c201b105265b1a9addb031d7f

These files will probably be moved into the stable distribution
on its next revision.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: [email protected]

Package info: ‘apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.