Debian: New freeciv packages fix arbitrary code execution

- --------------------------------------------------------------------------Debian Security Advisory DSA 1142-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
August 4th, 2006                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------Package        : freeciv
Vulnerability  : missing bouncary checks
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2006-3913
BugTraq ID     : 19117
Debian Bug     : 381378

Luigi Auriemma discovered missing boundary checks in freeciv, a clone
of the well known Civilisation game, which can be exploited by remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code.

For the stable distribution (sarge) these problems have been fixed in
version 2.0.1-1sarge2.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your freeciv package.


Upgrade Instructions
- --------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------  Source archives:

          Size/MD5 checksum:      997 18498d24b54250ab8af555d1d37a58f8
          Size/MD5 checksum:    45177 f4ec2a9e5c535f8575f82da1acb31786
          Size/MD5 checksum: 11086541 2deea98d258138325f590ec52d530a96

  Architecture independent components:

          Size/MD5 checksum:  3843642 7549950e9a2603c30dea3996d90a501b
          Size/MD5 checksum:    11486 2eb9487aa46c184425c2ee753aeea408
          Size/MD5 checksum:    11488 b76ae39e8da49198ea7b4f22fc4d4d61
          Size/MD5 checksum:    11476 313b69df56d17e4b4ce355828a4931bc

  Alpha architecture:

          Size/MD5 checksum:   590380 3a46c7102fb7720c6b22c9260bd6e0e0
          Size/MD5 checksum:   514700 a61852b93a19a6081529c52592a2c01d
          Size/MD5 checksum:   591250 6489e88abf589ae4c551197f00ed2a76

  AMD64 architecture:

          Size/MD5 checksum:   476452 88e8b7db6194537fa688d17942bcdae2
          Size/MD5 checksum:   409102 c0f9a3698267f94f2549844c039cb28e
          Size/MD5 checksum:   465952 17f7e28d44dd3e92419fd3c7b421581c

  ARM architecture:

          Size/MD5 checksum:   423188 b18cb6fa46ab087b9f40192262864d6a
          Size/MD5 checksum:   361720 38d5539132b1353c9936a8712ff02a52
          Size/MD5 checksum:   419792 7c93feca1fe53d90b021322c7682d111

  Intel IA-32 architecture:

          Size/MD5 checksum:   440948 3702e9ac054ba9ec5a92447622bc01ac
          Size/MD5 checksum:   366832 7a3ec68f830307fb2cba056fa32e370b
          Size/MD5 checksum:   430298 981b279b36cabff252e6a91d22573bb4

  Intel IA-64 architecture:

          Size/MD5 checksum:   659204 c74609605998269044046cbf22542a15
          Size/MD5 checksum:   582314 0dc7ef5486694446014b99950c1dca4e
          Size/MD5 checksum:   684488 ff9b193af4be8186cb15e6baba922b59

  HP Precision architecture:

          Size/MD5 checksum:   497434 9f26b32389fa0202d95e8deae0af5684
          Size/MD5 checksum:   430048 5bb2ab51d5df4d835c153dedd37d141e
          Size/MD5 checksum:   491856 bea4c5a866f2c438a02ff0e31cfaf4ae

  Motorola 680x0 architecture:

          Size/MD5 checksum:   373434 c09262a7902569f53880ea08f33a8676
          Size/MD5 checksum:   306794 8889d4409be406bbbd12fec876f9b363
          Size/MD5 checksum:   355074 c2cb934868408d9e65abf96d8545f943

  Big endian MIPS architecture:

          Size/MD5 checksum:   454590 bea2a98c3167d1edf978dce16d21201d
          Size/MD5 checksum:   425812 57f82500284148e5339f9c356b801bb2
          Size/MD5 checksum:   479602 4adeaeeda8106e690a5ff98139f756a6

  Little endian MIPS architecture:

          Size/MD5 checksum:   453720 6c3b76369a22f49b72e7c137391cc6ac
          Size/MD5 checksum:   424618 c5ddd9950387d3df225781e161c26e6d
          Size/MD5 checksum:   481472 9a016d4dbaa24ff2de7413450da9e4cc

  PowerPC architecture:

          Size/MD5 checksum:   456204 50e3f85bdda583cf075555a833c06ad6
          Size/MD5 checksum:   393738 7bb561e2df36d0435f392168a100d64d
          Size/MD5 checksum:   460074 8a5c403853f1a953249430b8a09e40ed

  IBM S/390 architecture:

          Size/MD5 checksum:   460912 de810a4e95df7e151c14fee404a8450c
          Size/MD5 checksum:   395748 ee388ca83a3ff6e97e13e605983eea8b
          Size/MD5 checksum:   448188 3e104b06fe2de82396bb7e0148a10e78

  Sun Sparc architecture:

          Size/MD5 checksum:   423448 332e72e600c0dd5b8c2278b239654a6f
          Size/MD5 checksum:   360112 2ea0092164c79b2eb235fa26ee93dadd
          Size/MD5 checksum:   421234 1f0355398a7737cb6b04a07978417415


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Debian: New freeciv packages fix arbitrary code execution

Summary

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
