Debian: New pinball packages fix privilege escalation
Summary
- --------------------------------------------------------------------------Debian Security Advisory DSA 1102-1 security@debian.org http://www.debian.org/security/ Steve Kemp June 26th, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : pinball Vulnerability : design error Problem type : local Debian-specific: no CVE ID : CVE-2006-2196 Steve Kemp from the Debian Security Audit project discovered that pinball, a pinball simulator, can be tricked into loading level plugins from user-controlled directories without dropping privileges. The old stable distribution (woody) does not contain this package. For the stable distribution (sarge) this problem has been fixed in version 0.3.1-3sarge1. For the unstable distribution (sid) this problem has been fixed in version 0.3.1-6. We recommend that you upgrade your pinball package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 811 17ac5604e5bb7e13b938d84012c6ea7c Size/MD5 checksum: 320626 5473ae87027018899b08f12c34ddd538 Size/MD5 checksum: 6082982 f28e8f49e0db8e9491e4d9f0c13c36c6 Architecture independent components: Size/MD5 checksum: 5542524 c586ed47103f89443cf32f57984ac95c Alpha architecture: Size/MD5 checksum: 189898 6168d325d265c72da1007aaa83c7b9bd Size/MD5 checksum: 325654 caeae82e416a40ad943ff38ce8c5eb98 AMD64 architecture: Size/MD5 checksum: 167050 af8664da7ef5e0d1fd1e1eb86e2a7fc1 Size/MD5 checksum: 242432 36c44eed9de2d48089e7c396e270c98e ARM architecture: Size/MD5 checksum: 193056 52d5e3fb06e529326ae361f739915169 Size/MD5 checksum: 294198 4bc5b7e9d5b1cc0f0b90f91290cf0999 Intel IA-32 architecture: Size/MD5 checksum: 159576 b7fcaf42621d2c356de66c90ea19fab0 Size/MD5 checksum: 219780 7a4877a175b976ca20d25040e0fcab11 Intel IA-64 architecture: Size/MD5 checksum: 221146 717fb85a21f4bd4a535200a7420e16b9 Size/MD5 checksum: 315856 a9a8496a1d029a0d64afb00b0c5fd116 HP Precision architecture: Size/MD5 checksum: 191708 e97c652fb430dbaeb5d367f196ea1ba0 Size/MD5 checksum: 300260 606404a0da99b9884229bee10849413e Motorola 680x0 architecture: Size/MD5 checksum: 160442 1ff1dd9d285de6e7300f8e7eb027c766 Size/MD5 checksum: 223038 a7a4a5a997a05cf929b45529cd81942f Big endian MIPS architecture: Size/MD5 checksum: 166400 05f3ea274037ffb1a2b76fa5a802ff87 Size/MD5 checksum: 263344 ab1b99a12b3be3151f84e94a6073b27f Little endian MIPS architecture: Size/MD5 checksum: 165114 5275bf21b63a2a2c30148d7a7a3aface Size/MD5 checksum: 263394 f287e3ee0a11745580f175585112632b PowerPC architecture: Size/MD5 checksum: 170788 bb51f1dc4d1f9a5cd7b244111b61bb42 Size/MD5 checksum: 245192 d390d54045f7ac70bf63164ba672a4d0 IBM S/390 architecture: Size/MD5 checksum: 152218 873670da1cc02dbe495c7254d4c5e316 Size/MD5 checksum: 214592 074ea5085ed5c727b9e4fcf9ce0574c2 Sun Sparc architecture: Size/MD5 checksum: 159116 43ba78279f91e1da5268c71af524b3ab Size/MD5 checksum: 233376 ec2531c5979bc0e6df6ec5f34d4d7d48 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.