Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [SECURITY] [DSA 1386-1] New wesnoth packages fix denia

from [Martin Schulze] Network Security [Permanent Link]
Subject: [Full-disclosure] [SECURITY] [DSA 1386-1] New wesnoth packages fix denial of service
Date: Mon, 15 Oct 2007 08:46:24 +0200 (CEST) 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1386-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 15th, 2007                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : wesnoth
Vulnerability  : progrmaming error
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2007-3917

A problem has been discovered in the processing of chat messages.
Overly long messages are truncated by the server to a fixed length,
without paying attention to the multibyte characters.  This leads to
invalid UTF-8 on clients and causes an uncaught exception.  Note that
both wesnoth and the wesnoth server are affected.

For the old stable distribution (sarge) this problem has been fixed in
version 0.9.0-6 and in version 1.2.7-1~bpo31+1 of sarge-backports.

For the stable distribution (etch) this problem has been fixed in
version 1.2-2 and in version 1.2.7-1~bpo40+1 of etch-backports.

For the unstable distribution (sid) this problem has been fixed in
version 1.2.7-1.

Packages for the oldstable mips architecture will be added to the
archive later.

We recommend that you upgrade your wesnoth packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6.dsc
      Size/MD5 checksum:      850 86291ea2c7a18b90f85eb39b53f7ca70
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6.diff.gz
      Size/MD5 checksum:    35409 ece9ff9a4cf64ed981a53021194dc204
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0.orig.tar.gz
      Size/MD5 checksum: 36051074 8dd59719631e0e6329a0a25e1dcbf302

  Architecture independent components:

    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-data_0.9.0-6_all.deb
      Size/MD5 checksum: 14752878 ebb6d4c489fb2d407bd86420e27c8dd5
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-ei_0.9.0-6_all.deb
      Size/MD5 checksum:   681962 0b79cab0648b8724af0009c31c8cf7ad
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-httt_0.9.0-6_all.deb
      Size/MD5 checksum:  4373962 d7b166b55e9acd60c01ad236499b98ff
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-music_0.9.0-6_all.deb
      Size/MD5 checksum:  9936830 7ebc2d096866786625189ea20ea66c46
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-sotbe_0.9.0-6_all.deb
      Size/MD5 checksum:  1844794 dbf5d86593828a3e6519b442fd0ffd57
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-tdh_0.9.0-6_all.deb
      Size/MD5 checksum:    66000 b59719ef1470afa2048a9211cf7fc136
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-trow_0.9.0-6_all.deb
      Size/MD5 checksum:  1717942 7b91a835e816b3b56030f200ecde0b96

  Alpha architecture:

    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_alpha.deb
      Size/MD5 checksum:  1901144 b8cff98e1a1bdbd5bab93c0e9a414116
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_alpha.deb
      Size/MD5 checksum:  1518366 2b96bd84f4b327f54a6630218070a916
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_alpha.deb
      Size/MD5 checksum:   229474 065684977aebda989fa5bc47acf06a22

  AMD64 architecture:

    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_amd64.deb
      Size/MD5 checksum:  1521520 bc72757fa955b6abdbab1fdd0471a503
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_amd64.deb
      Size/MD5 checksum:  1209900 2f9b55c89ea8b102ce347c1169c154f7
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_amd64.deb
      Size/MD5 checksum:   197616 fc19ba05943d2e5dca1386c39b70075a

  ARM architecture:

    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_arm.deb
      Size/MD5 checksum:  2608368 17708b565e206b6e636f71be9a137ee4
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_arm.deb
      Size/MD5 checksum:  2031758 a9381b3845b6a305716781cf9e3adf8f
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_arm.deb
      Size/MD5 checksum:   261258 473b78f19604915bcfc647afb02f5f71

  HP Precision architecture:

    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_hppa.deb
      Size/MD5 checksum:  2158256 1baa5680aae24322cae58fc95f35607b
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_hppa.deb
      Size/MD5 checksum:  1711028 e6cda58fe480eb8ddf651c8fc8c1bef0
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_hppa.deb
      Size/MD5 checksum:   247362 3860037bd76d66c9f1b6f9f9c4ea1402

  Intel IA-32 architecture:

    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_i386.deb
      Size/MD5 checksum:  1564748 fb1abacd6f67f44ff26328ce7518f023
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_i386.deb
      Size/MD5 checksum:  1236824 f9708b0fb024c7ecebe2228ce6407031
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_i386.deb
      Size/MD5 checksum:   199806 571df40f963bb6063a21b3384bbc0f01

  Intel IA-64 architecture:

    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_ia64.deb
      Size/MD5 checksum:  2179346 c7561122c10032825635fb45ec33d9d1
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_ia64.deb
      Size/MD5 checksum:  1751082 6e614c2c4aebfc3f27c9ec3f4206d7cf
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_ia64.deb
      Size/MD5 checksum:   260296 2b48beb77863780e89b6eec625669ab8

  Motorola 680x0 architecture:

    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_m68k.deb
      Size/MD5 checksum:  1752714 41f99a69afd924bce90274aadf783cd5
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_m68k.deb
      Size/MD5 checksum:  1381188 e7c3c0bc8946ca83a42f89480a5f0463
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_m68k.deb
      Size/MD5 checksum:   206340 71a4e60951fd27f8460d55329551d260

  Little endian MIPS architecture:

    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_mipsel.deb
      Size/MD5 checksum:  1600034 864b17d2bafbcb149865ed73d2884339
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_mipsel.deb
      Size/MD5 checksum:  1297804 73d554e43189ac6ba73b5fa0da0b28ca
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_mipsel.deb
      Size/MD5 checksum:   218490 ec7a24163c7f7a1256d707212eabf98b

  PowerPC architecture:

    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_powerpc.deb
      Size/MD5 checksum:  1572426 e4e0080b2c5315f4fd7bcb4b74623d3c
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_powerpc.deb
      Size/MD5 checksum:  1257238 78b4f7b1b9a59999d90aa15ecc5facc5
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_powerpc.deb
      Size/MD5 checksum:   205200 4eafd50a6367df679f6c5cb72183043a

  IBM S/390 architecture:

    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_s390.deb
      Size/MD5 checksum:  1290316 25eb64f921ed5249285d45b459e5796c
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_s390.deb
      Size/MD5 checksum:  1034626 5801d36272262bf2e9329f40ba9bf04c
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_s390.deb
      Size/MD5 checksum:   189230 bd78146c81a6463fce3a1b38eec33109

  Sun Sparc architecture:

    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_sparc.deb
      Size/MD5 checksum:  1527554 2affc47e6aa371a8c6827ff80eb8b9db
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_sparc.deb
      Size/MD5 checksum:  1211058 6892a9ed170ad6e7198f9c1868475cc3
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_sparc.deb
      Size/MD5 checksum:   191834 36d475617567547e8b6ed0e1f25da41f


Debian GNU/Linux 4.0 alias etch
- -------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6.dsc
      Size/MD5 checksum:      850 86291ea2c7a18b90f85eb39b53f7ca70
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6.diff.gz
      Size/MD5 checksum:    35409 ece9ff9a4cf64ed981a53021194dc204
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0.orig.tar.gz
      Size/MD5 checksum: 36051074 8dd59719631e0e6329a0a25e1dcbf302

  Architecture independent components:

    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-data_0.9.0-6_all.deb
      Size/MD5 checksum: 14752878 ebb6d4c489fb2d407bd86420e27c8dd5
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-ei_0.9.0-6_all.deb
      Size/MD5 checksum:   681962 0b79cab0648b8724af0009c31c8cf7ad
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-httt_0.9.0-6_all.deb
      Size/MD5 checksum:  4373962 d7b166b55e9acd60c01ad236499b98ff
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-music_0.9.0-6_all.deb
      Size/MD5 checksum:  9936830 7ebc2d096866786625189ea20ea66c46
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-sotbe_0.9.0-6_all.deb
      Size/MD5 checksum:  1844794 dbf5d86593828a3e6519b442fd0ffd57
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-tdh_0.9.0-6_all.deb
      Size/MD5 checksum:    66000 b59719ef1470afa2048a9211cf7fc136
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-trow_0.9.0-6_all.deb
      Size/MD5 checksum:  1717942 7b91a835e816b3b56030f200ecde0b96

  Alpha architecture:

    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_alpha.deb
      Size/MD5 checksum:  1901144 b8cff98e1a1bdbd5bab93c0e9a414116
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_alpha.deb
      Size/MD5 checksum:  1518366 2b96bd84f4b327f54a6630218070a916
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_alpha.deb
      Size/MD5 checksum:   229474 065684977aebda989fa5bc47acf06a22

  AMD64 architecture:

    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_amd64.deb
      Size/MD5 checksum:  1521520 bc72757fa955b6abdbab1fdd0471a503
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_amd64.deb
      Size/MD5 checksum:  1209900 2f9b55c89ea8b102ce347c1169c154f7
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_amd64.deb
      Size/MD5 checksum:   197616 fc19ba05943d2e5dca1386c39b70075a

  ARM architecture:

    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_arm.deb
      Size/MD5 checksum:  2608368 17708b565e206b6e636f71be9a137ee4
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_arm.deb
      Size/MD5 checksum:  2031758 a9381b3845b6a305716781cf9e3adf8f
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_arm.deb
      Size/MD5 checksum:   261258 473b78f19604915bcfc647afb02f5f71

  HP Precision architecture:

    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_hppa.deb
      Size/MD5 checksum:  2158256 1baa5680aae24322cae58fc95f35607b
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_hppa.deb
      Size/MD5 checksum:  1711028 e6cda58fe480eb8ddf651c8fc8c1bef0
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_hppa.deb
      Size/MD5 checksum:   247362 3860037bd76d66c9f1b6f9f9c4ea1402

  Intel IA-32 architecture:

    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_i386.deb
      Size/MD5 checksum:  1564748 fb1abacd6f67f44ff26328ce7518f023
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_i386.deb
      Size/MD5 checksum:  1236824 f9708b0fb024c7ecebe2228ce6407031
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_i386.deb
      Size/MD5 checksum:   199806 571df40f963bb6063a21b3384bbc0f01

  Intel IA-64 architecture:

    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_ia64.deb
      Size/MD5 checksum:  2179346 c7561122c10032825635fb45ec33d9d1
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_ia64.deb
      Size/MD5 checksum:  1751082 6e614c2c4aebfc3f27c9ec3f4206d7cf
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_ia64.deb
      Size/MD5 checksum:   260296 2b48beb77863780e89b6eec625669ab8

  Motorola 680x0 architecture:

    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_m68k.deb
      Size/MD5 checksum:  1752714 41f99a69afd924bce90274aadf783cd5
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_m68k.deb
      Size/MD5 checksum:  1381188 e7c3c0bc8946ca83a42f89480a5f0463
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_m68k.deb
      Size/MD5 checksum:   206340 71a4e60951fd27f8460d55329551d260

  Little endian MIPS architecture:

    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_mipsel.deb
      Size/MD5 checksum:  1600034 864b17d2bafbcb149865ed73d2884339
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_mipsel.deb
      Size/MD5 checksum:  1297804 73d554e43189ac6ba73b5fa0da0b28ca
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_mipsel.deb
      Size/MD5 checksum:   218490 ec7a24163c7f7a1256d707212eabf98b

  PowerPC architecture:

    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_powerpc.deb
      Size/MD5 checksum:  1572426 e4e0080b2c5315f4fd7bcb4b74623d3c
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_powerpc.deb
      Size/MD5 checksum:  1257238 78b4f7b1b9a59999d90aa15ecc5facc5
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_powerpc.deb
      Size/MD5 checksum:   205200 4eafd50a6367df679f6c5cb72183043a

  IBM S/390 architecture:

    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_s390.deb
      Size/MD5 checksum:  1290316 25eb64f921ed5249285d45b459e5796c
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_s390.deb
      Size/MD5 checksum:  1034626 5801d36272262bf2e9329f40ba9bf04c
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_s390.deb
      Size/MD5 checksum:   189230 bd78146c81a6463fce3a1b38eec33109

  Sun Sparc architecture:

    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_sparc.deb
      Size/MD5 checksum:  1527554 2affc47e6aa371a8c6827ff80eb8b9db
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_sparc.deb
      Size/MD5 checksum:  1211058 6892a9ed170ad6e7198f9c1868475cc3
    
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_sparc.deb
      Size/MD5 checksum:   191834 36d475617567547e8b6ed0e1f25da41f


  These files will probably be moved into the stable distribution on
  its next update.

- 
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHEwzAW5ql+IAeqTIRAmZHAKCrqtmIIDisG++tHfWxdtTZ5OMJYgCdFUje
99skTjGfbZ1f66FrchpXpFQ=
=vEzv
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] [SECURITY] [DSA 1386-1] New wesnoth packages fix denial of service, Martin Schulze <=
Previous by Date:  Re: [Full-disclosure] full-disclosure@hushmail.com, Peter Besenbruch
Next by Date:  [Full-disclosure] [SECURITY] [DSA 1386-2] New wesnoth packages fix denial of service, Martin Schulze
Previous by Thread:  [Full-disclosure] Is this an attack?, Kelly Robinson
Next by Thread:  [Full-disclosure] [SECURITY] [DSA 1386-2] New wesnoth packages fix denial of service, Martin Schulze
Indexes:  [Date] [Thread] [Top] [All Lists]