copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » By Operating... » UNIX (all) » Linux (all) » Debian GNU/L... » ESB-2006.0626 -- [UNIX/Linux][Debian] -- New gtetrin...
 

ESB-2006.0626 -- [UNIX/Linux][Debian] -- New gtetrinet packages fix arbitrary code execution
Date: 31 August 2006

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                   ESB-2006.0626 -- [UNIX/Linux][Debian]
            New gtetrinet packages fix arbitrary code execution
                              31 August 2006

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              gtetrinet
Publisher:            Debian
Operating System:     Debian GNU/Linux 3.1
                      UNIX variants (UNIX, Linux, OSX)
Impact:               Execute Arbitrary Code/Commands
Access:               Remote/Unauthenticated
CVE Names:            CVE-2006-3125

Original Bulletin:    http://www.debian.org/security/2006/dsa-1163

Comment: This advisory references vulnerabilities in products which run on
         platforms other than Debian. It is recommended that administrators
         running gtetrinet check for an updated version of the software for
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1163-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
August 30th, 2006                       http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : gtetrinet
Vulnerability  : programming error
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2006-3125

Michael Gehring discovered several potential out-of-bounds index
accesses in gtetrinet, a multiplayer Tetris-like game, which may allow
a remove server to execute arbitrary code.

For the stable distribution (sarge) these problems have been fixed in
version 0.7.8-1sarge2.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your gtetrinet package.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2.dsc
      Size/MD5 checksum:     1458 f0e79e08b32da17b7fec81953058bfd6
    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2.diff.gz
      Size/MD5 checksum:     6536 8e5ec47971abaefe25c81eddbd08df03
    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8.orig.tar.gz
      Size/MD5 checksum:   513790 bff5b52ead863ac2ac859880abbab2c4

  Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_alpha.deb
      Size/MD5 checksum:   305500 ada4429dedbe5c2a6481e2a0a7c2b8aa

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_amd64.deb
      Size/MD5 checksum:   295034 657a0a323a479444ed04becdd494726d

  ARM architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_arm.deb
      Size/MD5 checksum:   289166 7fceb7b8fd84d2e4e4792222e1ea74bf

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_i386.deb
      Size/MD5 checksum:   291430 8e395773c184dfdb379342fc3805e9ce

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_ia64.deb
      Size/MD5 checksum:   316198 76659d5ee5072dfb30c58d9967239936

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_hppa.deb
      Size/MD5 checksum:   297686 c55008b4d7d679311a41a331cd3fc437

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_m68k.deb
      Size/MD5 checksum:   284212 9b70187f40dac186929be12f38c900dc

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_mips.deb
      Size/MD5 checksum:   291736 9a30091ac2ab35a65bb4f0689dca0705

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_mipsel.deb
      Size/MD5 checksum:   290484 1fc68ebb2e3ea41326500e6394c41a6e

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_powerpc.deb
      Size/MD5 checksum:   293458 8b005ce2049acc89205c9aa74dd3fc4f

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_s390.deb
      Size/MD5 checksum:   295194 2fc0597edcad6cc1af5d7b08c734ae08

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_sparc.deb
      Size/MD5 checksum:   289322 e944d44ed1aa2e9ae32d9d8571affd33


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE9aDTW5ql+IAeqTIRAsueAKCY2HDPMsy7JRPI6QsBZBEJDDoD0QCfblE2
jQ1NIFLKDlHpIpdBCxxa3RE=
=WMbc
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRPYjrCh9+71yA2DNAQKvlQP+M3dLP79q9Zpu4d+PMLOmEnFoSh+73pQO
yacTaT/DnOpQaaY2m/Bh06E+dZApSrH95Mp5588RBt7DrKakqKUuABv3BX3ffHZY
ZXi3gzjAV5/xmHWCIhsLwL7gQRL8t99NOYVDmNZ6EjLmPuTY0PgRkgttqNxcUQAy
+D7WHvY7p4g=
=R6M4
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/render.html?cid=55&it=6693