From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1737-1
[email protected] http://www.debian.org/security/ Steffen Joeris
March 11, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : wesnoth
Vulnerability : several vulnerabilities
Problem type : remote
Debian-specific: no
CVE Ids : CVE-2009-0366 CVE-2009-0367
Several security issues have been discovered in wesnoth, a fantasy
turn-based strategy game. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2009-0366
Daniel Franke discovered that the wesnoth server is prone to a denial of service attack when receiving special crafted compressed data.
CVE-2009-0367
Daniel Franke discovered that the sandbox implementation for the python
AIs can be used to execute arbitrary python code on wesnoth clients. In
order to prevent this issue, the python support has been disabled. A compatibility patch was included, so that the affected campagne is still working properly.
For the stable distribution (lenny), these problems have been fixed in
version 1.4.4-2+lenny1.
For the oldstable distribution (etch), these problems have been fixed
in version 1.2-5.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 1.4.7-4.
We recommend that you upgrade your wesnoth packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-5.dsc
Size/MD5 checksum: 908 13b2424eea086adcad02b938684cc12a
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2.orig.tar.gz
Size/MD5 checksum: 74823113 722a459282abe6d04dbe228d031c088e
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-5.diff.gz
Size/MD5 checksum: 37822 ba8821ce92bfd56e036e49ea6e2531a0
Architecture independent packages:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-data_1.2-5_all.deb
Size/MD5 checksum: 24525466 591ef75a9100039197c0f1c9158a9e2c
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-music_1.2-5_all.deb
Size/MD5 checksum: 25575278 648efb6dac567763a6fcf5a92f4c6d24
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-tsg_1.2-5_all.deb
Size/MD5 checksum: 1453160 0223f87ade242a0b96e76b0dd770fe27
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-trow_1.2-5_all.deb
Size/MD5 checksum: 4095912 ea0e14709dfd5541b434e44f02e5a945
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-ttb_1.2-5_all.deb
Size/MD5 checksum: 344160 ced00a2ced60e7132d0ce25687d9e9d3
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-ei_1.2-5_all.deb
Size/MD5 checksum: 1016982 f3c6dfed6b98f3d74f3c9acfcd69a5a8
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-utbs_1.2-5_all.deb
Size/MD5 checksum: 4827956 8d7dc2407649d09594cf14c3b95535df
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-httt_1.2-5_all.deb
Size/MD5 checksum: 4853808 46b6cf5a221fe2e0d5c188347f3453db
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-5_alpha.deb
Size/MD5 checksum: 346526 56c5e0724c81f37eb9bbfd6172535803
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-5_alpha.deb
Size/MD5 checksum: 2254222 c66cd5c8593b3bfddccb93d1678f13c2
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-5_alpha.deb
Size/MD5 checksum: 1771958 0c71e3b4eb856cb184be051ae7488c07
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-5_amd64.deb
Size/MD5 checksum: 313816 0022303edc4c3d99c59aac3414584136
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-5_amd64.deb
Size/MD5 checksum: 1956750 c815f8494db4091db1a13c9f5a82f10e
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-5_amd64.deb
Size/MD5 checksum: 1535928 42fcb96edf4c9dc8dd31f53e424bc998
arm architecture (ARM)
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-5_arm.deb
Size/MD5 checksum: 345862 8fc03a9a800d814cf054401326155b43
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-5_arm.deb
Size/MD5 checksum: 2342256 b70222fbf3ae9de65ff6370cf5192d00
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-5_arm.deb
Size/MD5 checksum: 1844082 f2ed2017b9885ab5bdb0df1377fcd875
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-5_hppa.deb
Size/MD5 checksum: 346016 3133ac98595bc88fe58952a7e56a5ffc
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-5_hppa.deb
Size/MD5 checksum: 2201310 3fffed12d8600b6a3f400579c2eb3c92
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-5_hppa.deb
Size/MD5 checksum: 1734068 2b25c4077809c0b67d38eff9792f1b0d
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-5_i386.deb
Size/MD5 checksum: 1988260 d8c1dace179c86cf5f0a437443e3434a
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-5_i386.deb
Size/MD5 checksum: 1553660 4d69f813bfa2f55c6a4bb6d5b004c5b1
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-5_i386.deb
Size/MD5 checksum: 316530 af623a5c82c4c9c52dd3db4fa4a8e2cb
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-5_ia64.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)