Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2007.0794 -- [Win][UNIX/Linux][Debian]
New wesnoth packages fix denial of service
16 October 2007
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: wesnoth versions prior to 1.2.7
Publisher: Debian
Operating System: Debian GNU/Linux
UNIX variants (UNIX, Linux, OSX)
Windows
Impact: Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2007-3917
Original Bulletin: http://www.debian.org/security/2007/dsa-1386
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running Wesnoth check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1386-2 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 15th, 2007 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------
Package : wesnoth
Vulnerability : progrmaming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2007-3917
A problem has been discovered in the processing of chat messages.
Overly long messages are truncated by the server to a fixed length,
without paying attention to the multibyte characters. This leads to
invalid UTF-8 on clients and causes an uncaught exception. Note that
both wesnoth and the wesnoth server are affected.
Note: This advisory only updates the MD5 sums for the stable distribution.
For the old stable distribution (sarge) this problem has been fixed in
version 0.9.0-6 and in version 1.2.7-1~bpo31+1 of sarge-backports.
For the stable distribution (etch) this problem has been fixed in
version 1.2-2 and in version 1.2.7-1~bpo40+1 of etch-backports.
For the unstable distribution (sid) this problem has been fixed in
version 1.2.7-1.
Packages for the oldstable mips architecture will be added to the
archive later.
We recommend that you upgrade your wesnoth packages.
Upgrade Instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- - --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6.dsc
Size/MD5 checksum: 850 86291ea2c7a18b90f85eb39b53f7ca70
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6.diff.gz
Size/MD5 checksum: 35409 ece9ff9a4cf64ed981a53021194dc204
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0.orig.tar.gz
Size/MD5 checksum: 36051074 8dd59719631e0e6329a0a25e1dcbf302
Architecture independent components:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-data_0.9.0-6_all.deb
Size/MD5 checksum: 14752878 ebb6d4c489fb2d407bd86420e27c8dd5
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-ei_0.9.0-6_all.deb
Size/MD5 checksum: 681962 0b79cab0648b8724af0009c31c8cf7ad
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-httt_0.9.0-6_all.deb
Size/MD5 checksum: 4373962 d7b166b55e9acd60c01ad236499b98ff
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-music_0.9.0-6_all.deb
Size/MD5 checksum: 9936830 7ebc2d096866786625189ea20ea66c46
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-sotbe_0.9.0-6_all.deb
Size/MD5 checksum: 1844794 dbf5d86593828a3e6519b442fd0ffd57
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-tdh_0.9.0-6_all.deb
Size/MD5 checksum: 66000 b59719ef1470afa2048a9211cf7fc136
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-trow_0.9.0-6_all.deb
Size/MD5 checksum: 1717942 7b91a835e816b3b56030f200ecde0b96
Alpha architecture:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_alpha.deb
Size/MD5 checksum: 1901144 b8cff98e1a1bdbd5bab93c0e9a414116
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_alpha.deb
Size/MD5 checksum: 1518366 2b96bd84f4b327f54a6630218070a916
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_alpha.deb
Size/MD5 checksum: 229474 065684977aebda989fa5bc47acf06a22
AMD64 architecture:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_amd64.deb
Size/MD5 checksum: 1521520 bc72757fa955b6abdbab1fdd0471a503
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_amd64.deb
Size/MD5 checksum: 1209900 2f9b55c89ea8b102ce347c1169c154f7
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_amd64.deb
Size/MD5 checksum: 197616 fc19ba05943d2e5dca1386c39b70075a
ARM architecture:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_arm.deb
Size/MD5 checksum: 2608368 17708b565e206b6e636f71be9a137ee4
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_arm.deb
Size/MD5 checksum: 2031758 a9381b3845b6a305716781cf9e3adf8f
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_arm.deb
Size/MD5 checksum: 261258 473b78f19604915bcfc647afb02f5f71
HP Precision architecture:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_hppa.deb
Size/MD5 checksum: 2158256 1baa5680aae24322cae58fc95f35607b
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_hppa.deb
Size/MD5 checksum: 1711028 e6cda58fe480eb8ddf651c8fc8c1bef0
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_hppa.deb
Size/MD5 checksum: 247362 3860037bd76d66c9f1b6f9f9c4ea1402
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_i386.deb
Size/MD5 checksum: 1564748 fb1abacd6f67f44ff26328ce7518f023
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_i386.deb
Size/MD5 checksum: 1236824 f9708b0fb024c7ecebe2228ce6407031
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_i386.deb
Size/MD5 checksum: 199806 571df40f963bb6063a21b3384bbc0f01
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_ia64.deb
Size/MD5 checksum: 2179346 c7561122c10032825635fb45ec33d9d1
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_ia64.deb
Size/MD5 checksum: 1751082 6e614c2c4aebfc3f27c9ec3f4206d7cf
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_ia64.deb
Size/MD5 checksum: 260296 2b48beb77863780e89b6eec625669ab8
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_m68k.deb
Size/MD5 checksum: 1752714 41f99a69afd924bce90274aadf783cd5
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_m68k.deb
Size/MD5 checksum: 1381188 e7c3c0bc8946ca83a42f89480a5f0463
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_m68k.deb
Size/MD5 checksum: 206340 71a4e60951fd27f8460d55329551d260
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_mipsel.deb
Size/MD5 checksum: 1600034 864b17d2bafbcb149865ed73d2884339
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_mipsel.deb
Size/MD5 checksum: 1297804 73d554e43189ac6ba73b5fa0da0b28ca
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_mipsel.deb
Size/MD5 checksum: 218490 ec7a24163c7f7a1256d707212eabf98b
PowerPC architecture:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_powerpc.deb
Size/MD5 checksum: 1572426 e4e0080b2c5315f4fd7bcb4b74623d3c
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_powerpc.deb
Size/MD5 checksum: 1257238 78b4f7b1b9a59999d90aa15ecc5facc5
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_powerpc.deb
Size/MD5 checksum: 205200 4eafd50a6367df679f6c5cb72183043a
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_s390.deb
Size/MD5 checksum: 1290316 25eb64f921ed5249285d45b459e5796c
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_s390.deb
Size/MD5 checksum: 1034626 5801d36272262bf2e9329f40ba9bf04c
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_s390.deb
Size/MD5 checksum: 189230 bd78146c81a6463fce3a1b38eec33109
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_sparc.deb
Size/MD5 checksum: 1527554 2affc47e6aa371a8c6827ff80eb8b9db
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_sparc.deb
Size/MD5 checksum: 1211058 6892a9ed170ad6e7198f9c1868475cc3
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_sparc.deb
Size/MD5 checksum: 191834 36d475617567547e8b6ed0e1f25da41f
Debian GNU/Linux 4.0 alias etch
- - -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2.dsc
Size/MD5 checksum: 886 9cc6980d04b201a3a7cf313e7ea88352
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2.diff.gz
Size/MD5 checksum: 36830 651be8966f4be3228039ec55e0281773
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2.orig.tar.gz
Size/MD5 checksum: 74823113 722a459282abe6d04dbe228d031c088e
Architecture independent components:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-data_1.2-2_all.deb
Size/MD5 checksum: 24524112 d95db2fcdf56bc6dd4fa4cf48d8fcded
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-ei_1.2-2_all.deb
Size/MD5 checksum: 1016494 af054c466eea76ad123d2c07f1ad799d
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-httt_1.2-2_all.deb
Size/MD5 checksum: 4853576 e8513a5f8521f7cf908d6a9d308af8ff
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-music_1.2-2_all.deb
Size/MD5 checksum: 25574902 87c74cd4519e180dbcd44a31befe0768
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-trow_1.2-2_all.deb
Size/MD5 checksum: 4095152 aa65d4cb47a22b3f16aed5c7a1d5afed
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-tsg_1.2-2_all.deb
Size/MD5 checksum: 1452670 f300c6adaacfe2ad2925602436953c76
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-ttb_1.2-2_all.deb
Size/MD5 checksum: 343872 34c1ff868361622844f8751c1a5e26a0
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-utbs_1.2-2_all.deb
Size/MD5 checksum: 4827554 86cb4d8ebf5ed53a1ce2167ef37cee1f
Alpha architecture:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_alpha.deb
Size/MD5 checksum: 2276070 a9078be9da64bb1061dc040d5bb9ec59
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_alpha.deb
Size/MD5 checksum: 1770682 1f638dd842a5d93d21f40dab9ab6bbf2
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_alpha.deb
Size/MD5 checksum: 345802 aa93cb0618da7b038e9206b09762b2a9
AMD64 architecture:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_amd64.deb
Size/MD5 checksum: 1984092 0d3832434abacf88fdf1f7c39b2616be
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_amd64.deb
Size/MD5 checksum: 1535768 bb7cb09f6c99e8139cf08bfd5ec935f4
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_amd64.deb
Size/MD5 checksum: 313844 4aa744120cfb08b8784c77877583e0e8
ARM architecture:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_arm.deb
Size/MD5 checksum: 2362666 16a6524b3d7ca9624afda00acc79f449
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_arm.deb
Size/MD5 checksum: 1844832 056f37bff71bebd35d2f3dbb773fedae
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_arm.deb
Size/MD5 checksum: 345728 7bbcc836a0728bcf1441ecc8042ce2ba
HP Precision architecture:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_hppa.deb
Size/MD5 checksum: 2222476 78d33fd2d01d3ce939161c9f1a47718c
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_hppa.deb
Size/MD5 checksum: 1733236 2bf0820a9a4c5eadbca2845bffe797a3
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_hppa.deb
Size/MD5 checksum: 346188 8a30a474eb20cc9e6375038a8e191b1d
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_i386.deb
Size/MD5 checksum: 2010666 1e0b133e09a196c9ebbb72672ca9b438
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_i386.deb
Size/MD5 checksum: 1554102 56e23c548bf53fa1ba43df23871c927d
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_i386.deb
Size/MD5 checksum: 316174 3425ed568ee4e66a9f8875dad28c719b
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_ia64.deb
Size/MD5 checksum: 2678392 957da2d0aa9627f9807aebbd1345f213
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_ia64.deb
Size/MD5 checksum: 2101182 2fd90e03c3611184e3c2acea9cebce7d
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_ia64.deb
Size/MD5 checksum: 397540 354281e0474aeb3de9bdc156213a4cec
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_mips.deb
Size/MD5 checksum: 2007194 32edda1abb7c4812e922fabe303c41c8
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_mips.deb
Size/MD5 checksum: 1561754 a4695436261c6d30e30ba800e87fd142
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_mips.deb
Size/MD5 checksum: 323674 5f7c677be81088396010dab8a3b99657
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_mipsel.deb
Size/MD5 checksum: 1994094 45dac30e850104a4d0c59c968db237ef
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_mipsel.deb
Size/MD5 checksum: 1553592 0034e14c28292ba40f085cb57f3b408a
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_mipsel.deb
Size/MD5 checksum: 322882 a9e65fff54d2cb4a78caca33c2dd6c0c
PowerPC architecture:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_powerpc.deb
Size/MD5 checksum: 2003284 1151dc45cfc97968e808c473f16587ec
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_powerpc.deb
Size/MD5 checksum: 1556962 557b59779635342bec32f872ed65296a
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_powerpc.deb
Size/MD5 checksum: 319738 b38852aa6abe023c4ccb705b1551a618
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_s390.deb
Size/MD5 checksum: 1827816 f1f2963d6d612195bb36355fe75aa43c
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_s390.deb
Size/MD5 checksum: 1416236 a03d1815a99e3b27717e68e0d129726f
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_s390.deb
Size/MD5 checksum: 299610 40b47c05cbf92cd6b3b3011379d7adcd
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_sparc.deb
Size/MD5 checksum: 2094142 c1e8f77de4474d94ebf1fc8cee76f8f2
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_sparc.deb
Size/MD5 checksum: 1609496 6b3e9aa7eddc139eefaa611da6016e3a
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_sparc.deb
Size/MD5 checksum: 312786 afee62202c747beb848bcdd49e103be8
These files will probably be moved into the stable distribution on
its next update.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHExKRW5ql+IAeqTIRAuNzAJ0bFBfSVmOTjcTgj07h4RdQdGOLGwCgunXW
h4hEP7czTrl98R4cSMaLh+A=
=NNsD
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRxP/Pih9+71yA2DNAQIkRQP/bMvn0+QwS88fy22gmSuwRMtMIgQySZBZ
WycURMN4SfquBYvqfs2W9MkLtYq11LQtbp4pdSR6dnVTShSsv/Ve/honzbF5XHfx
iJ/+ylhFsWakF7AFiAoWUQPOxdk709woe/HdGLxtULY2TL7RYkcsAKk5ppyIR1QE
O/1ln2roAzM=
=EzVi
-----END PGP SIGNATURE-----