Debian GNU/Linux -- Security Information -- DSA-390-1 marbles   
            Select a server near you: 
               Australia Austria Brazil Bulgaria China Denmark France Germany 
              Hong Kong Indonesia Italy Japan Netherlands Russia South Africa 
              Spain Ukraine United Kingdom United States  


               
        

Debian Security Advisory
DSA-390-1 marbles -- buffer overflow
  Date Reported: 
  26 Sep 2003 
  Affected Packages: 
  marbles 
  Vulnerable: 
  Yes 
  Security database references: 
  In Mitre's CVE dictionary: CAN-2003-0830.

  More information: 
  Steve Kemp discovered a buffer overflow in marbles, when processing the HOME 
  environment variable. This vulnerability could be exploited by a local user to 
  gain gid 'games'.
  For the current stable distribution (woody) this problem has been fixed in 
  version 1.0.2-1woody1.
  For the unstable distribution (sid) this problem will be fixed soon.
  We recommend that you update your marbles package.
  Fixed in: 
  Debian GNU/Linux 3.0 (woody)
    Source: 
    http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1.dsc

    http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1.diff.gz

    http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2.orig.tar.gz

    Alpha: 
    http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1_alpha.deb

    ARM: 
    http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1_arm.deb

    Intel IA-32: 
    http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1_i386.deb

    Intel IA-64: 
    http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1_ia64.deb

    HPPA: 
    http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1_hppa.deb

    Motorola 680x0: 
    http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1_m68k.deb

    Big endian MIPS: 
    http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1_mips.deb

    Little endian MIPS: 
    http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1_mipsel.deb

    PowerPC: 
    http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1_powerpc.deb

    IBM S/390: 
    http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1_s390.deb

    Sun Sparc: 
    http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1_sparc.deb

  MD5 checksums of the listed files are available in the original advisory. 


This page is also available in the following languages: 
Deutsch  svenska  
How to set the default document language 

See the Debian contact page for information on contacting us. 
Last Modified: Sat, Sep 27 01:35:41 UTC 2003 
Copyright © 2003 SPI; See license terms
Debian is a registered trademark of Software in the Public Interest, Inc.