Debian Security Advisory
DSA-322-1 typespeed -- buffer overflow
- Date Reported:
- 16 Jun 2003
- Affected Packages:
- typespeed
- Vulnerable:
- Yes
- Security database references:
- In the Bugtraq database (at SecurityFocus): BugTraq ID 7891.
In Mitre's CVE dictionary: CVE-2003-0435. - More information:
-
typespeed is a game which challenges the player to type words correctly and quickly. It contains a network play mode which allows players on different systems to play competitively. The network code contains a buffer overflow which could allow a remote attacker to execute arbitrary code under the privileges of the user invoking typespeed, in addition to gid games.
For the stable distribution (woody) this problem has been fixed in version 0.4.1-2.2.
For the old stable distribution (potato) this problem has been fixed in version 0.4.0-5.2.
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you update your typespeed package.
- Fixed in:
-
Debian GNU/Linux 2.2 (potato)
- Source:
- http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2.dsc
- http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2.diff.gz
- http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0.orig.tar.gz
- http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_i386.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_m68k.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_powerpc.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_sparc.deb
Debian GNU/Linux 3.0 (woody)
- Source:
- http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2.dsc
- http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2.diff.gz
- http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1.orig.tar.gz
- http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_sparc.deb
MD5 checksums of the listed files are available in the original advisory.