Nethack Local Buffer Overflow Vulnerability

Nethack Local Buffer Overflow Vulnerability

Solution:
Gentoo Linux have recommended that users who are running nethack upgrade to nethack-3.4.0-r6 as follows:

emerge sync
emerge -u nethack
emerge clean

Debian has released an advisory (DSA 316-1) that addresses this issue. Please see the attached Debian advisory for details on applying and obtaining fixes.

Debian has released an advisory (DSA 316-2) containing updated slashem packages. Please see the attached Debian advisory for details on applying and obtaining fixes.

Debian has released an advisory (DSA 350-1) containing updated falconseye packages. Please see the attached Debian advisory for details on applying and obtaining fixes.

Fixes available:

Slashem Slashem 0.0.5 E7

Debian slashem_0.0.5E7-3potato1_alpha.deb
Alpha
http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.5E7 -3potato1_alpha.deb

Debian slashem_0.0.5E7-3potato1_arm.deb
ARM
http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.5E7 -3potato1_arm.deb

Debian slashem_0.0.5E7-3potato1_i386.deb
IA-32
http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.5E7 -3potato1_i386.deb

Debian slashem_0.0.5E7-3potato1_m68k.deb
Motorola 680x0
http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.5E7 -3potato1_m68k.deb

Debian slashem_0.0.5E7-3potato1_powerpc.deb
PowerPC
http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.5E7 -3potato1_powerpc.deb

Debian slashem_0.0.5E7-3potato1_sparc.deb
Sun Sparc
http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.5E7 -3potato1_sparc.deb

Slashem Slashem 0.0.6 E4F8

Debian slashem_0.0.6E4F8-4.0woody3_alpha.deb
Alpha
http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.6E4 F8-4.0woody3_alpha.deb

Debian slashem_0.0.6E4F8-4.0woody3_arm.deb
ARM
http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.6E4 F8-4.0woody3_arm.deb

Debian slashem_0.0.6E4F8-4.0woody3_hppa.deb
HP
http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.6E4 F8-4.0woody3_hppa.deb

Debian slashem_0.0.6E4F8-4.0woody3_i386.deb
IA-32
http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.6E4 F8-4.0woody3_i386.deb

Debian slashem_0.0.6E4F8-4.0woody3_ia64.deb
IA-64
http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.6E4 F8-4.0woody3_ia64.deb

Debian slashem_0.0.6E4F8-4.0woody3_m68k.deb
Motorola 680x0
http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.6E4 F8-4.0woody3_m68k.deb

Debian slashem_0.0.6E4F8-4.0woody3_mips.deb
Big endian MIPS
http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.6E4 F8-4.0woody3_mips.deb

Debian slashem_0.0.6E4F8-4.0woody3_mipsel.deb
Little endian MIPS
http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.6E4 F8-4.0woody3_mipsel.deb

Debian slashem_0.0.6E4F8-4.0woody3_powerpc.deb
PowerPC
http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.6E4 F8-4.0woody3_powerpc.deb

Debian slashem_0.0.6E4F8-4.0woody3_s390.deb
IBM S/390
http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.6E4 F8-4.0woody3_s390.deb

Debian slashem_0.0.6E4F8-4.0woody3_sparc.deb
Sun Sparc
http://security.debian.org/pool/updates/main/s/slashem/slashem_0.0.6E4 F8-4.0woody3_sparc.deb

falconseye falconseye 0.9.3

Debian falconseye-data_1.9.3-7woody3_all.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/f/falconseye/falconseye-d ata_1.9.3-7woody3_all.deb

Debian falconseye_1.9.3-7woody3_alpha.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1 .9.3-7woody3_alpha.deb

Debian falconseye_1.9.3-7woody3_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1 .9.3-7woody3_arm.deb

Debian falconseye_1.9.3-7woody3_hppa.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1 .9.3-7woody3_hppa.deb

Debian falconseye_1.9.3-7woody3_i386.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1 .9.3-7woody3_i386.deb

Debian falconseye_1.9.3-7woody3_ia64.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1 .9.3-7woody3_ia64.deb

Debian falconseye_1.9.3-7woody3_m68k.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1 .9.3-7woody3_m68k.deb

Debian falconseye_1.9.3-7woody3_mips.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1 .9.3-7woody3_mips.deb

Debian falconseye_1.9.3-7woody3_mipsel.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1 .9.3-7woody3_mipsel.deb

Debian falconseye_1.9.3-7woody3_powerpc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1 .9.3-7woody3_powerpc.deb

Debian falconseye_1.9.3-7woody3_s390.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1 .9.3-7woody3_s390.deb

Debian falconseye_1.9.3-7woody3_sparc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1 .9.3-7woody3_sparc.deb

jnethack jnethack 1.1.3

Debian jnethack_1.1.3-4potato1_alpha.deb
http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.3 -4potato1_alpha.deb

Debian jnethack_1.1.3-4potato1_arm.deb
http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.3 -4potato1_arm.deb

Debian jnethack_1.1.3-4potato1_i386.deb
http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.3 -4potato1_i386.deb

Debian jnethack_1.1.3-4potato1_m68k.deb
http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.3 -4potato1_m68k.deb

Debian jnethack_1.1.3-4potato1_powerpc.deb
http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.3 -4potato1_powerpc.deb

Debian jnethack_1.1.3-4potato1_sparc.deb
http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.3 -4potato1_sparc.deb

jnethack jnethack 1.1.5

Debian jjnethack_1.1.5-11woody2_mipsel.deb
http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.5 -11woody2_mipsel.deb

Debian jnethack_1.1.5-11woody2_alpha.deb
http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.5 -11woody2_alpha.deb

Debian jnethack_1.1.5-11woody2_arm.deb
http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.5 -11woody2_arm.deb

Debian jnethack_1.1.5-11woody2_hppa.deb
http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.5 -11woody2_hppa.deb

Debian jnethack_1.1.5-11woody2_i386.deb
http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.5 -11woody2_i386.deb

Debian jnethack_1.1.5-11woody2_ia64.deb
http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.5 -11woody2_ia64.deb

Debian jnethack_1.1.5-11woody2_m68k.deb
http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.5 -11woody2_m68k.deb

Debian jnethack_1.1.5-11woody2_mips.deb
http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.5 -11woody2_mips.deb

Debian jnethack_1.1.5-11woody2_powerpc.deb
http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.5 -11woody2_powerpc.deb

Debian jnethack_1.1.5-11woody2_s390.deb
http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.5 -11woody2_s390.deb

Debian jnethack_1.1.5-11woody2_sparc.deb
http://security.debian.org/pool/updates/main/j/jnethack/jnethack_1.1.5 -11woody2_sparc.deb

Nethack Nethack 3.4 .0

Nethack secpatch.txt
http://nethack.sourceforge.net/v340/bugmore/secpatch.txt

Nethack Nethack 3.4.1 Download
http://nethack.sourceforge.net/v341/downloads.html

Peter Pentchev topten.c.patch
This is an unofficial patch.
http://people.freebsd.org/~roam/devel/nethack/topten.c.patch