nethack - buffer overflow, incorrect permissions

The nethack and slashem packages are vulnerable to a buffer overflow exploited via a
long ‘-s’ command line option. This vulnerability could be used by an
attacker to gain gid ‘games’ on a system where nethack is installed.

Additionally, some setgid binaries in the nethack package have
incorrect permissions, which could allow a user who gains gid ‘games’
to replace these binaries, potentially causing other users to execute
malicious code when they run nethack.

Note that slashem does not contain the file permission problem
CAN-2003-0359.

For the stable distribution (woody) these problems have been fixed in
version 3.4.0-3.0woody3.

For the old stable distribution (potato) these problems have been fixed in
version 3.3.0-7potato1.

For the unstable distribution (sid) these problems are fixed in
version 3.4.1-1.

We recommend that you update your nethack package.

For the stable distribution (woody) these problems have been fixed in
version 0.0.6E4F8-4.0woody3.

For the old stable distribution (potato) these problems have been fixed in
version 0.0.5E7-3potato1.

For the unstable distribution (sid) these problems are fixed in
version 0.0.6E4F8-6.

We recommend that you update your slashem package.