[原文]crawl before 4.0.0 beta23 does not properly "apply a size check" when copying a certain environment variable, which may allow local users to gain privileges, possibly as a result of a buffer overflow.
A local overflow exists in Linley's Dungeon Crawl. The game fails to validate the length of certain environment variables resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary commands as group games to run resulting in a loss of confidentiality, integrity, and/or availability.
If using Debian Linux upgrade to version 4.0.0beta23-2woody1 (stable), 4.0.0beta26-4 (unstable) or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s):remove the suid and sgid bits or delete the game from the system.