[USN-7969-1] Dungeon Crawl Stone Stoup vulnerability

noreply+usn-bot at canonical.com noreply+usn-bot at canonical.com
Tue Jan 20 15:27:28 UTC 2026 

==========================================================================
Ubuntu Security Notice USN-7969-1
January 19, 2026

crawl vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Dungeon Crawl Stone Soup could be made to execute arbitrary code if it
opened a specially crafted file.

Software Description:
- crawl: a text-based roguelike game

Details:

David Mendenhall discovered that Dungeon Crawl Stone Soup was incorrectly
handling Lua bytecode embedded in an uploaded .crawlrc file. An attacker
could possibly use this issue to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  crawl                           2:0.24.0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  crawl-common                    2:0.24.0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  crawl-tiles                     2:0.24.0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  crawl-tiles-data                2:0.24.0-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  crawl                           2:0.21.1-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  crawl-common                    2:0.21.1-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  crawl-tiles                     2:0.21.1-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  crawl-tiles-data                2:0.21.1-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  crawl                           2:0.17.1-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  crawl-common                    2:0.17.1-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  crawl-tiles                     2:0.17.1-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  crawl-tiles-data                2:0.17.1-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7969-1
  CVE-2020-11722
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20260120/6b5122e5/attachment.sig>

More information about the ubuntu-security-announce mailing list