Hosting Provided By

[SECURITY] [DSA 1322-1] New wireshark packages fix denial of service

From: Moritz Muehlenhoff <jmm(at)debian.org>
Date: Wed Jun 27 2007 - 16:57:25 EDT

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

-------------------------------------------------------------------------- Debian Security Advisory DSA 1322-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff June 27th, 2007 http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : wireshark
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2007-3390 CVE-2007-3392 CVE-2007-3393

Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-3390 Off-by-one overflows were discovered in the iSeries dissector.

CVE-2007-3392 The MMS and SSL dissectors could be forced into an infinite loop.

CVE-2007-3393 An off-by-one overflow was discovered in the DHCP/BOOTP dissector.

The oldstable distribution (sarge) is not affected by these problems. (In Sarge Wireshark used to be called Ethereal).

For the stable distribution (etch) these problems have been fixed in version 0.99.4-5.etch.0. Packages for the big endian MIPS architecture are not yet available. They will be provided later.

For the unstable distribution (sid) these problems have been fixed in version 0.99.6pre1-1.

Do you need help?

We recommend that you upgrade your Wireshark packages.

Upgrade Instructions

- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

- -------------------------------

Do you need more help?

Source archives:

    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0.dsc
      Size/MD5 checksum:     1066 18ea1bc407fe203089596126d9429c64
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0.diff.gz
      Size/MD5 checksum:    40945 82b8a22a1cc100e5649f278cabbcce4f
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4.orig.tar.gz
      Size/MD5 checksum: 13306790 2556a31d0d770dd1990bd67b98bd2f9b

Alpha architecture:

    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_alpha.deb
      Size/MD5 checksum:    21714 5515a1d74b23c4ed53dafe1b15709263
    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_alpha.deb
      Size/MD5 checksum:    21998 5d86aaf5e6ee3c8988ebaa9d07a2b05c
    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_alpha.deb
      Size/MD5 checksum:    21728 b58962a1f2f4797df61c9b465cb3e35c
    
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_alpha.deb
      Size/MD5 checksum:    21722 5b4ee85d1b6f0b14f46604449af500dc
    
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_alpha.deb
      Size/MD5 checksum:   117204 48df4ca3664055b38c4bfa5c8196dc5a
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_alpha.deb
      Size/MD5 checksum:   674230 0ca5f13b6e7180c0b399a1ca1a3f9a7a
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_alpha.deb
      Size/MD5 checksum:  9319268 fcf022b011151abcf1d7665c7b9a98a4
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_alpha.deb
      Size/MD5 checksum:   181530 d4a0de99d59ecd1a3e818416d31a2d32

AMD64 architecture:

    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_amd64.deb
      Size/MD5 checksum:    22304 0cb411bd110cb7be99f0b426e52b68da
    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_amd64.deb
      Size/MD5 checksum:    22658 f8f1820a2ef75ad8d693be9a235a16bf
    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_amd64.deb
      Size/MD5 checksum:    22320 f59c3f8f5fd407e89852b9fca9c46796
    
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_amd64.deb
      Size/MD5 checksum:    22316 bb9fc8d3d87f2806cefb9b80e4586c1c
    
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_amd64.deb
      Size/MD5 checksum:   111908 df3804d4217ae00add067fc51945c364
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_amd64.deb
      Size/MD5 checksum:   618876 de929e23361608de180194014ba3dfb3
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_amd64.deb
      Size/MD5 checksum:  9119392 d1b55c76cf166fdf7eb4879f86c44172
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_amd64.deb
      Size/MD5 checksum:   182432 1de618e6d9329d8dccdcffeb05fe53f3

ARM architecture:

    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_arm.deb
      Size/MD5 checksum:    22316 0e5352966a09a5fa041022147f2a9b53
    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_arm.deb
      Size/MD5 checksum:    22668 613c622873d343159cc9c0984aa325f3
Can we help you? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_arm.deb
      Size/MD5 checksum:    22332 9b73d9aaeaeb891ce7d659740c6ae9d7
    
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_arm.deb
      Size/MD5 checksum:    22320 c637dd98c27c170e187ef87ecb6dc7c5
    
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_arm.deb
      Size/MD5 checksum:   107000 e69e002af997a089144715e0e501f33a
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_arm.deb
      Size/MD5 checksum:   599904 5e8585ed879881538e4ea44f578ea9c6
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_arm.deb
      Size/MD5 checksum:  7736294 5f11a040dc06078a0843b78aa993580e
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_arm.deb
      Size/MD5 checksum:   182500 242a2963cc896d774292242258c18786

HP Precision architecture:

    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_hppa.deb
      Size/MD5 checksum:    22316 4f295cee393b825ae73a60eb694da772
    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_hppa.deb
      Size/MD5 checksum:    22672 0d397721bcf28c7268e2d4736473e490
    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_hppa.deb
      Size/MD5 checksum:    22330 ee837e7dccc49230e2db2dfc1fa09d97
    
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_hppa.deb
      Size/MD5 checksum:    22328 b274f47d80d637a96c3892939423ced7
    
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_hppa.deb
      Size/MD5 checksum:   109664 1e8ffc76ca080b304b94c597e7ea7bed
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_hppa.deb
      Size/MD5 checksum:   634466 f03c0ab3d06e70169200462a058f9bc4
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_hppa.deb
      Size/MD5 checksum:  9855478 a381ffdb98d20bbfc4bdde48023ee99b
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_hppa.deb
      Size/MD5 checksum:   182472 fcd914e3796cfedc18200b0cc889fd31

Intel IA-32 architecture:

    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_i386.deb
      Size/MD5 checksum:    22314 99055a9aaf39d425e31ccd68804dae8e
    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_i386.deb
      Size/MD5 checksum:    22682 5979a9752e877a8755867454757c1fcd
    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_i386.deb
      Size/MD5 checksum:    22330 9f49b78cf81fa447e8b9beff925beb51
    
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_i386.deb
      Size/MD5 checksum:    22324 204947893bde8c2b5a79855c29a622bb
    
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_i386.deb
      Size/MD5 checksum:   102014 73e0509bd61b62f01d3552f36c1f34f4
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_i386.deb
      Size/MD5 checksum:   564422 7294e7aa0e1b8fa193c94b6e79d3bd97
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_i386.deb
      Size/MD5 checksum:  7498442 72ccda66968a36b061102ce51b3de138
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_i386.deb
      Size/MD5 checksum:   182474 0d334a446ed7fb818efa775d26ea7b39

Intel IA-64 architecture:

    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_ia64.deb
      Size/MD5 checksum:    22314 c6a94673d1a9fdb2058f2daabb6ef74b
    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_ia64.deb
      Size/MD5 checksum:    22662 bd42d329fd534a90aa54ee7f69327646
    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_ia64.deb
      Size/MD5 checksum:    22326 44b05e0ceabca57fe28e86b7692d24d6
Can't find what you're looking for? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
    
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_ia64.deb
      Size/MD5 checksum:    22318 3499e35ee07bf4812200749f500c403c
    
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_ia64.deb
      Size/MD5 checksum:   145566 3bd2be31de663e9b009c5fa456844f94
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_ia64.deb
      Size/MD5 checksum:   827382 c03f38661ebe484c62e9c2c2be73b910
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_ia64.deb
      Size/MD5 checksum: 10650962 f7f0419f04679af064f4499e004526ea
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_ia64.deb
      Size/MD5 checksum:   182436 c2d9705c6fb693a54b87ece73bedb730

Little endian MIPS architecture:

    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_mipsel.deb
      Size/MD5 checksum:    22312 2408dcdd9fbb4247321471500eca117c
    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_mipsel.deb
      Size/MD5 checksum:    22668 da5af60038f53276c1a1db16361cdd90
    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_mipsel.deb
      Size/MD5 checksum:    22328 7f0133c635a0b1f9f27cd38f53886445
    
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_mipsel.deb
      Size/MD5 checksum:    22320 f8d9469841c5fe001d26d01b94166dd9
    
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_mipsel.deb
      Size/MD5 checksum:   104368 b4866ccb13e11b65af2f795a05b69a94
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_mipsel.deb
      Size/MD5 checksum:   575806 74371e429bb4e941c3117c11d2da3447
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_mipsel.deb
      Size/MD5 checksum:  7405410 07748417c1a71e18fd4f416bd7c59949
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_mipsel.deb
      Size/MD5 checksum:   182460 468cd9061f8415eb77ac8947e9a11ca2

Don't know where to look next?

PowerPC architecture:

    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_powerpc.deb
      Size/MD5 checksum:    22314 2045188f907677de2fcf14ae2688435d
    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_powerpc.deb
      Size/MD5 checksum:    22662 cf6f844071ad33de443fc6365fe1232c
    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_powerpc.deb
      Size/MD5 checksum:    22330 f39cfe62377ca76a88e87a69553abc55
    
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_powerpc.deb
      Size/MD5 checksum:    22326 a37b3dd57eb2e9e74eb61c6a144b6e5a
    
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_powerpc.deb
      Size/MD5 checksum:   104076 a9a6c65321f5740f63760317e7dadb4b
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_powerpc.deb
      Size/MD5 checksum:   583414 49a94fd6d485a61c58b6be46fe613c33
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_powerpc.deb
      Size/MD5 checksum:  8605194 8d297916d238772c0b79ce7ff0c1e38c
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_powerpc.deb
      Size/MD5 checksum:   182450 a20f14c6bb227540f1828fd02f827340

IBM S/390 architecture:

    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_s390.deb
      Size/MD5 checksum:    22312 d4d41828d56d2a6563ed17e896ca09ca
    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_s390.deb
      Size/MD5 checksum:    22660 0fe8af1049b85b980b2436bed0530b00
    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_s390.deb
      Size/MD5 checksum:    22324 ff3f6acde579e5b41e30bdb0285b5d7f
    
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_s390.deb
      Size/MD5 checksum:    22318 b750e5398b7195c1936e04790afb233e
Confused? Frustrated? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
    
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_s390.deb
      Size/MD5 checksum:   115442 f77851ff30c8ee15ac0711642715a70e
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_s390.deb
      Size/MD5 checksum:   640876 1a61a997e7338c473ed24248d64596e9
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_s390.deb
      Size/MD5 checksum:  9756014 524ed85c3e592bb96b890e04a7ae4b63
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_s390.deb
      Size/MD5 checksum:   182438 e94c63acdd50a519300aa0b35de1f481

Sun Sparc architecture:

    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_sparc.deb
      Size/MD5 checksum:    22316 6e87e6e8e1afd25d8ed63480e3033bde
    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_sparc.deb
      Size/MD5 checksum:    22664 67f359dea9e6c98a4f9bb7be82292874
    
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_sparc.deb
      Size/MD5 checksum:    22328 d1221db97ad15efb41ff45bf1541da62
    
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_sparc.deb
      Size/MD5 checksum:    22322 8be8a6b89da015be0c5983d885573a71
    
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_sparc.deb
      Size/MD5 checksum:   103428 35e0fb499721e38b521db591e46a251d
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_sparc.deb
      Size/MD5 checksum:   586294 212e525a5cef93f8e9fb02fb1992910f
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_sparc.deb
      Size/MD5 checksum:  8686272 217f299ef88a1c4dbc27634f571cf032
    
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_sparc.deb
      Size/MD5 checksum:   182458 ffe8b09adaa92725920e1ff544a40010

These files will probably be moved into the stable distribution on its next update.

--------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGgs8EXm3vHE4uyloRApZjAKDaGIfMYefyLCWoqIHS0E1cNqZJoACfS/rN RmCeGMejkL18JcqVfzx3UkE=
=fKNB
-----END PGP SIGNATURE-----
Received on Thu Jun 28 11:12:58 2007

This message: [ Message body ]
Next message: securityresearch(at)netvigilance.com: "eTicket version 1.5.5 Path Disclosure Vulnerability"
Previous message: Goodfellas SRT: "[GOODFELLAS - VULN] hpqxml.dll 2.0.0.133 from HP Digital Imaging Arbitary Data Write."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Thu Jun 28 2007 - 11:20:06 EDT