| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <m1AdRDR-000pt9C__5323.93366233936$1073327484@finlandia.Infodrom.North.DE>
Date: Mon, 5 Jan 2004 10:40:05 +0100 (CET)
From: joey@...odrom.org (Martin Schulze)
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 407-1] New ethereal packages fix several vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 407-1 security@...ian.org
http://www.debian.org/security/ Martin Schulze
January 5th, 2004 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : ethereal
Vulnerability : buffer overflows
Problem-Type : remote
Debian-specific: no
CVE IDs : CAN-2003-0925 CAN-2003-0926 CAN-2003-0927 CAN-2003-1012 CAN-2003-1013
Several vulnerabilities were discovered upstream in ethereal, a
network traffic analyzer. The Common Vulnerabilities and Exposures
project identifies the following problems:
CAN-2003-0925
A buffer overflow allows remote attackers to cause a denial of
service and possibly execute arbitrary code via a malformed GTP
MSISDN string.
CAN-2003-0926
Via certain malformed ISAKMP or MEGACO packets remote attackers are
able to cause a denial of service (crash).
CAN-2003-0927
A heap-based buffer overflow allows remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via
the SOCKS dissector.
CAN-2003-1012
The SMB dissector allows remote attackers to cause a denial of
service via a malformed SMB packet that triggers a segmentation
fault during processing of selected packets.
CAN-2003-1013
The Q.931 dissector allows remote attackers to cause a denial of
service (crash) via a malformed Q.931, which triggers a null
dereference.
For the stable distribution (woody) this problem has been fixed in
version 0.9.4-1woody6.
For the unstable distribution (sid) this problem has been fixed in
version 0.10.0-1.
We recommend that you upgrade your ethereal and tethereal packages.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6.dsc
Size/MD5 checksum: 679 6c3d2beab693578b827bc0c2ecc13eb2
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6.diff.gz
Size/MD5 checksum: 37597 7456c1b4708a869295bb71480300370d
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
Size/MD5 checksum: 3278908 42e999daa659820ee93aaaa39ea1e9ea
Alpha architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_alpha.deb
Size/MD5 checksum: 1940256 e8a45a24a24a145f2870d65b26fdda20
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_alpha.deb
Size/MD5 checksum: 334238 0035322af1972fa6c1547e881b5b27fa
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_alpha.deb
Size/MD5 checksum: 222006 da4e9538a37ac5dd740010b828afed8b
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_alpha.deb
Size/MD5 checksum: 1706878 3c2e6c03f6383f3ae8d599a01853c344
ARM architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_arm.deb
Size/MD5 checksum: 1634664 f5f5d2aeba5fa26ac8d6b722f4d52b39
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_arm.deb
Size/MD5 checksum: 297294 267317a8d6f43f009673f3e9864e0308
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_arm.deb
Size/MD5 checksum: 205964 fe0528d0ee4b0922d1a449f9c12c0b81
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_arm.deb
Size/MD5 checksum: 1439166 390f1e6d9173454162195c47a10c6a0e
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_i386.deb
Size/MD5 checksum: 1512408 b9efde468cca1ddd6b731a3b343bd51d
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_i386.deb
Size/MD5 checksum: 286370 c618774e3718d11d94347b0d66f72af4
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_i386.deb
Size/MD5 checksum: 198298 a7c01d2560880e783e899cd623a27e7a
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_i386.deb
Size/MD5 checksum: 1325838 a7706f7f82b44a30d4a99b299c58b4ca
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_ia64.deb
Size/MD5 checksum: 2150174 e2aba915304534ac4fbb060a2552d9c6
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_ia64.deb
Size/MD5 checksum: 373042 f06169aeefd918e4e5b809393edb8dc2
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_ia64.deb
Size/MD5 checksum: 233630 e7f788d020319a8147beb4172cdc736f
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_ia64.deb
Size/MD5 checksum: 1860802 6c8ef685b4e61f34a0146eb6fc666fdb
HP Precision architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_hppa.deb
Size/MD5 checksum: 1803668 213d7f4221de714ee5c4ef938d0bae54
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_hppa.deb
Size/MD5 checksum: 322334 b6ebeeb39d2d57c0ed664f65389e55a2
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_hppa.deb
Size/MD5 checksum: 216804 fd2e27b35aedd419a12db17bee96c596
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_hppa.deb
Size/MD5 checksum: 1575270 f3ed65cc62fb1155e8e38a25320d0614
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_m68k.deb
Size/MD5 checksum: 1424112 69cccce7cf5ead38369e6d508031d821
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_m68k.deb
Size/MD5 checksum: 282604 e5c3264948cd2cad0c159893173f0748
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_m68k.deb
Size/MD5 checksum: 195028 647f483dbf79dc47a95d48d105d6a7c4
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_m68k.deb
Size/MD5 checksum: 1248072 8085433927ed54f1c1c8196d7c835709
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_mips.deb
Size/MD5 checksum: 1616398 9a41bb228b9b33894825d6cfd2bba741
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_mips.deb
Size/MD5 checksum: 305168 b4a94497386ab45e0494c7980def8e3e
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_mips.deb
Size/MD5 checksum: 213590 20a3ad3d4b5126890aa23179c1730f1a
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_mips.deb
Size/MD5 checksum: 1421550 ad0decba7ea5907e6a3149cacbc178f8
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_mipsel.deb
Size/MD5 checksum: 1596866 0321997c79a03298c65548bb5687e87d
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_mipsel.deb
Size/MD5 checksum: 304676 9a3fad3fe8394ae63f79d09580b41b39
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_mipsel.deb
Size/MD5 checksum: 213222 28bfeefdf54278545c2c132fe381dc12
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_mipsel.deb
Size/MD5 checksum: 1405698 182282caefb7aaf8025559894d7b9801
PowerPC architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_powerpc.deb
Size/MD5 checksum: 1617784 38000a653b7da7552904e66b8c736ecc
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_powerpc.deb
Size/MD5 checksum: 301846 70dede9038a6098642119765c87f6f80
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_powerpc.deb
Size/MD5 checksum: 208786 d69f6942493800fd491e90605d0be931
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_powerpc.deb
Size/MD5 checksum: 1418638 9394c10dff060a961329382c7a3433ad
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_s390.deb
Size/MD5 checksum: 1574214 a21cbd59b1d36e14da777da012768f21
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_s390.deb
Size/MD5 checksum: 300674 49a6af1c59fe07065267ebc5deecc8b8
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_s390.deb
Size/MD5 checksum: 203854 077f9492da7509958c890e598edadf14
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_s390.deb
Size/MD5 checksum: 1386518 d99962a50a8fafc9c509a67adb3399be
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_sparc.deb
Size/MD5 checksum: 1582634 d0a792b3c2428ac28476799e888cef98
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_sparc.deb
Size/MD5 checksum: 317982 936008ca75fecdec66519475f8466525
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_sparc.deb
Size/MD5 checksum: 204626 2633099c059446cff5d41703718fb7bf
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_sparc.deb
Size/MD5 checksum: 1388944 ede08f8bc62f1a5141a0bb2ed2ceea1d
These files will probably be moved into the stable distribution on
its next revision.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/+TD0W5ql+IAeqTIRAqbDAJ94AyY1dCtH0gsTSd+lPuuNsgsYnACdGQXl
ukugrDm00ja/05LtjROk2ys=
=4uYr
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists