lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100701194245.GA3079@galadriel.inutil.org>
Date: Thu, 1 Jul 2010 21:42:45 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 2066-1] New wireshark packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2066-1                  security@...ian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
July 01, 2010                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : wireshark
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2010-2283 CVE-2010-2284 CVE-2010-2285 CVE-2010-2286 CVE-2010-2287

Several remote vulnerabilities have been discovered in the Wireshark
network traffic analyzer. It was discovered that null pointer
dereferences, buffer overflows and infinite loops in the SMB, SMB
PIPE, ASN1.1 and SigComp dissectors could lead to denial of service
or the execution of arbitrary code.

For the stable distribution (lenny), these problems have been fixed in
version 1.0.2-3+lenny9.

For the upcoming stable distribution (squeeze) and the unstable 
distribution (sid), these problems have been fixed in version 
1.2.9-1.

We recommend that you upgrade your wireshark packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9.diff.gz
    Size/MD5 checksum:   117318 c57282dba42788631eb9b2aafcb795b9
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2.orig.tar.gz
    Size/MD5 checksum: 16935492 1834437f7c6dbed02082e7757133047d
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9.dsc
    Size/MD5 checksum:     1502 0e98ce69fc13ab36557c65c07b4b75ba

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_alpha.deb
    Size/MD5 checksum:   569930 cfa45c83e5c9c44920e7aefc02953806
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_alpha.deb
    Size/MD5 checksum:   731110 e311e7e59bc6e610e8168036a5690de0
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_alpha.deb
    Size/MD5 checksum: 12097910 56e87a8f98c6226ad760fed96a49da02
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_alpha.deb
    Size/MD5 checksum:   126986 eac9483ae6b2788128ed22939aaa2065

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_amd64.deb
    Size/MD5 checksum:   659816 6fac5122d24f4941f15a9ad73498b639
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_amd64.deb
    Size/MD5 checksum:   582426 0a20dce55ed1f2d1ebd7ce85c56c9cec
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_amd64.deb
    Size/MD5 checksum: 11866064 9056a2c4b1de908c83a2eee224bb4c5a
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_amd64.deb
    Size/MD5 checksum:   118542 b91639fd75d0f01f0b635d2906466fa7

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_arm.deb
    Size/MD5 checksum: 10214918 247e1109f87d9eef35014125b5c0d684
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_arm.deb
    Size/MD5 checksum:   111240 509b7ad83c455e51502e421671190f08
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_arm.deb
    Size/MD5 checksum:   614378 e61a1effec42a968416f55eb39184d34
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_arm.deb
    Size/MD5 checksum:   584478 a8f8d82419846731c5a9143a0e42df74

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_armel.deb
    Size/MD5 checksum:   620384 e61474b8f78057891851e809470416c1
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_armel.deb
    Size/MD5 checksum:   583854 0bb327530c4e5ec401a5074d03c19108
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_armel.deb
    Size/MD5 checksum: 10219204 474007b931f7f7c8a516bde4ad166b39
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_armel.deb
    Size/MD5 checksum:   113084 2bbf09b9deaa7be1e04390cdad71e8dc

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_hppa.deb
    Size/MD5 checksum:   584110 b2a9a17505cf8e53d3a94ff3a483995c
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_hppa.deb
    Size/MD5 checksum:   694798 e9d0705311d2a1797c10f1035a05f116
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_hppa.deb
    Size/MD5 checksum:   121114 c30b842eb86c1af2440714dc86a383a5
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_hppa.deb
    Size/MD5 checksum: 13272482 2dfafdb7cf34a776fd6ec90adcd8a3a8

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_i386.deb
    Size/MD5 checksum: 10113068 09efb0fca5f46ba65beee175b934ba13
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_i386.deb
    Size/MD5 checksum:   111900 c46f23005c23bdcb7ca95bd8f4d57efd
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_i386.deb
    Size/MD5 checksum:   569932 e2201aaa7f040869e4ac6878781ad4dc
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_i386.deb
    Size/MD5 checksum:   619470 dbba8e61a068df42a854b765189fee43

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_ia64.deb
    Size/MD5 checksum: 13687486 606d272c4f0abbb1e9f983595d8b9c81
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_ia64.deb
    Size/MD5 checksum:   569910 4e3071a28cfbcd5cbe1a3be145cb66ec
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_ia64.deb
    Size/MD5 checksum:   930118 859a8f3701e985ebfbeb2dfbfb15c348
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_ia64.deb
    Size/MD5 checksum:   154074 284194d7a3ffeaa3b64c55eecddad25d

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_mips.deb
    Size/MD5 checksum:   637126 c9fd33097e71f8538744cfe81796dc37
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_mips.deb
    Size/MD5 checksum:   584124 235c303d91ced163d2bdb4783ed1c1b0
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_mips.deb
    Size/MD5 checksum:   113080 5d83644584a5dd00cf7c9f1d6f2c5bd7
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_mips.deb
    Size/MD5 checksum: 10423592 e5bedaac3c39ba6ab485f6cdafe2430f

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_mipsel.deb
    Size/MD5 checksum:   627100 a53c5133cec97a7020884c6fe5c1f30e
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_mipsel.deb
    Size/MD5 checksum:  9729878 e0c65c8bc125f0613e6d68125813d5bb
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_mipsel.deb
    Size/MD5 checksum:   569970 d4d5c23b486bd3699d01ea8fa2f95e99
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_mipsel.deb
    Size/MD5 checksum:   113396 23b6778041b23721b0819bf9042b70bb

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_powerpc.deb
    Size/MD5 checksum:   584576 b31cb071b70d16de97ad4e9211cc9442
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_powerpc.deb
    Size/MD5 checksum:   677432 6ecabe572aa78465c7bf298be6d534d4
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_powerpc.deb
    Size/MD5 checksum:   123124 523f75e5f1cb8685bbc0475a939a9b0c
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_powerpc.deb
    Size/MD5 checksum: 11228652 99688c83a5951441f09c4f8b0a6f3c20

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_s390.deb
    Size/MD5 checksum:   122294 2a42d6fedac978f4ddaebf5a1ec35b92
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_s390.deb
    Size/MD5 checksum:   671216 f04ef7a93b80c097edf2c55b11843521
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_s390.deb
    Size/MD5 checksum:   584780 73c011dc1581e92c2a4a12a8d8b4b70c
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_s390.deb
    Size/MD5 checksum: 12487580 0ba627e0d6df4bdc3422618a6450c2d1

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_sparc.deb
    Size/MD5 checksum:   113460 d1b06ded2ea44e26d44ab7424bb1f174
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_sparc.deb
    Size/MD5 checksum:   583604 3a4187d54fb747638bdfbeeffb9d2418
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_sparc.deb
    Size/MD5 checksum: 11286898 4fcc47f9836da934431dce9840a50278
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_sparc.deb
    Size/MD5 checksum:   629518 6f3df69e45a48f5845a360f2b709d150


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkws738ACgkQXm3vHE4uylou3QCgkq8p/C/dMhnHnsKCU0K9CifE
F5QAni8PTHaMwhRhR3ZWtski1mCa7Wq3
=9nnZ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ