lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030611232447.GB5271@alcor.net>
From: debian-security-announce at lists.debian.org (debian-security-announce@...ts.debian.org)
Subject: [SECURITY] [DSA-313-1] New ethereal packages fix buffer overflows, integer overflows

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 313-1                     security@...ian.org
http://www.debian.org/security/                             Matt Zimmerman
June 11th, 2003                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : ethereal
Vulnerability  : buffer overflows, integer overflows
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2003-0356 CAN-2003-0357

Timo Sirainen discovered several vulnerabilities in ethereal, a
network traffic analyzer.  These include one-byte buffer overflows in
the AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB,
SMPP, and TSP dissectors, and integer overflows in the Mount and PPP
dissectors.

For the stable distribution (woody) these problems have been fixed in
version 0.9.4-1woody4.

The old stable distribution (potato) does not appear to contain these
vulnerabilities.

For the unstable distribution (sid) these problems are fixed in version
0.9.12-1.

We recommend that you update your ethereal package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4.dsc
      Size/MD5 checksum:      679 a6456b3e20f44a3f53256bf722c010cd
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4.diff.gz
      Size/MD5 checksum:    31800 160670a883256ee0d40066424ffc527a
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
      Size/MD5 checksum:  3278908 42e999daa659820ee93aaaa39ea1e9ea

  Alpha architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_alpha.deb
      Size/MD5 checksum:  1939098 67c1fd2e2851976aef3db87a2d128484
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_alpha.deb
      Size/MD5 checksum:   333810 c239ee7f87136dd0d7750996a702b387
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_alpha.deb
      Size/MD5 checksum:   221594 9b6bad1bd7d23ec7c54c40ec336e5edd
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_alpha.deb
      Size/MD5 checksum:  1706008 5ac67ca2d0530676c41563dae337a0e4

  ARM architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_arm.deb
      Size/MD5 checksum:  1633108 73c97178ef157e709fcc36753a1ea85c
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_arm.deb
      Size/MD5 checksum:   296662 0a9bec8514d203e90c712b12ef19de25
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_arm.deb
      Size/MD5 checksum:   205452 9641c7fa333a0ce2f33bf38a78640351
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_arm.deb
      Size/MD5 checksum:  1437636 4286845b2a848f4d293c1be807d62446

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_i386.deb
      Size/MD5 checksum:  1511802 4e554f6ef3da40ac3215099141e7c10b
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_i386.deb
      Size/MD5 checksum:   285948 df25b50bfa385f84b091227df926bc0f
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_i386.deb
      Size/MD5 checksum:   197860 6eb91acb63bd5e3938cdb186b507dd38
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_i386.deb
      Size/MD5 checksum:  1324426 96887c970d1725be47988c498708762f

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_ia64.deb
      Size/MD5 checksum:  2148676 f39ffacba60f1f2a132750d76cb972b7
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_ia64.deb
      Size/MD5 checksum:   372650 866ee108f08e625d3981362726d9799a
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_ia64.deb
      Size/MD5 checksum:   233180 e125fa9dc0e59d7d14d43505ffe05368
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_ia64.deb
      Size/MD5 checksum:  1858536 904fce57cb39662e9560f0143d326bb8

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_hppa.deb
      Size/MD5 checksum:  1802046 d5114f9632deea43ba5f99ff79a67db3
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_hppa.deb
      Size/MD5 checksum:   321802 33656ff4dbd495d3c8f1dc9ed6c798ff
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_hppa.deb
      Size/MD5 checksum:   216336 34bbb2832844a7bb83fcff37cae852c0
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_hppa.deb
      Size/MD5 checksum:  1574474 da9563f1c19e93d7f68caf369540af35

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_m68k.deb
      Size/MD5 checksum:  1422378 43efc6d431fc6d8c7587e18bd24fe8f2
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_m68k.deb
      Size/MD5 checksum:   282076 2d3fc00fe2260fb85062c0d8697f5a31
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_m68k.deb
      Size/MD5 checksum:   194600 ffe9f83876b5a9ac1c4527057e76f2a5
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_m68k.deb
      Size/MD5 checksum:  1246858 b9e8b7a88e11032e86697ca1570322f4

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_mips.deb
      Size/MD5 checksum:  1615618 6075fa7c13fa8ca8f3dc7258be8352d7
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_mips.deb
      Size/MD5 checksum:   304780 9f9632fc4b81f7091a3d06821188f8d1
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_mips.deb
      Size/MD5 checksum:   213104 f006c9731d11e3a04dbeca5c3590a15f
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_mips.deb
      Size/MD5 checksum:  1420708 45f88bb1c3af5021ecc06cce889cc752

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_mipsel.deb
      Size/MD5 checksum:  1596150 3448b7e38f8cb465b10e24aff4cf0194
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_mipsel.deb
      Size/MD5 checksum:   304294 eb86e3592b8d655e6365e3633784eed1
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_mipsel.deb
      Size/MD5 checksum:   212736 27602ffe5022eaa068cb72d2df940d13
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_mipsel.deb
      Size/MD5 checksum:  1404954 3e5de4a79c1b139c3b2f0ae179469be7

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_powerpc.deb
      Size/MD5 checksum:  1616730 f14611ce9d14d7dd4bdb68f944ff9d1b
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_powerpc.deb
      Size/MD5 checksum:   301440 2c0628a56ff3695877daf9f31dffc1ee
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_powerpc.deb
      Size/MD5 checksum:   208310 fce4f437ba8aaf2e258eaf322de1d070
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_powerpc.deb
      Size/MD5 checksum:  1417094 0d39172de87a53c1f048113606acaa01

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_s390.deb
      Size/MD5 checksum:  1573090 d6aa9760cfcf8e50085fbad1ac1c519a
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_s390.deb
      Size/MD5 checksum:   300270 17aee5bcac8c012541f30dc6fb594563
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_s390.deb
      Size/MD5 checksum:   203304 c6a7ea1eacb1d13748eaeeb54357b203
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_s390.deb
      Size/MD5 checksum:  1385758 d529f4ca3dd4c9275947beb24b462057

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_sparc.deb
      Size/MD5 checksum:  1580628 d29f917e447c05e878dc0d5133a6253e
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_sparc.deb
      Size/MD5 checksum:   317574 64bff1a09c7120f16d1ace0857b285d7
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_sparc.deb
      Size/MD5 checksum:   204094 1af2856d9cb07f3fb680a6891217b4b7
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_sparc.deb
      Size/MD5 checksum:  1387272 1b9ce45f55bdbf9ce990a058b0318c12


- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+57olArxCt0PiXR4RApciAKCKYCIHXaMeXen3Aer2edrpxJHJXACgvDTr
o50U1eMRBRl7Nfw87WrAKIM=
=SAEp
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ