lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060728054107.GA5499@galadriel.inutil.org>
Date: Fri, 28 Jul 2006 07:41:07 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: debian-security-announce@...ts.debian.org
Cc: 
Subject: [SECURITY] [DSA 1127-1] New ethereal packages fix
	several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1127-1                    security@...ian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
July 28th, 2006                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : ethereal
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2006-3628 CVE-2006-3629 CVE-2006-3630 CVE-2006-3631 CVE-2006-3632
Debian Bug     : 373913 375694

Several remote vulnerabilities have been discovered in the Ethereal network
sniffer, which may lead to the execution of arbitrary code. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-3628

    Ilja van Sprundel discovered that the FW-1 and MQ dissectors are
    vulnerable to format string attacks.

CVE-2006-3629

    Ilja van Sprundel discovered that the MOUNT dissector is vulnerable
    to denial of service through memory exhaustion.

CVE-2006-3630

    Ilja van Sprundel discovered off-by-one overflows in the NCP NMAS and
    NDPS dissectors.

CVE-2006-3631

    Ilja van Sprundel discovered a buffer overflow in the NFS dissector.

CVE-2006-3632

    Ilja van Sprundel discovered that the SSH dissector is vulnerable
    to denial of service through an infinite loop.

For the stable distribution (sarge) these problems have been fixed in
version 0.10.10-2sarge6.

For the unstable distribution (sid) these problems have been fixed in
version 0.99.2-1 of wireshark, the sniffer formerly known as ethereal.

We recommend that you upgrade your ethereal packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6.dsc
      Size/MD5 checksum:      855 c707f586104e8686d9d2244ce2d7a506
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6.diff.gz
      Size/MD5 checksum:   173252 9c9821b8ebead45753446356c22cb578
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
      Size/MD5 checksum:  7411510 e6b74468412c17bb66cd459bfb61471c

  Alpha architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_alpha.deb
      Size/MD5 checksum:   542792 15de1eb27365d6cae79d8d702e090f13
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_alpha.deb
      Size/MD5 checksum:  5475590 bef681e66102e67d36b7e6a42c2c2c3f
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_alpha.deb
      Size/MD5 checksum:   154412 847bd247de53a90c7280043bedac7d93
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_alpha.deb
      Size/MD5 checksum:   106004 bee2da8a58d6e84c05b6a80537183694

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_amd64.deb
      Size/MD5 checksum:   486278 e6239c6efadea1399ad1fcab5a0da5f3
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_amd64.deb
      Size/MD5 checksum:  5333976 61bcb38c72686eeb7e8587179ab7594f
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_amd64.deb
      Size/MD5 checksum:   154406 a13fdfd340be02a602f6fc576f166005
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_amd64.deb
      Size/MD5 checksum:    99298 7dd892a57430d66f7c97088b8c1eb187

  ARM architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_arm.deb
      Size/MD5 checksum:   472738 a10f7886e67d41949ec8488715276ca7
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_arm.deb
      Size/MD5 checksum:  4687198 d18c46329bf526579e7c1af409323610
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_arm.deb
      Size/MD5 checksum:   154434 5c23b40f20e4079a6c58c697914b54ef
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_arm.deb
      Size/MD5 checksum:    95276 a56fa4124bd4193ec75bdedeaefcb47b

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_i386.deb
      Size/MD5 checksum:   443394 e72fd2ff7eec3cbd08fc07ed9458aada
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_i386.deb
      Size/MD5 checksum:  4495996 9e1aebd1a408bf7472608917660ce9aa
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_i386.deb
      Size/MD5 checksum:   154398 d84eaeb2fae751e3b36046e87c1981e1
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_i386.deb
      Size/MD5 checksum:    90684 c699e114b221acd10350cf8b51c608b9

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_ia64.deb
      Size/MD5 checksum:   674208 354b3cc9866e6fefe48b38925a48ae32
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_ia64.deb
      Size/MD5 checksum:  6628612 e72ee2bfd8b6997a121c8a95b6742e4f
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_ia64.deb
      Size/MD5 checksum:   154382 da6b4cf3246a63b4b8b94bc0db6d3dac
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_ia64.deb
      Size/MD5 checksum:   128860 370f38c0c53088195b7418d3af996d35

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_hppa.deb
      Size/MD5 checksum:   489076 bf76e69441ef032d5d8ad8420b5b25b8
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_hppa.deb
      Size/MD5 checksum:  5786654 7e88aabad273d3dd0e239f78ecc35491
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_hppa.deb
      Size/MD5 checksum:   154442 325e842eae1b96b8a33ec8ae025739e2
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_hppa.deb
      Size/MD5 checksum:    98192 7400d5ce588c3899f6e2b43f945bde6e

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_m68k.deb
      Size/MD5 checksum:   447546 489e9c8ae8069112a937c8a26d297709
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_m68k.deb
      Size/MD5 checksum:  5564820 636aff3dca750cb3ac139c21404c49a1
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_m68k.deb
      Size/MD5 checksum:   154472 776225c24043d3056c5b45914f24450a
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_m68k.deb
      Size/MD5 checksum:    90680 98475c71576aaee068be4ff5353050fe

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_mips.deb
      Size/MD5 checksum:   462502 716d233fbf38161464290950590a071f
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_mips.deb
      Size/MD5 checksum:  4723270 60f129963a2ce9ffbd599b60cfba11cd
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_mips.deb
      Size/MD5 checksum:   154406 386b68e0403f729687d82786afb0241d
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_mips.deb
      Size/MD5 checksum:    94498 af2ed192e6d4690d263f01127a8edfee

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_mipsel.deb
      Size/MD5 checksum:   457750 ef72d36a3f9fa3945a98c14abc62e2ce
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_mipsel.deb
      Size/MD5 checksum:  4459970 36bf7f5d57e23e14d1ade0bf9f9d49b0
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_mipsel.deb
      Size/MD5 checksum:   154416 5d36a2d02f29374ef45bcdb1597423c5
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_mipsel.deb
      Size/MD5 checksum:    94410 c585ae00dadccef338c292c1a2c268f9

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_powerpc.deb
      Size/MD5 checksum:   455484 893d1f6bbc3097840ba7e53cc542bbee
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_powerpc.deb
      Size/MD5 checksum:  5067540 e17cde3f8ff57a31a12270cb5d701257
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_powerpc.deb
      Size/MD5 checksum:   154414 7b51770205dc37fc2fde1fd9ca344dda
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_powerpc.deb
      Size/MD5 checksum:    94112 7a49b609694e1eea450e621da3b2bc1f

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_s390.deb
      Size/MD5 checksum:   479470 528b47d9a5c453856edd9b6df28ebae7
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_s390.deb
      Size/MD5 checksum:  5620570 874edf4f0f86ab3aee3f48a55f95f0d0
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_s390.deb
      Size/MD5 checksum:   154400 86f2d581fa46af34788e0629c6e62ec5
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_s390.deb
      Size/MD5 checksum:    99696 1b622377fb056fe37b8104d295e56d28

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_sparc.deb
      Size/MD5 checksum:   465138 ad9fd25554415ff19dba6b89b5d48513
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_sparc.deb
      Size/MD5 checksum:  5129848 f1a7015616428128a1c65394226a87fe
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_sparc.deb
      Size/MD5 checksum:   154424 ff78808097ae2bc2b4ed753f1b76f1b9
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_sparc.deb
      Size/MD5 checksum:    93600 a97f833739a88b5484b59989be966d0d


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEyaMXXm3vHE4uyloRAvMLAKCmEhnqBdURa2zVfJoWKPWjj/wIJwCdFE3B
2nDYi9cpb0AmiNjuFJjUcLs=
=hiNY
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ