lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20090501144649.GA9525@galadriel.inutil.org>
Date: Fri, 1 May 2009 16:46:49 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 1785-1] New wireshark packages
	fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1785-1                  security@...ian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
May 01, 2009                          http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : wireshark
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2009-1210 CVE-2009-1268 CVE-2009-1269

Several remote vulnerabilities have been discovered in the Wireshark
network traffic analyzer, which may lead to denial of service or the
execution of arbitrary code. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2009-1210

    A format string vulnerability was discovered in the PROFINET
    dissector.

CVE-2009-1268

    The dissector for the Check Point High-Availability Protocol
    could be forced to crash.

CVE-2009-1269

    Malformed Tektronix files could lead to a crash.

The old stable distribution (etch), is only affected by the
CPHAP crash, which doesn't warrant an update on its own. The fix
will be queued up for an upcoming security update or a point release.

For the stable distribution (lenny), these problems have been fixed in
version 1.0.2-3+lenny5.

For the unstable distribution (sid), these problems have been fixed in
version 1.0.7-1.

We recommend that you upgrade your wireshark packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5.dsc
    Size/MD5 checksum:     1501 b3a17f219c87c961b35ecd42649f3162
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5.diff.gz
    Size/MD5 checksum:   101699 5f1e2ad455d391b99f1b0e10fdb01606
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2.orig.tar.gz
    Size/MD5 checksum: 16935492 1834437f7c6dbed02082e7757133047d

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_alpha.deb
    Size/MD5 checksum:   730878 815eea657d82ccaa5b63eaf6c3c7f381
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_alpha.deb
    Size/MD5 checksum: 12100214 905b9c09b3fbc882febb0af6b4cef5f6
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_alpha.deb
    Size/MD5 checksum:   126580 03d8a47ed6c6d1ab7fccdc22efa667cd
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_alpha.deb
    Size/MD5 checksum:   569476 b0c251c829c5fcb415e833c9c334cd35

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_amd64.deb
    Size/MD5 checksum: 11872180 92384dd416ac63a999d10a3c697691c9
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_amd64.deb
    Size/MD5 checksum:   118488 45dc2934cf797bdc24044a2e2f9be9a4
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_amd64.deb
    Size/MD5 checksum:   659500 965baca8e755bcb11f130009ef9bc12b
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_amd64.deb
    Size/MD5 checksum:   583274 da0fbbd79779d6ae19e51fc546c9bfb7

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_arm.deb
    Size/MD5 checksum:   613798 e87592377139dcd68a5b3fac67e6bb16
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_arm.deb
    Size/MD5 checksum:   584000 6c67088dacf4720a066c6db5ebc93337
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_arm.deb
    Size/MD5 checksum: 10216512 f21e8b719dfc980eb7ae7034039c432a
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_arm.deb
    Size/MD5 checksum:   110818 b681333b90dcbbd680dab5052671e337

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_armel.deb
    Size/MD5 checksum: 10216300 91560627d9f15c59ade557986abd3519
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_armel.deb
    Size/MD5 checksum:   113278 0b36066d921e43404a4c85d7cc2493c1
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_armel.deb
    Size/MD5 checksum:   619654 8f9955bdf98a19e9b54b4ad819cd74fb
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_armel.deb
    Size/MD5 checksum:   584548 b9808f1e00c34bb49aea790b48061fa0

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_hppa.deb
    Size/MD5 checksum:   695086 f36bf0d98055841819b9b3839a0a8189
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_hppa.deb
    Size/MD5 checksum:   120288 da6829be3a76a54851795cf49f58d473
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_hppa.deb
    Size/MD5 checksum: 13276580 64a7a853d096e0fc99db298fbe98f460
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_hppa.deb
    Size/MD5 checksum:   582556 93d52e72ab8733c53c28c1e66cab8a73

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_i386.deb
    Size/MD5 checksum:   582848 ea57fc7c03a29c4ebe03c96b5ffbca56
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_i386.deb
    Size/MD5 checksum:   619190 a210bbe83969b492ee6da0798909c3fa
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_i386.deb
    Size/MD5 checksum: 10113510 dd3c1129fe3e1350398ca5ea65a89178
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_i386.deb
    Size/MD5 checksum:   111286 bedb1816542ca9319a16561f64d627b6

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_ia64.deb
    Size/MD5 checksum:   929950 9c31e886abb0cfbf52ea0da1f4ccad74
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_ia64.deb
    Size/MD5 checksum:   153672 02170cb1a0172a3bdb7a29a2ed9b7f12
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_ia64.deb
    Size/MD5 checksum:   569466 a9d0e6d240d29db562599b8cb63750d9
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_ia64.deb
    Size/MD5 checksum: 13690454 3056b0146c50963786406c0048642a22

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_mips.deb
    Size/MD5 checksum:   112952 6e67c164403df894d25863603bf20f43
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_mips.deb
    Size/MD5 checksum: 10429740 6553d71d68e52731241f0dc83b02329b
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_mips.deb
    Size/MD5 checksum:   636716 78dd552e011d08b3ad684139d55661f3
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_mips.deb
    Size/MD5 checksum:   569484 dac116cfa7eb3a4ade558cea06d465e5

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_mipsel.deb
    Size/MD5 checksum:   112968 47f018f83a7e926f4d9e90a6be20c170
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_mipsel.deb
    Size/MD5 checksum:   626732 c2908d4143379549d038e848adb4200e
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_mipsel.deb
    Size/MD5 checksum:  9730716 8cdb40dc02035f5ab45788c0c0d8fb5e
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_mipsel.deb
    Size/MD5 checksum:   569470 ef6483a532821c6db028ded13b68c2ce

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_powerpc.deb
    Size/MD5 checksum:   122156 36b42babe8468b5b44c98e6b85d71b5c
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_powerpc.deb
    Size/MD5 checksum:   569464 9c258ed03004a9a8c213b46f44bd839c
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_powerpc.deb
    Size/MD5 checksum: 11230120 b9c17ad442834c8a0e26c24a00ce625b
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_powerpc.deb
    Size/MD5 checksum:   677260 bc4776cfddd139098d8797105707567a

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_s390.deb
    Size/MD5 checksum:   670908 1e51b5daf82994c7f9bc438d6cf02929
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_s390.deb
    Size/MD5 checksum: 12490148 40a312a358fd3201036e178906686473
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_s390.deb
    Size/MD5 checksum:   569470 47e7d1cc5dd3e7ae69d23cb7150388f7
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_s390.deb
    Size/MD5 checksum:   121696 9ee1d87e7fe84000291e6eafa3c479c8

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_sparc.deb
    Size/MD5 checksum: 11289992 aab8af6c486ce6415eb4bd4555b25618
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_sparc.deb
    Size/MD5 checksum:   629260 07202801496e99004a92a618dc8c26ea
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_sparc.deb
    Size/MD5 checksum:   113246 e91ee3ba76dc7e9343251b651a9d24d0
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_sparc.deb
    Size/MD5 checksum:   569496 aa9859ef128ec7afddb566b2f84d9888

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkn7CvoACgkQXm3vHE4uylqSFACfYtIe3PKYFlZNfGodxD0gg4XP
KfcAoOVGWWbg20c+SSn8ltZP+wCsLzrr
=MC0u
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ