lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100131135849.GA2513@galadriel.inutil.org>
Date: Sun, 31 Jan 2010 14:58:49 +0100
From: Moritz Muehlenhoff <jmm@...ian.org>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 1983-1] New Wireshark packages
	fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1983-1                  security@...ian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
January 30, 2010                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : wireshark
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2009-4337 CVE-2010-0304

Several remote vulnerabilities have been discovered in the Wireshark
network traffic analyzer, which may lead to the execution of arbitrary
code or denial of service. The Common Vulnerabilities and Exposures
project identifies the following problems: 

CVE-2009-4337

    A NULL pointer dereference was found in the SMB/SMB2 dissectors.

CVE-2010-0304

    Several buffer overflows were found in the LWRES dissector.

For the stable distribution (lenny), this problem has been fixed in 
version 1.0.2-3+lenny8.

For the unstable distribution (sid) these problems have been fixed in
version 1.2.6-1.

We recommend that you upgrade your Wireshark packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8.dsc
    Size/MD5 checksum:     1502 fdea428453f7a02c0bbac530ad464d20
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2.orig.tar.gz
    Size/MD5 checksum: 16935492 1834437f7c6dbed02082e7757133047d
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8.diff.gz
    Size/MD5 checksum:   113938 c4b445b78e497e030976e82cafd8c42d

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_alpha.deb
    Size/MD5 checksum:   583714 668ac773a7ee3e1f55cf19a50633e204
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_alpha.deb
    Size/MD5 checksum: 12095504 96324d6c5e22c927211e26d807525402
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_alpha.deb
    Size/MD5 checksum:   731390 ab4c693296a8238efdaf03502e71cf8d
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_alpha.deb
    Size/MD5 checksum:   126232 eff006c86f3cc66294d70013d7ceb66b

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_amd64.deb
    Size/MD5 checksum:   659468 e5f67af41661dc409e5b52f37c6e3692
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_amd64.deb
    Size/MD5 checksum:   568622 8740a23b5dd403fb9454eda39cd0a8a3
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_amd64.deb
    Size/MD5 checksum: 11867392 f18229e426b81770a941a598e0ccca11
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_amd64.deb
    Size/MD5 checksum:   119064 aeea3094ec89c51dede1d33b2d4ccd68

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_arm.deb
    Size/MD5 checksum:   614174 1576c67c9ad3a82195918e81a6f4087d
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_arm.deb
    Size/MD5 checksum:   584402 7de0a936b738a89ac0ac575bfecccc89
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_arm.deb
    Size/MD5 checksum: 10214352 c06eea281c937286360517c7f7509009
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_arm.deb
    Size/MD5 checksum:   111076 1b5a43f81289533f541e5cc847667fed

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_armel.deb
    Size/MD5 checksum:   620254 64b1f4ed8d2eb9f0d241615b70e46f0f
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_armel.deb
    Size/MD5 checksum:   583668 43394e55529540e4bc0d37981960211f
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_armel.deb
    Size/MD5 checksum: 10218668 7f23f088bae091152e61bf141bfbcb0a
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_armel.deb
    Size/MD5 checksum:   112870 1e1aa32700aae99fbec2d3c155ee864a

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_i386.deb
    Size/MD5 checksum:   619466 c1a679a7e1d335e1e9feddf79836ed5c
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_i386.deb
    Size/MD5 checksum:   111494 b2750543efb8f395b3dc521b88cc918a
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_i386.deb
    Size/MD5 checksum: 10109718 29a40cbac678b483b9a4a66b9403ab88
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_i386.deb
    Size/MD5 checksum:   583250 59d912e3eaf394133ac6e9998601669a

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_ia64.deb
    Size/MD5 checksum:   153916 4fc862b2d124cc2dc2f0a66e9a3e93ad
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_ia64.deb
    Size/MD5 checksum:   569752 4710ceb0c9d81385cb49436dadeae671
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_ia64.deb
    Size/MD5 checksum: 13687480 ca6157b704e067ea2896a93a2585538c
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_ia64.deb
    Size/MD5 checksum:   930070 2207486fde31fd5a0ab6802db52bd818

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_mips.deb
    Size/MD5 checksum:   569824 97649ee57827bc0457d7d3109aad979f
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_mips.deb
    Size/MD5 checksum: 10428362 aa2e57c26344871a7207a9b40a24e9b4
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_mips.deb
    Size/MD5 checksum:   113232 631809792c778d8afd0cad51fbf795e1
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_mips.deb
    Size/MD5 checksum:   636972 37a54296214e58bb2e79ec741d554e59

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_mipsel.deb
    Size/MD5 checksum:  9729516 88aea35735f93ed40b78fb6eb034d306
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_mipsel.deb
    Size/MD5 checksum:   569836 dcd46532b9af203d7e9ee791b52a25a0
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_mipsel.deb
    Size/MD5 checksum:   113238 23907a5ef09f4869f82c7a8436d30301
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_mipsel.deb
    Size/MD5 checksum:   627004 866ed04fef75ed90b746a67428304f55

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_powerpc.deb
    Size/MD5 checksum:   122178 81d3c641d508b17f8fd8ce365e8c8085
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_powerpc.deb
    Size/MD5 checksum: 11232680 30510f3f026ea8b39d789dd0da02bfd6
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_powerpc.deb
    Size/MD5 checksum:   583938 a36bfd97b21516a0c848c229aeb5acb9
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_powerpc.deb
    Size/MD5 checksum:   677326 040fc1728ce81c21889f7812c8b23117

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_s390.deb
    Size/MD5 checksum: 12488346 6bc809171c6ac41dfe9d4303dbf6aeda
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_s390.deb
    Size/MD5 checksum:   584720 c4eb7f1bbde19d287ceb4a4c48f01c32
  http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_s390.deb
    Size/MD5 checksum:   122152 44fc5e4aa25b890f3981f618288e86d5
  http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_s390.deb
    Size/MD5 checksum:   671070 682574782e0c22d437d30cb886a66007


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAktljEUACgkQXm3vHE4uylqeuACfRr5ve+kbB4kCR833PVIsrWI8
Ug4AoKXvKJ8ioZPViXgubYlTUPvyjTcm
=i8eH
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ