Debian: DSA-1785-1: New wireshark packages fix several vulnerabilities

    Date01 May 2009
    CategoryDebian
    62
    Posted ByLinuxSecurity Advisories
    Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1785-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    	
    http://www.debian.org/security/                       Moritz Muehlenhoff
    May 01, 2009                          http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : wireshark
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CVE-2009-1210 CVE-2009-1268 CVE-2009-1269
    
    Several remote vulnerabilities have been discovered in the Wireshark
    network traffic analyzer, which may lead to denial of service or the
    execution of arbitrary code. The Common Vulnerabilities and Exposures
    project identifies the following problems:
    
    CVE-2009-1210
    
        A format string vulnerability was discovered in the PROFINET
        dissector.
    
    CVE-2009-1268
    
        The dissector for the Check Point High-Availability Protocol
        could be forced to crash.
    
    CVE-2009-1269
    
        Malformed Tektronix files could lead to a crash.
    
    The old stable distribution (etch), is only affected by the
    CPHAP crash, which doesn't warrant an update on its own. The fix
    will be queued up for an upcoming security update or a point release.
    
    For the stable distribution (lenny), these problems have been fixed in
    version 1.0.2-3+lenny5.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 1.0.7-1.
    
    We recommend that you upgrade your wireshark packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5.dsc
        Size/MD5 checksum:     1501 b3a17f219c87c961b35ecd42649f3162
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5.diff.gz
        Size/MD5 checksum:   101699 5f1e2ad455d391b99f1b0e10fdb01606
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2.orig.tar.gz
        Size/MD5 checksum: 16935492 1834437f7c6dbed02082e7757133047d
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_alpha.deb
        Size/MD5 checksum:   730878 815eea657d82ccaa5b63eaf6c3c7f381
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_alpha.deb
        Size/MD5 checksum: 12100214 905b9c09b3fbc882febb0af6b4cef5f6
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_alpha.deb
        Size/MD5 checksum:   126580 03d8a47ed6c6d1ab7fccdc22efa667cd
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_alpha.deb
        Size/MD5 checksum:   569476 b0c251c829c5fcb415e833c9c334cd35
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_amd64.deb
        Size/MD5 checksum: 11872180 92384dd416ac63a999d10a3c697691c9
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_amd64.deb
        Size/MD5 checksum:   118488 45dc2934cf797bdc24044a2e2f9be9a4
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_amd64.deb
        Size/MD5 checksum:   659500 965baca8e755bcb11f130009ef9bc12b
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_amd64.deb
        Size/MD5 checksum:   583274 da0fbbd79779d6ae19e51fc546c9bfb7
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_arm.deb
        Size/MD5 checksum:   613798 e87592377139dcd68a5b3fac67e6bb16
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_arm.deb
        Size/MD5 checksum:   584000 6c67088dacf4720a066c6db5ebc93337
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_arm.deb
        Size/MD5 checksum: 10216512 f21e8b719dfc980eb7ae7034039c432a
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_arm.deb
        Size/MD5 checksum:   110818 b681333b90dcbbd680dab5052671e337
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_armel.deb
        Size/MD5 checksum: 10216300 91560627d9f15c59ade557986abd3519
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_armel.deb
        Size/MD5 checksum:   113278 0b36066d921e43404a4c85d7cc2493c1
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_armel.deb
        Size/MD5 checksum:   619654 8f9955bdf98a19e9b54b4ad819cd74fb
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_armel.deb
        Size/MD5 checksum:   584548 b9808f1e00c34bb49aea790b48061fa0
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_hppa.deb
        Size/MD5 checksum:   695086 f36bf0d98055841819b9b3839a0a8189
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_hppa.deb
        Size/MD5 checksum:   120288 da6829be3a76a54851795cf49f58d473
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_hppa.deb
        Size/MD5 checksum: 13276580 64a7a853d096e0fc99db298fbe98f460
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_hppa.deb
        Size/MD5 checksum:   582556 93d52e72ab8733c53c28c1e66cab8a73
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_i386.deb
        Size/MD5 checksum:   582848 ea57fc7c03a29c4ebe03c96b5ffbca56
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_i386.deb
        Size/MD5 checksum:   619190 a210bbe83969b492ee6da0798909c3fa
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_i386.deb
        Size/MD5 checksum: 10113510 dd3c1129fe3e1350398ca5ea65a89178
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_i386.deb
        Size/MD5 checksum:   111286 bedb1816542ca9319a16561f64d627b6
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_ia64.deb
        Size/MD5 checksum:   929950 9c31e886abb0cfbf52ea0da1f4ccad74
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_ia64.deb
        Size/MD5 checksum:   153672 02170cb1a0172a3bdb7a29a2ed9b7f12
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_ia64.deb
        Size/MD5 checksum:   569466 a9d0e6d240d29db562599b8cb63750d9
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_ia64.deb
        Size/MD5 checksum: 13690454 3056b0146c50963786406c0048642a22
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_mips.deb
        Size/MD5 checksum:   112952 6e67c164403df894d25863603bf20f43
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_mips.deb
        Size/MD5 checksum: 10429740 6553d71d68e52731241f0dc83b02329b
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_mips.deb
        Size/MD5 checksum:   636716 78dd552e011d08b3ad684139d55661f3
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_mips.deb
        Size/MD5 checksum:   569484 dac116cfa7eb3a4ade558cea06d465e5
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_mipsel.deb
        Size/MD5 checksum:   112968 47f018f83a7e926f4d9e90a6be20c170
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_mipsel.deb
        Size/MD5 checksum:   626732 c2908d4143379549d038e848adb4200e
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_mipsel.deb
        Size/MD5 checksum:  9730716 8cdb40dc02035f5ab45788c0c0d8fb5e
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_mipsel.deb
        Size/MD5 checksum:   569470 ef6483a532821c6db028ded13b68c2ce
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_powerpc.deb
        Size/MD5 checksum:   122156 36b42babe8468b5b44c98e6b85d71b5c
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_powerpc.deb
        Size/MD5 checksum:   569464 9c258ed03004a9a8c213b46f44bd839c
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_powerpc.deb
        Size/MD5 checksum: 11230120 b9c17ad442834c8a0e26c24a00ce625b
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_powerpc.deb
        Size/MD5 checksum:   677260 bc4776cfddd139098d8797105707567a
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_s390.deb
        Size/MD5 checksum:   670908 1e51b5daf82994c7f9bc438d6cf02929
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_s390.deb
        Size/MD5 checksum: 12490148 40a312a358fd3201036e178906686473
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_s390.deb
        Size/MD5 checksum:   569470 47e7d1cc5dd3e7ae69d23cb7150388f7
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_s390.deb
        Size/MD5 checksum:   121696 9ee1d87e7fe84000291e6eafa3c479c8
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_sparc.deb
        Size/MD5 checksum: 11289992 aab8af6c486ce6415eb4bd4555b25618
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_sparc.deb
        Size/MD5 checksum:   629260 07202801496e99004a92a618dc8c26ea
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_sparc.deb
        Size/MD5 checksum:   113246 e91ee3ba76dc7e9343251b651a9d24d0
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_sparc.deb
        Size/MD5 checksum:   569496 aa9859ef128ec7afddb566b2f84d9888
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"37","type":"x","order":"1","pct":51.39,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":13.89,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"25","type":"x","order":"3","pct":34.72,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.