Debian: DSA-1983-1: New Wireshark packages fix several vulnerabilities

    Date31 Jan 2010
    CategoryDebian
    31
    Posted ByLinuxSecurity Advisories
    Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems:
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1983-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                       Moritz Muehlenhoff
    January 30, 2010                      http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : wireshark
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2009-4337 CVE-2010-0304
    
    Several remote vulnerabilities have been discovered in the Wireshark
    network traffic analyzer, which may lead to the execution of arbitrary
    code or denial of service. The Common Vulnerabilities and Exposures
    project identifies the following problems: 
    
    CVE-2009-4337
    
        A NULL pointer dereference was found in the SMB/SMB2 dissectors.
    
    CVE-2010-0304
    
        Several buffer overflows were found in the LWRES dissector.
    
    For the stable distribution (lenny), this problem has been fixed in 
    version 1.0.2-3+lenny8.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 1.2.6-1.
    
    We recommend that you upgrade your Wireshark packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8.dsc
        Size/MD5 checksum:     1502 fdea428453f7a02c0bbac530ad464d20
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2.orig.tar.gz
        Size/MD5 checksum: 16935492 1834437f7c6dbed02082e7757133047d
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8.diff.gz
        Size/MD5 checksum:   113938 c4b445b78e497e030976e82cafd8c42d
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_alpha.deb
        Size/MD5 checksum:   583714 668ac773a7ee3e1f55cf19a50633e204
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_alpha.deb
        Size/MD5 checksum: 12095504 96324d6c5e22c927211e26d807525402
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_alpha.deb
        Size/MD5 checksum:   731390 ab4c693296a8238efdaf03502e71cf8d
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_alpha.deb
        Size/MD5 checksum:   126232 eff006c86f3cc66294d70013d7ceb66b
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_amd64.deb
        Size/MD5 checksum:   659468 e5f67af41661dc409e5b52f37c6e3692
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_amd64.deb
        Size/MD5 checksum:   568622 8740a23b5dd403fb9454eda39cd0a8a3
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_amd64.deb
        Size/MD5 checksum: 11867392 f18229e426b81770a941a598e0ccca11
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_amd64.deb
        Size/MD5 checksum:   119064 aeea3094ec89c51dede1d33b2d4ccd68
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_arm.deb
        Size/MD5 checksum:   614174 1576c67c9ad3a82195918e81a6f4087d
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_arm.deb
        Size/MD5 checksum:   584402 7de0a936b738a89ac0ac575bfecccc89
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_arm.deb
        Size/MD5 checksum: 10214352 c06eea281c937286360517c7f7509009
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_arm.deb
        Size/MD5 checksum:   111076 1b5a43f81289533f541e5cc847667fed
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_armel.deb
        Size/MD5 checksum:   620254 64b1f4ed8d2eb9f0d241615b70e46f0f
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_armel.deb
        Size/MD5 checksum:   583668 43394e55529540e4bc0d37981960211f
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_armel.deb
        Size/MD5 checksum: 10218668 7f23f088bae091152e61bf141bfbcb0a
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_armel.deb
        Size/MD5 checksum:   112870 1e1aa32700aae99fbec2d3c155ee864a
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_i386.deb
        Size/MD5 checksum:   619466 c1a679a7e1d335e1e9feddf79836ed5c
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_i386.deb
        Size/MD5 checksum:   111494 b2750543efb8f395b3dc521b88cc918a
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_i386.deb
        Size/MD5 checksum: 10109718 29a40cbac678b483b9a4a66b9403ab88
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_i386.deb
        Size/MD5 checksum:   583250 59d912e3eaf394133ac6e9998601669a
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_ia64.deb
        Size/MD5 checksum:   153916 4fc862b2d124cc2dc2f0a66e9a3e93ad
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_ia64.deb
        Size/MD5 checksum:   569752 4710ceb0c9d81385cb49436dadeae671
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_ia64.deb
        Size/MD5 checksum: 13687480 ca6157b704e067ea2896a93a2585538c
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_ia64.deb
        Size/MD5 checksum:   930070 2207486fde31fd5a0ab6802db52bd818
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_mips.deb
        Size/MD5 checksum:   569824 97649ee57827bc0457d7d3109aad979f
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_mips.deb
        Size/MD5 checksum: 10428362 aa2e57c26344871a7207a9b40a24e9b4
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_mips.deb
        Size/MD5 checksum:   113232 631809792c778d8afd0cad51fbf795e1
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_mips.deb
        Size/MD5 checksum:   636972 37a54296214e58bb2e79ec741d554e59
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_mipsel.deb
        Size/MD5 checksum:  9729516 88aea35735f93ed40b78fb6eb034d306
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_mipsel.deb
        Size/MD5 checksum:   569836 dcd46532b9af203d7e9ee791b52a25a0
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_mipsel.deb
        Size/MD5 checksum:   113238 23907a5ef09f4869f82c7a8436d30301
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_mipsel.deb
        Size/MD5 checksum:   627004 866ed04fef75ed90b746a67428304f55
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_powerpc.deb
        Size/MD5 checksum:   122178 81d3c641d508b17f8fd8ce365e8c8085
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_powerpc.deb
        Size/MD5 checksum: 11232680 30510f3f026ea8b39d789dd0da02bfd6
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_powerpc.deb
        Size/MD5 checksum:   583938 a36bfd97b21516a0c848c229aeb5acb9
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_powerpc.deb
        Size/MD5 checksum:   677326 040fc1728ce81c21889f7812c8b23117
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_s390.deb
        Size/MD5 checksum: 12488346 6bc809171c6ac41dfe9d4303dbf6aeda
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_s390.deb
        Size/MD5 checksum:   584720 c4eb7f1bbde19d287ceb4a4c48f01c32
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_s390.deb
        Size/MD5 checksum:   122152 44fc5e4aa25b890f3981f618288e86d5
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_s390.deb
        Size/MD5 checksum:   671070 682574782e0c22d437d30cb886a66007
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"13","type":"x","order":"1","pct":52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":16,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"8","type":"x","order":"3","pct":32,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.