Debian: DSA-2127-1: New wireshark packages fix denial of service

    Date28 Nov 2010
    CategoryDebian
    42
    Posted ByLinuxSecurity Advisories
    A flaw has been found in wireshark, a network protocol analyzer. It was found that the ASN.1 BER dissector was susceptible to a stack overflow, causing the application to crash.
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-2127-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                           Stefan Fritsch
    November 28, 2010                     http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : wireshark
    Vulnerability  : denial of service
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2010-3445
    
    A flaw has been found in wireshark, a network protocol analyzer.
    
    It was found that the ASN.1 BER dissector was susceptible to a stack
    overflow, causing the application to crash.
    
    For the stable distribution (lenny), the problem has been fixed in
    version 1.0.2-3+lenny11.
    
    For the testing distribution (squeeze) and the unstable distribution
    (sid), this problem has been fixed in version 1.2.11-3.
    
    We recommend that you upgrade your wireshark packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 5.0 alias lenny (stable)
    - -----------------------------------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11.dsc
        Size/MD5 checksum:     1498 ede32e4d884f4c2d7667330826e9a04b
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11.diff.gz
        Size/MD5 checksum:   121370 7ae7657ce157c3474100c23d7f58921a
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2.orig.tar.gz
        Size/MD5 checksum: 16935492 1834437f7c6dbed02082e7757133047d
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny11_alpha.deb
        Size/MD5 checksum:   127140 ddd8b9363b2eb6d87d9bc575fb4499a6
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny11_alpha.deb
        Size/MD5 checksum: 12097874 afbb14ffff46d6ff3d2b92f4d3d81d74
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11_alpha.deb
        Size/MD5 checksum:   731282 b6fb61a98d168b6816d975450aecbfeb
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny11_alpha.deb
        Size/MD5 checksum:   570116 906a2aecf1bc7427d7fd1f97a966de05
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11_amd64.deb
        Size/MD5 checksum:   659916 a63ddfeed5aef099b6120261082fa733
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny11_amd64.deb
        Size/MD5 checksum: 11867544 c59628a40342882870286ab37a69b497
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny11_amd64.deb
        Size/MD5 checksum:   582606 570607f9879b070b3624d0b8456134f4
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny11_amd64.deb
        Size/MD5 checksum:   118676 a63044f6131a32d45eb03c829a25617a
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11_arm.deb
        Size/MD5 checksum:   614548 074627f234366acbecada0fcc5d28009
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny11_arm.deb
        Size/MD5 checksum:   584614 b983430bb3fbfea9a0edd4f67d51ba47
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny11_arm.deb
        Size/MD5 checksum:   111398 d94d5d4c3a067178a2f39844ce9b269e
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny11_arm.deb
        Size/MD5 checksum: 10215064 87252f38b68dd0a3879ca181a7f75c35
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11_armel.deb
        Size/MD5 checksum:   620550 b27e69d1998888899d20cd3f47edd583
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny11_armel.deb
        Size/MD5 checksum: 10219406 f7951d86289f45acf75f6cbd70c90167
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny11_armel.deb
        Size/MD5 checksum:   584478 e8f400e6dcdbf843d6529b5261759108
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny11_armel.deb
        Size/MD5 checksum:   113256 00de91d26cfa97199815aa85f44af8fa
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11_hppa.deb
        Size/MD5 checksum:   694930 eb06f49619d10fd5bcc464cb4cf5ac7f
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny11_hppa.deb
        Size/MD5 checksum: 13271200 dbca0cd27504a965e578402029ace8d2
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny11_hppa.deb
        Size/MD5 checksum:   584380 b56c2acc0f81d002c64e1e34fdaab6ab
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny11_hppa.deb
        Size/MD5 checksum:   121264 a7a2dc7a854ce7c10c7e4e98bbdeddd7
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny11_i386.deb
        Size/MD5 checksum:   583908 247b65850a9e4f4f90ce819f6f161f02
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11_i386.deb
        Size/MD5 checksum:   619522 570b4486f11c11c7f8fe56e4bf62a01a
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny11_i386.deb
        Size/MD5 checksum:   111752 48be11d6de38ccb669c19363048c6ced
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny11_i386.deb
        Size/MD5 checksum: 10110598 87f2abd1a41cc5ca00516484febb45fc
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny11_ia64.deb
        Size/MD5 checksum: 13688704 72770772a07146e05cb6ca8327a9a55a
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny11_ia64.deb
        Size/MD5 checksum:   570068 cdfb5b2c407bed0258c7fe0ed446fa7c
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11_ia64.deb
        Size/MD5 checksum:   930214 f6c9fc8c3faab1a160b488dc8c46d1bd
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny11_ia64.deb
        Size/MD5 checksum:   154218 a0ff42dda32caac8d0164ea09ee0e936
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny11_mips.deb
        Size/MD5 checksum: 10425236 2e9ad3a84d25fdf956619a7c6c7793c1
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny11_mips.deb
        Size/MD5 checksum:   112578 1e59a12bb78eb608a0334b8df1a9b81f
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11_mips.deb
        Size/MD5 checksum:   637004 cda2da701f506b52421884869c3926a6
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny11_mips.deb
        Size/MD5 checksum:   584034 16ea9d6ee04c6fa8ad274575e4862c87
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11_mipsel.deb
        Size/MD5 checksum:   627232 5c2c17a7607151081816e0930b5056d6
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny11_mipsel.deb
        Size/MD5 checksum:   570136 e09ed325c9a02e0fb6c32cbe1e4609a2
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny11_mipsel.deb
        Size/MD5 checksum:  9729956 edf0c565cd14b1077cfa56919fbf8d1b
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny11_mipsel.deb
        Size/MD5 checksum:   113540 04f3733f583ba2738de81169e7a89d25
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny11_powerpc.deb
        Size/MD5 checksum:   123378 bde47d439f17d7ac08b2fb2c0d7507af
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny11_powerpc.deb
        Size/MD5 checksum: 11228464 b1c664cc530fb3eb5b02f544714c102a
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny11_powerpc.deb
        Size/MD5 checksum:   584218 44bc3a81833dcd82e40c4032ae236c46
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11_powerpc.deb
        Size/MD5 checksum:   677510 bcf313da7be9a0e2a3a97ab30cd0c249
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny11_s390.deb
        Size/MD5 checksum:   584968 223847ae291e2730a6833ce47ef10054
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11_s390.deb
        Size/MD5 checksum:   671366 9a91bbaf44370291fd5734e454732e55
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny11_s390.deb
        Size/MD5 checksum: 12487278 400a5a365767232901684949bffe0645
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny11_s390.deb
        Size/MD5 checksum:   122458 f6a7ace9f582d20d486882171ca91f58
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny11_sparc.deb
        Size/MD5 checksum:   113616 22bfc088d10c1576d6849d40259d9751
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11_sparc.deb
        Size/MD5 checksum:   629674 e58d65909a998e25ae9ed984df11cdda
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny11_sparc.deb
        Size/MD5 checksum: 11287652 a7da087bd290e888c239415787d97aad
      http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny11_sparc.deb
        Size/MD5 checksum:   583798 ae571d07e569b08aeb40f0302c8e7026
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    Advisories

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.