Linux Security
Linux Security
Linux Security

Debian: ethereal fix several vulnerabilities DSA-1127-1

Date 27 Jul 2006
Posted By LinuxSecurity Advisories
Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1127-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.                         Moritz Muehlenhoff
July 28th, 2006               
- --------------------------------------------------------------------------

Package        : ethereal
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2006-3628 CVE-2006-3629 CVE-2006-3630 CVE-2006-3631 CVE-2006-3632
Debian Bug     : 373913 375694

Several remote vulnerabilities have been discovered in the Ethereal network
sniffer, which may lead to the execution of arbitrary code. The Common
Vulnerabilities and Exposures project identifies the following problems:


    Ilja van Sprundel discovered that the FW-1 and MQ dissectors are
    vulnerable to format string attacks.


    Ilja van Sprundel discovered that the MOUNT dissector is vulnerable
    to denial of service through memory exhaustion.


    Ilja van Sprundel discovered off-by-one overflows in the NCP NMAS and
    NDPS dissectors.


    Ilja van Sprundel discovered a buffer overflow in the NFS dissector.


    Ilja van Sprundel discovered that the SSH dissector is vulnerable
    to denial of service through an infinite loop.

For the stable distribution (sarge) these problems have been fixed in
version 0.10.10-2sarge6.

For the unstable distribution (sid) these problems have been fixed in
version 0.99.2-1 of wireshark, the sniffer formerly known as ethereal.

We recommend that you upgrade your ethereal packages.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:      855 c707f586104e8686d9d2244ce2d7a506
      Size/MD5 checksum:   173252 9c9821b8ebead45753446356c22cb578
      Size/MD5 checksum:  7411510 e6b74468412c17bb66cd459bfb61471c

  Alpha architecture:
      Size/MD5 checksum:   542792 15de1eb27365d6cae79d8d702e090f13
      Size/MD5 checksum:  5475590 bef681e66102e67d36b7e6a42c2c2c3f
      Size/MD5 checksum:   154412 847bd247de53a90c7280043bedac7d93
      Size/MD5 checksum:   106004 bee2da8a58d6e84c05b6a80537183694

  AMD64 architecture:
      Size/MD5 checksum:   486278 e6239c6efadea1399ad1fcab5a0da5f3
      Size/MD5 checksum:  5333976 61bcb38c72686eeb7e8587179ab7594f
      Size/MD5 checksum:   154406 a13fdfd340be02a602f6fc576f166005
      Size/MD5 checksum:    99298 7dd892a57430d66f7c97088b8c1eb187

  ARM architecture:
      Size/MD5 checksum:   472738 a10f7886e67d41949ec8488715276ca7
      Size/MD5 checksum:  4687198 d18c46329bf526579e7c1af409323610
      Size/MD5 checksum:   154434 5c23b40f20e4079a6c58c697914b54ef
      Size/MD5 checksum:    95276 a56fa4124bd4193ec75bdedeaefcb47b

  Intel IA-32 architecture:
      Size/MD5 checksum:   443394 e72fd2ff7eec3cbd08fc07ed9458aada
      Size/MD5 checksum:  4495996 9e1aebd1a408bf7472608917660ce9aa
      Size/MD5 checksum:   154398 d84eaeb2fae751e3b36046e87c1981e1
      Size/MD5 checksum:    90684 c699e114b221acd10350cf8b51c608b9

  Intel IA-64 architecture:
      Size/MD5 checksum:   674208 354b3cc9866e6fefe48b38925a48ae32
      Size/MD5 checksum:  6628612 e72ee2bfd8b6997a121c8a95b6742e4f
      Size/MD5 checksum:   154382 da6b4cf3246a63b4b8b94bc0db6d3dac
      Size/MD5 checksum:   128860 370f38c0c53088195b7418d3af996d35

  HP Precision architecture:
      Size/MD5 checksum:   489076 bf76e69441ef032d5d8ad8420b5b25b8
      Size/MD5 checksum:  5786654 7e88aabad273d3dd0e239f78ecc35491
      Size/MD5 checksum:   154442 325e842eae1b96b8a33ec8ae025739e2
      Size/MD5 checksum:    98192 7400d5ce588c3899f6e2b43f945bde6e

  Motorola 680x0 architecture:
      Size/MD5 checksum:   447546 489e9c8ae8069112a937c8a26d297709
      Size/MD5 checksum:  5564820 636aff3dca750cb3ac139c21404c49a1
      Size/MD5 checksum:   154472 776225c24043d3056c5b45914f24450a
      Size/MD5 checksum:    90680 98475c71576aaee068be4ff5353050fe

  Big endian MIPS architecture:
      Size/MD5 checksum:   462502 716d233fbf38161464290950590a071f
      Size/MD5 checksum:  4723270 60f129963a2ce9ffbd599b60cfba11cd
      Size/MD5 checksum:   154406 386b68e0403f729687d82786afb0241d
      Size/MD5 checksum:    94498 af2ed192e6d4690d263f01127a8edfee

  Little endian MIPS architecture:
      Size/MD5 checksum:   457750 ef72d36a3f9fa3945a98c14abc62e2ce
      Size/MD5 checksum:  4459970 36bf7f5d57e23e14d1ade0bf9f9d49b0
      Size/MD5 checksum:   154416 5d36a2d02f29374ef45bcdb1597423c5
      Size/MD5 checksum:    94410 c585ae00dadccef338c292c1a2c268f9

  PowerPC architecture:
      Size/MD5 checksum:   455484 893d1f6bbc3097840ba7e53cc542bbee
      Size/MD5 checksum:  5067540 e17cde3f8ff57a31a12270cb5d701257
      Size/MD5 checksum:   154414 7b51770205dc37fc2fde1fd9ca344dda
      Size/MD5 checksum:    94112 7a49b609694e1eea450e621da3b2bc1f

  IBM S/390 architecture:
      Size/MD5 checksum:   479470 528b47d9a5c453856edd9b6df28ebae7
      Size/MD5 checksum:  5620570 874edf4f0f86ab3aee3f48a55f95f0d0
      Size/MD5 checksum:   154400 86f2d581fa46af34788e0629c6e62ec5
      Size/MD5 checksum:    99696 1b622377fb056fe37b8104d295e56d28

  Sun Sparc architecture:
      Size/MD5 checksum:   465138 ad9fd25554415ff19dba6b89b5d48513
      Size/MD5 checksum:  5129848 f1a7015616428128a1c65394226a87fe
      Size/MD5 checksum:   154424 ff78808097ae2bc2b4ed753f1b76f1b9
      Size/MD5 checksum:    93600 a97f833739a88b5484b59989be966d0d

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"52","type":"x","order":"1","pct":80,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"8","type":"x","order":"2","pct":12.31,"resources":[]},{"id":"181","title":"Hardly ever","votes":"5","type":"x","order":"3","pct":7.69,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.