Debian: Subject: [DSA 1322-1] New wireshark packages fix denial of service

    Date29 Jun 2007
    CategoryDebian
    2967
    Posted ByLinuxSecurity Advisories
    Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service. One security flaw was is Off-by-one overflows were discovered in the iSeries dissector.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1322-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                         Moritz Muehlenhoff
    June 27th, 2007                         http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : wireshark
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CVE-2007-3390 CVE-2007-3392 CVE-2007-3393
    
    Several remote vulnerabilities have been discovered in the Wireshark
    network traffic analyzer, which may lead to denial of service. The Common
    Vulnerabilities and Exposures project identifies the following problems:
    
    CVE-2007-3390
    
        Off-by-one overflows were discovered in the iSeries dissector.
    
    CVE-2007-3392
    
        The MMS and SSL dissectors could be forced into an infinite loop.
    
    CVE-2007-3393
    
        An off-by-one overflow was discovered in the DHCP/BOOTP dissector.
    
    The oldstable distribution (sarge) is not affected by these problems.
    (In Sarge Wireshark used to be called Ethereal).
    
    For the stable distribution (etch) these problems have been fixed
    in version 0.99.4-5.etch.0. Packages for the big endian MIPS architecture
    are not yet available. They will be provided later.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 0.99.6pre1-1.
    
    We recommend that you upgrade your Wireshark packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0.dsc
          Size/MD5 checksum:     1066 18ea1bc407fe203089596126d9429c64
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0.diff.gz
          Size/MD5 checksum:    40945 82b8a22a1cc100e5649f278cabbcce4f
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4.orig.tar.gz
          Size/MD5 checksum: 13306790 2556a31d0d770dd1990bd67b98bd2f9b
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_alpha.deb
          Size/MD5 checksum:    21714 5515a1d74b23c4ed53dafe1b15709263
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_alpha.deb
          Size/MD5 checksum:    21998 5d86aaf5e6ee3c8988ebaa9d07a2b05c
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_alpha.deb
          Size/MD5 checksum:    21728 b58962a1f2f4797df61c9b465cb3e35c
        http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_alpha.deb
          Size/MD5 checksum:    21722 5b4ee85d1b6f0b14f46604449af500dc
        http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_alpha.deb
          Size/MD5 checksum:   117204 48df4ca3664055b38c4bfa5c8196dc5a
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_alpha.deb
          Size/MD5 checksum:   674230 0ca5f13b6e7180c0b399a1ca1a3f9a7a
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_alpha.deb
          Size/MD5 checksum:  9319268 fcf022b011151abcf1d7665c7b9a98a4
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_alpha.deb
          Size/MD5 checksum:   181530 d4a0de99d59ecd1a3e818416d31a2d32
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_amd64.deb
          Size/MD5 checksum:    22304 0cb411bd110cb7be99f0b426e52b68da
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_amd64.deb
          Size/MD5 checksum:    22658 f8f1820a2ef75ad8d693be9a235a16bf
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_amd64.deb
          Size/MD5 checksum:    22320 f59c3f8f5fd407e89852b9fca9c46796
        http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_amd64.deb
          Size/MD5 checksum:    22316 bb9fc8d3d87f2806cefb9b80e4586c1c
        http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_amd64.deb
          Size/MD5 checksum:   111908 df3804d4217ae00add067fc51945c364
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_amd64.deb
          Size/MD5 checksum:   618876 de929e23361608de180194014ba3dfb3
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_amd64.deb
          Size/MD5 checksum:  9119392 d1b55c76cf166fdf7eb4879f86c44172
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_amd64.deb
          Size/MD5 checksum:   182432 1de618e6d9329d8dccdcffeb05fe53f3
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_arm.deb
          Size/MD5 checksum:    22316 0e5352966a09a5fa041022147f2a9b53
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_arm.deb
          Size/MD5 checksum:    22668 613c622873d343159cc9c0984aa325f3
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_arm.deb
          Size/MD5 checksum:    22332 9b73d9aaeaeb891ce7d659740c6ae9d7
        http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_arm.deb
          Size/MD5 checksum:    22320 c637dd98c27c170e187ef87ecb6dc7c5
        http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_arm.deb
          Size/MD5 checksum:   107000 e69e002af997a089144715e0e501f33a
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_arm.deb
          Size/MD5 checksum:   599904 5e8585ed879881538e4ea44f578ea9c6
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_arm.deb
          Size/MD5 checksum:  7736294 5f11a040dc06078a0843b78aa993580e
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_arm.deb
          Size/MD5 checksum:   182500 242a2963cc896d774292242258c18786
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_hppa.deb
          Size/MD5 checksum:    22316 4f295cee393b825ae73a60eb694da772
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_hppa.deb
          Size/MD5 checksum:    22672 0d397721bcf28c7268e2d4736473e490
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_hppa.deb
          Size/MD5 checksum:    22330 ee837e7dccc49230e2db2dfc1fa09d97
        http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_hppa.deb
          Size/MD5 checksum:    22328 b274f47d80d637a96c3892939423ced7
        http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_hppa.deb
          Size/MD5 checksum:   109664 1e8ffc76ca080b304b94c597e7ea7bed
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_hppa.deb
          Size/MD5 checksum:   634466 f03c0ab3d06e70169200462a058f9bc4
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_hppa.deb
          Size/MD5 checksum:  9855478 a381ffdb98d20bbfc4bdde48023ee99b
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_hppa.deb
          Size/MD5 checksum:   182472 fcd914e3796cfedc18200b0cc889fd31
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_i386.deb
          Size/MD5 checksum:    22314 99055a9aaf39d425e31ccd68804dae8e
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_i386.deb
          Size/MD5 checksum:    22682 5979a9752e877a8755867454757c1fcd
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_i386.deb
          Size/MD5 checksum:    22330 9f49b78cf81fa447e8b9beff925beb51
        http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_i386.deb
          Size/MD5 checksum:    22324 204947893bde8c2b5a79855c29a622bb
        http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_i386.deb
          Size/MD5 checksum:   102014 73e0509bd61b62f01d3552f36c1f34f4
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_i386.deb
          Size/MD5 checksum:   564422 7294e7aa0e1b8fa193c94b6e79d3bd97
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_i386.deb
          Size/MD5 checksum:  7498442 72ccda66968a36b061102ce51b3de138
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_i386.deb
          Size/MD5 checksum:   182474 0d334a446ed7fb818efa775d26ea7b39
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_ia64.deb
          Size/MD5 checksum:    22314 c6a94673d1a9fdb2058f2daabb6ef74b
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_ia64.deb
          Size/MD5 checksum:    22662 bd42d329fd534a90aa54ee7f69327646
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_ia64.deb
          Size/MD5 checksum:    22326 44b05e0ceabca57fe28e86b7692d24d6
        http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_ia64.deb
          Size/MD5 checksum:    22318 3499e35ee07bf4812200749f500c403c
        http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_ia64.deb
          Size/MD5 checksum:   145566 3bd2be31de663e9b009c5fa456844f94
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_ia64.deb
          Size/MD5 checksum:   827382 c03f38661ebe484c62e9c2c2be73b910
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_ia64.deb
          Size/MD5 checksum: 10650962 f7f0419f04679af064f4499e004526ea
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_ia64.deb
          Size/MD5 checksum:   182436 c2d9705c6fb693a54b87ece73bedb730
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_mipsel.deb
          Size/MD5 checksum:    22312 2408dcdd9fbb4247321471500eca117c
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_mipsel.deb
          Size/MD5 checksum:    22668 da5af60038f53276c1a1db16361cdd90
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_mipsel.deb
          Size/MD5 checksum:    22328 7f0133c635a0b1f9f27cd38f53886445
        http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_mipsel.deb
          Size/MD5 checksum:    22320 f8d9469841c5fe001d26d01b94166dd9
        http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_mipsel.deb
          Size/MD5 checksum:   104368 b4866ccb13e11b65af2f795a05b69a94
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_mipsel.deb
          Size/MD5 checksum:   575806 74371e429bb4e941c3117c11d2da3447
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_mipsel.deb
          Size/MD5 checksum:  7405410 07748417c1a71e18fd4f416bd7c59949
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_mipsel.deb
          Size/MD5 checksum:   182460 468cd9061f8415eb77ac8947e9a11ca2
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_powerpc.deb
          Size/MD5 checksum:    22314 2045188f907677de2fcf14ae2688435d
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_powerpc.deb
          Size/MD5 checksum:    22662 cf6f844071ad33de443fc6365fe1232c
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_powerpc.deb
          Size/MD5 checksum:    22330 f39cfe62377ca76a88e87a69553abc55
        http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_powerpc.deb
          Size/MD5 checksum:    22326 a37b3dd57eb2e9e74eb61c6a144b6e5a
        http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_powerpc.deb
          Size/MD5 checksum:   104076 a9a6c65321f5740f63760317e7dadb4b
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_powerpc.deb
          Size/MD5 checksum:   583414 49a94fd6d485a61c58b6be46fe613c33
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_powerpc.deb
          Size/MD5 checksum:  8605194 8d297916d238772c0b79ce7ff0c1e38c
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_powerpc.deb
          Size/MD5 checksum:   182450 a20f14c6bb227540f1828fd02f827340
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_s390.deb
          Size/MD5 checksum:    22312 d4d41828d56d2a6563ed17e896ca09ca
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_s390.deb
          Size/MD5 checksum:    22660 0fe8af1049b85b980b2436bed0530b00
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_s390.deb
          Size/MD5 checksum:    22324 ff3f6acde579e5b41e30bdb0285b5d7f
        http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_s390.deb
          Size/MD5 checksum:    22318 b750e5398b7195c1936e04790afb233e
        http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_s390.deb
          Size/MD5 checksum:   115442 f77851ff30c8ee15ac0711642715a70e
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_s390.deb
          Size/MD5 checksum:   640876 1a61a997e7338c473ed24248d64596e9
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_s390.deb
          Size/MD5 checksum:  9756014 524ed85c3e592bb96b890e04a7ae4b63
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_s390.deb
          Size/MD5 checksum:   182438 e94c63acdd50a519300aa0b35de1f481
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_sparc.deb
          Size/MD5 checksum:    22316 6e87e6e8e1afd25d8ed63480e3033bde
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_sparc.deb
          Size/MD5 checksum:    22664 67f359dea9e6c98a4f9bb7be82292874
        http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_sparc.deb
          Size/MD5 checksum:    22328 d1221db97ad15efb41ff45bf1541da62
        http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_sparc.deb
          Size/MD5 checksum:    22322 8be8a6b89da015be0c5983d885573a71
        http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_sparc.deb
          Size/MD5 checksum:   103428 35e0fb499721e38b521db591e46a251d
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_sparc.deb
          Size/MD5 checksum:   586294 212e525a5cef93f8e9fb02fb1992910f
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_sparc.deb
          Size/MD5 checksum:  8686272 217f299ef88a1c4dbc27634f571cf032
        http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_sparc.deb
          Size/MD5 checksum:   182458 ffe8b09adaa92725920e1ff544a40010
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.