Linux Security
Linux Security
Linux Security

Debian: Subject: [DSA 1322-1] New wireshark packages fix denial of service

Date 29 Jun 2007
Posted By LinuxSecurity Advisories
Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service. One security flaw was is Off-by-one overflows were discovered in the iSeries dissector.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1322-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.                         Moritz Muehlenhoff
June 27th, 2007               
- --------------------------------------------------------------------------

Package        : wireshark
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2007-3390 CVE-2007-3392 CVE-2007-3393

Several remote vulnerabilities have been discovered in the Wireshark
network traffic analyzer, which may lead to denial of service. The Common
Vulnerabilities and Exposures project identifies the following problems:


    Off-by-one overflows were discovered in the iSeries dissector.


    The MMS and SSL dissectors could be forced into an infinite loop.


    An off-by-one overflow was discovered in the DHCP/BOOTP dissector.

The oldstable distribution (sarge) is not affected by these problems.
(In Sarge Wireshark used to be called Ethereal).

For the stable distribution (etch) these problems have been fixed
in version 0.99.4-5.etch.0. Packages for the big endian MIPS architecture
are not yet available. They will be provided later.

For the unstable distribution (sid) these problems have been fixed in
version 0.99.6pre1-1.

We recommend that you upgrade your Wireshark packages.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

  Source archives:
      Size/MD5 checksum:     1066 18ea1bc407fe203089596126d9429c64
      Size/MD5 checksum:    40945 82b8a22a1cc100e5649f278cabbcce4f
      Size/MD5 checksum: 13306790 2556a31d0d770dd1990bd67b98bd2f9b

  Alpha architecture:
      Size/MD5 checksum:    21714 5515a1d74b23c4ed53dafe1b15709263
      Size/MD5 checksum:    21998 5d86aaf5e6ee3c8988ebaa9d07a2b05c
      Size/MD5 checksum:    21728 b58962a1f2f4797df61c9b465cb3e35c
      Size/MD5 checksum:    21722 5b4ee85d1b6f0b14f46604449af500dc
      Size/MD5 checksum:   117204 48df4ca3664055b38c4bfa5c8196dc5a
      Size/MD5 checksum:   674230 0ca5f13b6e7180c0b399a1ca1a3f9a7a
      Size/MD5 checksum:  9319268 fcf022b011151abcf1d7665c7b9a98a4
      Size/MD5 checksum:   181530 d4a0de99d59ecd1a3e818416d31a2d32

  AMD64 architecture:
      Size/MD5 checksum:    22304 0cb411bd110cb7be99f0b426e52b68da
      Size/MD5 checksum:    22658 f8f1820a2ef75ad8d693be9a235a16bf
      Size/MD5 checksum:    22320 f59c3f8f5fd407e89852b9fca9c46796
      Size/MD5 checksum:    22316 bb9fc8d3d87f2806cefb9b80e4586c1c
      Size/MD5 checksum:   111908 df3804d4217ae00add067fc51945c364
      Size/MD5 checksum:   618876 de929e23361608de180194014ba3dfb3
      Size/MD5 checksum:  9119392 d1b55c76cf166fdf7eb4879f86c44172
      Size/MD5 checksum:   182432 1de618e6d9329d8dccdcffeb05fe53f3

  ARM architecture:
      Size/MD5 checksum:    22316 0e5352966a09a5fa041022147f2a9b53
      Size/MD5 checksum:    22668 613c622873d343159cc9c0984aa325f3
      Size/MD5 checksum:    22332 9b73d9aaeaeb891ce7d659740c6ae9d7
      Size/MD5 checksum:    22320 c637dd98c27c170e187ef87ecb6dc7c5
      Size/MD5 checksum:   107000 e69e002af997a089144715e0e501f33a
      Size/MD5 checksum:   599904 5e8585ed879881538e4ea44f578ea9c6
      Size/MD5 checksum:  7736294 5f11a040dc06078a0843b78aa993580e
      Size/MD5 checksum:   182500 242a2963cc896d774292242258c18786

  HP Precision architecture:
      Size/MD5 checksum:    22316 4f295cee393b825ae73a60eb694da772
      Size/MD5 checksum:    22672 0d397721bcf28c7268e2d4736473e490
      Size/MD5 checksum:    22330 ee837e7dccc49230e2db2dfc1fa09d97
      Size/MD5 checksum:    22328 b274f47d80d637a96c3892939423ced7
      Size/MD5 checksum:   109664 1e8ffc76ca080b304b94c597e7ea7bed
      Size/MD5 checksum:   634466 f03c0ab3d06e70169200462a058f9bc4
      Size/MD5 checksum:  9855478 a381ffdb98d20bbfc4bdde48023ee99b
      Size/MD5 checksum:   182472 fcd914e3796cfedc18200b0cc889fd31

  Intel IA-32 architecture:
      Size/MD5 checksum:    22314 99055a9aaf39d425e31ccd68804dae8e
      Size/MD5 checksum:    22682 5979a9752e877a8755867454757c1fcd
      Size/MD5 checksum:    22330 9f49b78cf81fa447e8b9beff925beb51
      Size/MD5 checksum:    22324 204947893bde8c2b5a79855c29a622bb
      Size/MD5 checksum:   102014 73e0509bd61b62f01d3552f36c1f34f4
      Size/MD5 checksum:   564422 7294e7aa0e1b8fa193c94b6e79d3bd97
      Size/MD5 checksum:  7498442 72ccda66968a36b061102ce51b3de138
      Size/MD5 checksum:   182474 0d334a446ed7fb818efa775d26ea7b39

  Intel IA-64 architecture:
      Size/MD5 checksum:    22314 c6a94673d1a9fdb2058f2daabb6ef74b
      Size/MD5 checksum:    22662 bd42d329fd534a90aa54ee7f69327646
      Size/MD5 checksum:    22326 44b05e0ceabca57fe28e86b7692d24d6
      Size/MD5 checksum:    22318 3499e35ee07bf4812200749f500c403c
      Size/MD5 checksum:   145566 3bd2be31de663e9b009c5fa456844f94
      Size/MD5 checksum:   827382 c03f38661ebe484c62e9c2c2be73b910
      Size/MD5 checksum: 10650962 f7f0419f04679af064f4499e004526ea
      Size/MD5 checksum:   182436 c2d9705c6fb693a54b87ece73bedb730

  Little endian MIPS architecture:
      Size/MD5 checksum:    22312 2408dcdd9fbb4247321471500eca117c
      Size/MD5 checksum:    22668 da5af60038f53276c1a1db16361cdd90
      Size/MD5 checksum:    22328 7f0133c635a0b1f9f27cd38f53886445
      Size/MD5 checksum:    22320 f8d9469841c5fe001d26d01b94166dd9
      Size/MD5 checksum:   104368 b4866ccb13e11b65af2f795a05b69a94
      Size/MD5 checksum:   575806 74371e429bb4e941c3117c11d2da3447
      Size/MD5 checksum:  7405410 07748417c1a71e18fd4f416bd7c59949
      Size/MD5 checksum:   182460 468cd9061f8415eb77ac8947e9a11ca2

  PowerPC architecture:
      Size/MD5 checksum:    22314 2045188f907677de2fcf14ae2688435d
      Size/MD5 checksum:    22662 cf6f844071ad33de443fc6365fe1232c
      Size/MD5 checksum:    22330 f39cfe62377ca76a88e87a69553abc55
      Size/MD5 checksum:    22326 a37b3dd57eb2e9e74eb61c6a144b6e5a
      Size/MD5 checksum:   104076 a9a6c65321f5740f63760317e7dadb4b
      Size/MD5 checksum:   583414 49a94fd6d485a61c58b6be46fe613c33
      Size/MD5 checksum:  8605194 8d297916d238772c0b79ce7ff0c1e38c
      Size/MD5 checksum:   182450 a20f14c6bb227540f1828fd02f827340

  IBM S/390 architecture:
      Size/MD5 checksum:    22312 d4d41828d56d2a6563ed17e896ca09ca
      Size/MD5 checksum:    22660 0fe8af1049b85b980b2436bed0530b00
      Size/MD5 checksum:    22324 ff3f6acde579e5b41e30bdb0285b5d7f
      Size/MD5 checksum:    22318 b750e5398b7195c1936e04790afb233e
      Size/MD5 checksum:   115442 f77851ff30c8ee15ac0711642715a70e
      Size/MD5 checksum:   640876 1a61a997e7338c473ed24248d64596e9
      Size/MD5 checksum:  9756014 524ed85c3e592bb96b890e04a7ae4b63
      Size/MD5 checksum:   182438 e94c63acdd50a519300aa0b35de1f481

  Sun Sparc architecture:
      Size/MD5 checksum:    22316 6e87e6e8e1afd25d8ed63480e3033bde
      Size/MD5 checksum:    22664 67f359dea9e6c98a4f9bb7be82292874
      Size/MD5 checksum:    22328 d1221db97ad15efb41ff45bf1541da62
      Size/MD5 checksum:    22322 8be8a6b89da015be0c5983d885573a71
      Size/MD5 checksum:   103428 35e0fb499721e38b521db591e46a251d
      Size/MD5 checksum:   586294 212e525a5cef93f8e9fb02fb1992910f
      Size/MD5 checksum:  8686272 217f299ef88a1c4dbc27634f571cf032
      Size/MD5 checksum:   182458 ffe8b09adaa92725920e1ff544a40010

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"43","type":"x","order":"1","pct":84.31,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"4","type":"x","order":"2","pct":7.84,"resources":[]},{"id":"181","title":"Hardly ever","votes":"4","type":"x","order":"3","pct":7.84,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.