From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1673-1
[email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 29, 2008
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : wireshark
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2008-3137 CVE-2008-3138 CVE-2008-3141 CVE-2008-3145 CVE-2008-3933 CVE-2008-4683 CVE-2008-4684 CVE-2008-4685
Several remote vulnerabilities have been discovered network traffic
analyzer Wireshark. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2008-3137
The GSM SMS dissector is vulnerable to denial of service.
CVE-2008-3138
The PANA and KISMET dissectors are vulnerable to denial of service.
CVE-2008-3141
The RMI dissector could disclose system memory.
CVE-2008-3145
The packet reassembling module is vulnerable to denial of service.
CVE-2008-3933
The zlib uncompression module is vulnerable to denial of service.
CVE-2008-4683
The Bluetooth ACL dissector is vulnerable to denial of service.
CVE-2008-4684
The PRP and MATE dissectors are vulnerable to denial of service.
CVE-2008-4685
The Q931 dissector is vulnerable to denial of service.
For the stable distribution (etch), these problems have been fixed in
version 0.99.4-5.etch.3.
For the upcoming stable distribution (lenny), these problems have been
fixed in version 1.0.2-3+lenny2.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your wireshark packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4.orig.tar.gz
Size/MD5 checksum: 13306790 2556a31d0d770dd1990bd67b98bd2f9b
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3.dsc
Size/MD5 checksum: 1066 ece7cc5dd8e70c0b5c13bfbf6e8c6eee
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3.diff.gz
Size/MD5 checksum: 48388 2918d72a79fafde4759afe72db727d6f
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_alpha.deb
Size/MD5 checksum: 22872 2ac3fe313364295340483294f1e9fb91
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_alpha.deb
Size/MD5 checksum: 22504 e67991e3aa09ce8bd8a44833fe7e3883
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_alpha.deb
Size/MD5 checksum: 9318436 d88e91f579849725048a4f5d9155871d
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_alpha.deb
Size/MD5 checksum: 181432 bd619bdb6fdc69e10dd31241268fac22
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_alpha.deb
Size/MD5 checksum: 22498 b6e13d7c505bceb09cd278c5f07c7c40
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_alpha.deb
Size/MD5 checksum: 674820 b6a532ff5292b77773e1aa4cfc2fd577
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_alpha.deb
Size/MD5 checksum: 22510 eafc125f4a6f9084880fdd2a557b9814
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_alpha.deb
Size/MD5 checksum: 117502 d829953f80e3402ea53f96b5a60010a4
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_amd64.deb
Size/MD5 checksum: 181784 be30e7ac952ecec26ed7cf9d73cf07ca
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_amd64.deb
Size/MD5 checksum: 619708 b97e43ebf7fb339df7210c0fed2de92b
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_amd64.deb
Size/MD5 checksum: 22502 24d2101cd90f05f7206ed1b222cf2655
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_amd64.deb
Size/MD5 checksum: 9119506 67bc221048a9a1909e0780547e267956
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_amd64.deb
Size/MD5 checksum: 112146 24dad3e9789181bc32c555174ebc6331
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_amd64.deb
Size/MD5 checksum: 22516 fd918d886d3f43e85efc336267f8d3b1
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_amd64.deb
Size/MD5 checksum: 22504 e427825910c10ca825d6263d72f3231d
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_amd64.deb
Size/MD5 checksum: 22862 8b219977905e0ca92c11669b819a4d62
arm architecture (ARM)
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_arm.deb
Size/MD5 checksum: 7739012 2393f419581304f9d1bc96b2e80a87b9
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_arm.deb
Size/MD5 checksum: 22520 91159635ccf35f1d0fc51d80eb5af43d
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_arm.deb
Size/MD5 checksum: 600564 6c9dc2dfc018156969644378f856521a
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_arm.deb
Size/MD5 checksum: 22870 64f1146af6c9759d7fce864dc5f0d7d3
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)