From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1942-1
[email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 29, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : wireshark
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-1268 CVE-2008-1829 CVE-2009-2560 CVE-2009-2562 CVE-2009-3241 CVE-2009-3550 CVE-2009-3829
Several remote vulnerabilities have been discovered in the Wireshark
network traffic analyzer, which may lead to the execution of arbitrary
code or denial of service. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2009-2560
A NULL pointer dereference was found in the RADIUS dissector.
CVE-2009-3550
A NULL pointer dereference was found in the DCERP/NT dissector.
CVE-2009-3829
An integer overflow was discovered in the ERF parser.
This update also includes fixes for three minor issues, which were
scheduled for the next stable point update. (CVE-2008-1829,
CVE-2009-2562, CVE-2009-3241). Also CVE-2009-1268 was fixed for Etch.
Since this security update was issued prior to the release of the
point update, the fixes were included.
For the old stable distribution (etch), this problem has been fixed in
version 0.99.4-5.etch.4.
For the stable distribution (lenny), this problem has been fixed in
version 1.0.2-3+lenny7.
For the unstable distribution (sid) these problems have been fixed in
version 1.2.3-1.
We recommend that you upgrade your Wireshark packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4.orig.tar.gz
Size/MD5 checksum: 13306790 2556a31d0d770dd1990bd67b98bd2f9b
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4.dsc
Size/MD5 checksum: 1075 2ff729c1b7aae033dd3e79fb29a63d68
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4.diff.gz
Size/MD5 checksum: 55126 25d98bc41c567ebc537f05ce2b36aa31
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.4_alpha.deb
Size/MD5 checksum: 22916 9264867811ed85406dc802359dffe812
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.4_alpha.deb
Size/MD5 checksum: 182750 844f036a9ea0914ad12d4c98ed12b3ed
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.4_alpha.deb
Size/MD5 checksum: 22552 6c949e6c7a92734b9887096ff78bed52
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.4_alpha.deb
Size/MD5 checksum: 117444 643a41c38a8438d451cb1c38148f7ebb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.4_alpha.deb
Size/MD5 checksum: 9320680 b3421e4559d56c59818f449f050e81eb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4_alpha.deb
Size/MD5 checksum: 673918 f958912a6d20834c00cb11ae11fc7e61
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.4_alpha.deb
Size/MD5 checksum: 22572 cfc4c2a166b66d11323ba7005a9ec458
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.4_alpha.deb
Size/MD5 checksum: 22564 9068787bffebdbaddd82dc9f1a351a11
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4_amd64.deb
Size/MD5 checksum: 619974 36ff84eb0469a0fc58fa4d74a4dc2d94
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.4_amd64.deb
Size/MD5 checksum: 112510 210d916bf2fd3e62ee786038d0baf8e0
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.4_amd64.deb
Size/MD5 checksum: 9120186 27328e93c02088bf3651ff91478ffdb0
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.4_amd64.deb
Size/MD5 checksum: 22596 bb66aced30828d44a7391d34a79c47de
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.4_amd64.deb
Size/MD5 checksum: 22972 80ee26e1a6c2bdaa6b59c6fc7f523788
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.4_amd64.deb
Size/MD5 checksum: 22580 24fbe526a3b1f89270ac7487dd1a2449
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.4_amd64.deb
Size/MD5 checksum: 22588 cc4698a2e130908886800a44fee7a430
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.4_amd64.deb
Size/MD5 checksum: 181778 aeb3324cb404333d00d073ae5626c85b
arm architecture (ARM)
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.4_arm.deb
Size/MD5 checksum: 21906 63ad883dd41145fbe730954c9e853388
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.4_arm.deb
Size/MD5 checksum: 21894 4b84544460f1fb35ea30b6a14c669ef4
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.4_arm.deb
Size/MD5 checksum: 182202 6fb71186a9da6540c1d85630ab24cd1c
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.4_arm.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)