[SECURITY] [DSA 1127-1] New ethereal packages fix several vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1127-1 security@xxxxxxxxxx
http://www.debian.org/security/ Moritz Muehlenhoff
July 28th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : ethereal
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-3628 CVE-2006-3629 CVE-2006-3630 CVE-2006-3631
CVE-2006-3632
Debian Bug : 373913 375694
Several remote vulnerabilities have been discovered in the Ethereal network
sniffer, which may lead to the execution of arbitrary code. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2006-3628
Ilja van Sprundel discovered that the FW-1 and MQ dissectors are
vulnerable to format string attacks.
CVE-2006-3629
Ilja van Sprundel discovered that the MOUNT dissector is vulnerable
to denial of service through memory exhaustion.
CVE-2006-3630
Ilja van Sprundel discovered off-by-one overflows in the NCP NMAS and
NDPS dissectors.
CVE-2006-3631
Ilja van Sprundel discovered a buffer overflow in the NFS dissector.
CVE-2006-3632
Ilja van Sprundel discovered that the SSH dissector is vulnerable
to denial of service through an infinite loop.
For the stable distribution (sarge) these problems have been fixed in
version 0.10.10-2sarge6.
For the unstable distribution (sid) these problems have been fixed in
version 0.99.2-1 of wireshark, the sniffer formerly known as ethereal.
We recommend that you upgrade your ethereal packages.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6.dsc
Size/MD5 checksum: 855 c707f586104e8686d9d2244ce2d7a506
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6.diff.gz
Size/MD5 checksum: 173252 9c9821b8ebead45753446356c22cb578
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
Size/MD5 checksum: 7411510 e6b74468412c17bb66cd459bfb61471c
Alpha architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_alpha.deb
Size/MD5 checksum: 542792 15de1eb27365d6cae79d8d702e090f13
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_alpha.deb
Size/MD5 checksum: 5475590 bef681e66102e67d36b7e6a42c2c2c3f
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_alpha.deb
Size/MD5 checksum: 154412 847bd247de53a90c7280043bedac7d93
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_alpha.deb
Size/MD5 checksum: 106004 bee2da8a58d6e84c05b6a80537183694
AMD64 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_amd64.deb
Size/MD5 checksum: 486278 e6239c6efadea1399ad1fcab5a0da5f3
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_amd64.deb
Size/MD5 checksum: 5333976 61bcb38c72686eeb7e8587179ab7594f
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_amd64.deb
Size/MD5 checksum: 154406 a13fdfd340be02a602f6fc576f166005
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_amd64.deb
Size/MD5 checksum: 99298 7dd892a57430d66f7c97088b8c1eb187
ARM architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_arm.deb
Size/MD5 checksum: 472738 a10f7886e67d41949ec8488715276ca7
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_arm.deb
Size/MD5 checksum: 4687198 d18c46329bf526579e7c1af409323610
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_arm.deb
Size/MD5 checksum: 154434 5c23b40f20e4079a6c58c697914b54ef
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_arm.deb
Size/MD5 checksum: 95276 a56fa4124bd4193ec75bdedeaefcb47b
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_i386.deb
Size/MD5 checksum: 443394 e72fd2ff7eec3cbd08fc07ed9458aada
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_i386.deb
Size/MD5 checksum: 4495996 9e1aebd1a408bf7472608917660ce9aa
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_i386.deb
Size/MD5 checksum: 154398 d84eaeb2fae751e3b36046e87c1981e1
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_i386.deb
Size/MD5 checksum: 90684 c699e114b221acd10350cf8b51c608b9
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_ia64.deb
Size/MD5 checksum: 674208 354b3cc9866e6fefe48b38925a48ae32
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_ia64.deb
Size/MD5 checksum: 6628612 e72ee2bfd8b6997a121c8a95b6742e4f
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_ia64.deb
Size/MD5 checksum: 154382 da6b4cf3246a63b4b8b94bc0db6d3dac
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_ia64.deb
Size/MD5 checksum: 128860 370f38c0c53088195b7418d3af996d35
HP Precision architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_hppa.deb
Size/MD5 checksum: 489076 bf76e69441ef032d5d8ad8420b5b25b8
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_hppa.deb
Size/MD5 checksum: 5786654 7e88aabad273d3dd0e239f78ecc35491
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_hppa.deb
Size/MD5 checksum: 154442 325e842eae1b96b8a33ec8ae025739e2
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_hppa.deb
Size/MD5 checksum: 98192 7400d5ce588c3899f6e2b43f945bde6e
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_m68k.deb
Size/MD5 checksum: 447546 489e9c8ae8069112a937c8a26d297709
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_m68k.deb
Size/MD5 checksum: 5564820 636aff3dca750cb3ac139c21404c49a1
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_m68k.deb
Size/MD5 checksum: 154472 776225c24043d3056c5b45914f24450a
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_m68k.deb
Size/MD5 checksum: 90680 98475c71576aaee068be4ff5353050fe
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_mips.deb
Size/MD5 checksum: 462502 716d233fbf38161464290950590a071f
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_mips.deb
Size/MD5 checksum: 4723270 60f129963a2ce9ffbd599b60cfba11cd
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_mips.deb
Size/MD5 checksum: 154406 386b68e0403f729687d82786afb0241d
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_mips.deb
Size/MD5 checksum: 94498 af2ed192e6d4690d263f01127a8edfee
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_mipsel.deb
Size/MD5 checksum: 457750 ef72d36a3f9fa3945a98c14abc62e2ce
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_mipsel.deb
Size/MD5 checksum: 4459970 36bf7f5d57e23e14d1ade0bf9f9d49b0
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_mipsel.deb
Size/MD5 checksum: 154416 5d36a2d02f29374ef45bcdb1597423c5
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_mipsel.deb
Size/MD5 checksum: 94410 c585ae00dadccef338c292c1a2c268f9
PowerPC architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_powerpc.deb
Size/MD5 checksum: 455484 893d1f6bbc3097840ba7e53cc542bbee
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_powerpc.deb
Size/MD5 checksum: 5067540 e17cde3f8ff57a31a12270cb5d701257
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_powerpc.deb
Size/MD5 checksum: 154414 7b51770205dc37fc2fde1fd9ca344dda
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_powerpc.deb
Size/MD5 checksum: 94112 7a49b609694e1eea450e621da3b2bc1f
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_s390.deb
Size/MD5 checksum: 479470 528b47d9a5c453856edd9b6df28ebae7
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_s390.deb
Size/MD5 checksum: 5620570 874edf4f0f86ab3aee3f48a55f95f0d0
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_s390.deb
Size/MD5 checksum: 154400 86f2d581fa46af34788e0629c6e62ec5
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_s390.deb
Size/MD5 checksum: 99696 1b622377fb056fe37b8104d295e56d28
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_sparc.deb
Size/MD5 checksum: 465138 ad9fd25554415ff19dba6b89b5d48513
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_sparc.deb
Size/MD5 checksum: 5129848 f1a7015616428128a1c65394226a87fe
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_sparc.deb
Size/MD5 checksum: 154424 ff78808097ae2bc2b4ed753f1b76f1b9
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_sparc.deb
Size/MD5 checksum: 93600 a97f833739a88b5484b59989be966d0d
These files will probably be moved into the stable distribution on
its next update.
-
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEyaMXXm3vHE4uyloRAvMLAKCmEhnqBdURa2zVfJoWKPWjj/wIJwCdFE3B
2nDYi9cpb0AmiNjuFJjUcLs=
=hiNY
-----END PGP SIGNATURE-----