wireshark (0.99.4-6ubuntu0.1) feisty-security; urgency=low
* SECURITY UPDATE: wireshark has several vulnerabilities: (LP: #132915) + CVE-2007-3389: Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload. + CVE-2007-3390: Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain systems, allows remote attackers to cause a denial of service (crash) via crafted iSeries capture files that trigger a SIGTRAP. + CVE-2007-3392: Wireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop. + CVE-2007-3393: Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets. + CVE-2007-4721: Integer signedness error in the DNP3 dissector in Wireshark 0.99.5 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain DNP3 packet. * debian/patches/12_secu_0.99.6_r21034.dpatch: - applied patch from upstream (Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-http.c?view=log&pathrev=21034) * debian/patches/12_secu_0.99.6_r20990.dpatch: - applied patch from upstream (Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/wiretap/iseries.c?r1=19814&r2=20990&pathrev=20990) * debian/patches/12_secu_0.99.6_r21392.dpatch , 12_secu_0.99.6_r21665.dpatch: - applied patches from upstream (Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-ssl.c?r1=21650&r2=21665&pathrev=21665&view=patch) (Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-mms.c?r1=21088&r2=21392&pathrev=21392&view=patch) * debian/patches/12_secu_0.99.6_r21947.dpatch: - applied patch from upstream (Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-bootp.c?r1=21924&r2=21947&pathrev=21947&view=patch) * debian/patches/13_CVE-2007-4721.dpatch: - Applied patch according to the explanation on bugtraq. (Link: http://archives.neohapsis.com/archives/bugtraq/2007-09/0030.html) * References: CVE-2007-3389 http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1394 CVE-2007-3390 http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1415 CVE-2007-3392 http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1342 http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1582 CVE-2007-3393 http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1416 CVE-2007-4721 http://archives.neohapsis.com/archives/bugtraq/2007-09/0030.html
-- Stephan Hermann <email address hidden> Thu, 15 Nov 2007 20:45:17 +0100
wireshark (0.99.4-6ubuntu0.1) feisty-security; urgency=low
* SECURITY UPDATE: wireshark has several vulnerabilities: patches/ 12_secu_ 0.99.6_ r21034. dpatch: anonsvn. wireshark. org/viewvc/ viewvc. py/trunk/ epan/dissectors /packet- http.c? view=log& pathrev= 21034) patches/ 12_secu_ 0.99.6_ r20990. dpatch: anonsvn. wireshark. org/viewvc/ viewvc. py/trunk/ wiretap/ iseries. c?r1=19814& r2=20990& pathrev= 20990) patches/ 12_secu_ 0.99.6_ r21392. dpatch , secu_0. 99.6_r21665. dpatch: anonsvn. wireshark. org/viewvc/ viewvc. py/trunk/ epan/dissectors /packet- ssl.c?r1= 21650&r2= 21665&pathrev= 21665&view= patch) anonsvn. wireshark. org/viewvc/ viewvc. py/trunk/ epan/dissectors /packet- mms.c?r1= 21088&r2= 21392&pathrev= 21392&view= patch) patches/ 12_secu_ 0.99.6_ r21947. dpatch: anonsvn. wireshark. org/viewvc/ viewvc. py/trunk/ epan/dissectors /packet- bootp.c? r1=21924& r2=21947& pathrev= 21947&view= patch) patches/ 13_CVE- 2007-4721. dpatch: archives. neohapsis. com/archives/ bugtraq/ 2007-09/ 0030.html) bugs.wireshark. org/bugzilla/ show_bug. cgi?id= 1394 bugs.wireshark. org/bugzilla/ show_bug. cgi?id= 1415 bugs.wireshark. org/bugzilla/ show_bug. cgi?id= 1342 bugs.wireshark. org/bugzilla/ show_bug. cgi?id= 1582 bugs.wireshark. org/bugzilla/ show_bug. cgi?id= 1416 archives. neohapsis. com/archives/ bugtraq/ 2007-09/ 0030.html
(LP: #132915)
+ CVE-2007-3389: Wireshark before 0.99.6 allows remote attackers to cause
a denial of service (crash) via a crafted chunked encoding in an HTTP
response, possibly related to a zero-length payload.
+ CVE-2007-3390: Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running
on certain systems, allows remote attackers to cause a denial of service
(crash) via crafted iSeries capture files that trigger a SIGTRAP.
+ CVE-2007-3392: Wireshark before 0.99.6 allows remote attackers to cause
a denial of service via malformed (1) SSL or (2) MMS packets that trigger an
infinite loop.
+ CVE-2007-3393: Off-by-one error in the DHCP/BOOTP dissector in Wireshark
before 0.99.6 allows remote attackers to cause a denial of service (crash) via
crafted DHCP-over-DOCSIS packets.
+ CVE-2007-4721: Integer signedness error in the DNP3 dissector in
Wireshark 0.99.5 and earlier allows remote attackers to cause a denial of
service (infinite loop) via a certain DNP3 packet.
* debian/
- applied patch from upstream
(Link: http://
* debian/
- applied patch from upstream
(Link: http://
* debian/
12_
- applied patches from upstream
(Link: http://
(Link: http://
* debian/
- applied patch from upstream
(Link: http://
* debian/
- Applied patch according to the explanation on bugtraq.
(Link: http://
* References:
CVE-2007-3389
http://
CVE-2007-3390
http://
CVE-2007-3392
http://
http://
CVE-2007-3393
http://
CVE-2007-4721
http://
-- Stephan Hermann <email address hidden> Thu, 15 Nov 2007 20:45:17 +0100