-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 407-1 security@debian.org http://www.debian.org/security/ Martin Schulze January 5th, 2004 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : ethereal Vulnerability : buffer overflows Problem-Type : remote Debian-specific: no CVE IDs : CAN-2003-0925 CAN-2003-0926 CAN-2003-0927 CAN-2003-1012 CAN-2003-1013 Several vulnerabilities were discovered upstream in ethereal, a network traffic analyzer. The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2003-0925 A buffer overflow allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string. CAN-2003-0926 Via certain malformed ISAKMP or MEGACO packets remote attackers are able to cause a denial of service (crash). CAN-2003-0927 A heap-based buffer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SOCKS dissector. CAN-2003-1012 The SMB dissector allows remote attackers to cause a denial of service via a malformed SMB packet that triggers a segmentation fault during processing of selected packets. CAN-2003-1013 The Q.931 dissector allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference. For the stable distribution (woody) this problem has been fixed in version 0.9.4-1woody6. For the unstable distribution (sid) this problem has been fixed in version 0.10.0-1. We recommend that you upgrade your ethereal and tethereal packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6.dsc Size/MD5 checksum: 679 6c3d2beab693578b827bc0c2ecc13eb2 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6.diff.gz Size/MD5 checksum: 37597 7456c1b4708a869295bb71480300370d http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz Size/MD5 checksum: 3278908 42e999daa659820ee93aaaa39ea1e9ea Alpha architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_alpha.deb Size/MD5 checksum: 1940256 e8a45a24a24a145f2870d65b26fdda20 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_alpha.deb Size/MD5 checksum: 334238 0035322af1972fa6c1547e881b5b27fa http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_alpha.deb Size/MD5 checksum: 222006 da4e9538a37ac5dd740010b828afed8b http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_alpha.deb Size/MD5 checksum: 1706878 3c2e6c03f6383f3ae8d599a01853c344 ARM architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_arm.deb Size/MD5 checksum: 1634664 f5f5d2aeba5fa26ac8d6b722f4d52b39 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_arm.deb Size/MD5 checksum: 297294 267317a8d6f43f009673f3e9864e0308 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_arm.deb Size/MD5 checksum: 205964 fe0528d0ee4b0922d1a449f9c12c0b81 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_arm.deb Size/MD5 checksum: 1439166 390f1e6d9173454162195c47a10c6a0e Intel IA-32 architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_i386.deb Size/MD5 checksum: 1512408 b9efde468cca1ddd6b731a3b343bd51d http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_i386.deb Size/MD5 checksum: 286370 c618774e3718d11d94347b0d66f72af4 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_i386.deb Size/MD5 checksum: 198298 a7c01d2560880e783e899cd623a27e7a http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_i386.deb Size/MD5 checksum: 1325838 a7706f7f82b44a30d4a99b299c58b4ca Intel IA-64 architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_ia64.deb Size/MD5 checksum: 2150174 e2aba915304534ac4fbb060a2552d9c6 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_ia64.deb Size/MD5 checksum: 373042 f06169aeefd918e4e5b809393edb8dc2 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_ia64.deb Size/MD5 checksum: 233630 e7f788d020319a8147beb4172cdc736f http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_ia64.deb Size/MD5 checksum: 1860802 6c8ef685b4e61f34a0146eb6fc666fdb HP Precision architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_hppa.deb Size/MD5 checksum: 1803668 213d7f4221de714ee5c4ef938d0bae54 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_hppa.deb Size/MD5 checksum: 322334 b6ebeeb39d2d57c0ed664f65389e55a2 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_hppa.deb Size/MD5 checksum: 216804 fd2e27b35aedd419a12db17bee96c596 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_hppa.deb Size/MD5 checksum: 1575270 f3ed65cc62fb1155e8e38a25320d0614 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_m68k.deb Size/MD5 checksum: 1424112 69cccce7cf5ead38369e6d508031d821 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_m68k.deb Size/MD5 checksum: 282604 e5c3264948cd2cad0c159893173f0748 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_m68k.deb Size/MD5 checksum: 195028 647f483dbf79dc47a95d48d105d6a7c4 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_m68k.deb Size/MD5 checksum: 1248072 8085433927ed54f1c1c8196d7c835709 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_mips.deb Size/MD5 checksum: 1616398 9a41bb228b9b33894825d6cfd2bba741 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_mips.deb Size/MD5 checksum: 305168 b4a94497386ab45e0494c7980def8e3e http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_mips.deb Size/MD5 checksum: 213590 20a3ad3d4b5126890aa23179c1730f1a http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_mips.deb Size/MD5 checksum: 1421550 ad0decba7ea5907e6a3149cacbc178f8 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_mipsel.deb Size/MD5 checksum: 1596866 0321997c79a03298c65548bb5687e87d http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_mipsel.deb Size/MD5 checksum: 304676 9a3fad3fe8394ae63f79d09580b41b39 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_mipsel.deb Size/MD5 checksum: 213222 28bfeefdf54278545c2c132fe381dc12 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_mipsel.deb Size/MD5 checksum: 1405698 182282caefb7aaf8025559894d7b9801 PowerPC architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_powerpc.deb Size/MD5 checksum: 1617784 38000a653b7da7552904e66b8c736ecc http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_powerpc.deb Size/MD5 checksum: 301846 70dede9038a6098642119765c87f6f80 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_powerpc.deb Size/MD5 checksum: 208786 d69f6942493800fd491e90605d0be931 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_powerpc.deb Size/MD5 checksum: 1418638 9394c10dff060a961329382c7a3433ad IBM S/390 architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_s390.deb Size/MD5 checksum: 1574214 a21cbd59b1d36e14da777da012768f21 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_s390.deb Size/MD5 checksum: 300674 49a6af1c59fe07065267ebc5deecc8b8 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_s390.deb Size/MD5 checksum: 203854 077f9492da7509958c890e598edadf14 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_s390.deb Size/MD5 checksum: 1386518 d99962a50a8fafc9c509a67adb3399be Sun Sparc architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_sparc.deb Size/MD5 checksum: 1582634 d0a792b3c2428ac28476799e888cef98 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_sparc.deb Size/MD5 checksum: 317982 936008ca75fecdec66519475f8466525 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_sparc.deb Size/MD5 checksum: 204626 2633099c059446cff5d41703718fb7bf http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_sparc.deb Size/MD5 checksum: 1388944 ede08f8bc62f1a5141a0bb2ed2ceea1d These files will probably be moved into the stable distribution on its next revision. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/+TD0W5ql+IAeqTIRAqbDAJ94AyY1dCtH0gsTSd+lPuuNsgsYnACdGQXl ukugrDm00ja/05LtjROk2ys= =4uYr -----END PGP SIGNATURE-----
