DSA 1983-1: New Wireshark packages fix several vulnerabilities
Posted on: 01/31/2010 03:05 PM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1983-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
January 30, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : wireshark
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-4337 CVE-2010-0304

Several remote vulnerabilities have been discovered in the Wireshark
network traffic analyzer, which may lead to the execution of arbitrary
code or denial of service. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2009-4337

A NULL pointer dereference was found in the SMB/SMB2 dissectors.

CVE-2010-0304

Several buffer overflows were found in the LWRES dissector.

For the stable distribution (lenny), this problem has been fixed in
version 1.0.2-3+lenny8.

For the unstable distribution (sid) these problems have been fixed in
version 1.2.6-1.

We recommend that you upgrade your Wireshark packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8.dsc
Size/MD5 checksum: 1502 fdea428453f7a02c0bbac530ad464d20
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2.orig.tar.gz
Size/MD5 checksum: 16935492 1834437f7c6dbed02082e7757133047d
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8.diff.gz
Size/MD5 checksum: 113938 c4b445b78e497e030976e82cafd8c42d

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_alpha.deb
Size/MD5 checksum: 583714 668ac773a7ee3e1f55cf19a50633e204
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_alpha.deb
Size/MD5 checksum: 12095504 96324d6c5e22c927211e26d807525402
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_alpha.deb
Size/MD5 checksum: 731390 ab4c693296a8238efdaf03502e71cf8d
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_alpha.deb
Size/MD5 checksum: 126232 eff006c86f3cc66294d70013d7ceb66b

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_amd64.deb
Size/MD5 checksum: 659468 e5f67af41661dc409e5b52f37c6e3692
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_amd64.deb
Size/MD5 checksum: 568622 8740a23b5dd403fb9454eda39cd0a8a3
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_amd64.deb
Size/MD5 checksum: 11867392 f18229e426b81770a941a598e0ccca11
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_amd64.deb
Size/MD5 checksum: 119064 aeea3094ec89c51dede1d33b2d4ccd68

arm architecture (ARM)

http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_arm.deb
Size/MD5 checksum: 614174 1576c67c9ad3a82195918e81a6f4087d
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_arm.deb
Size/MD5 checksum: 584402 7de0a936b738a89ac0ac575bfecccc89
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_arm.deb
Size/MD5 checksum: 10214352 c06eea281c937286360517c7f7509009
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_arm.deb
Size/MD5 checksum: 111076 1b5a43f81289533f541e5cc847667fed

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_armel.deb
Size/MD5 checksum: 620254 64b1f4ed8d2eb9f0d241615b70e46f0f
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_armel.deb
Size/MD5 checksum: 583668 43394e55529540e4bc0d37981960211f
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_armel.deb
Size/MD5 checksum: 10218668 7f23f088bae091152e61bf141bfbcb0a
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_armel.deb
Size/MD5 checksum: 112870 1e1aa32700aae99fbec2d3c155ee864a

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_i386.deb
Size/MD5 checksum: 619466 c1a679a7e1d335e1e9feddf79836ed5c
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_i386.deb
Size/MD5 checksum: 111494 b2750543efb8f395b3dc521b88cc918a
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_i386.deb
Size/MD5 checksum: 10109718 29a40cbac678b483b9a4a66b9403ab88
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_i386.deb
Size/MD5 checksum: 583250 59d912e3eaf394133ac6e9998601669a

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_ia64.deb
Size/MD5 checksum: 153916 4fc862b2d124cc2dc2f0a66e9a3e93ad
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_ia64.deb
Size/MD5 checksum: 569752 4710ceb0c9d81385cb49436dadeae671
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_ia64.deb
Size/MD5 checksum: 13687480 ca6157b704e067ea2896a93a2585538c
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_ia64.deb
Size/MD5 checksum: 930070 2207486fde31fd5a0ab6802db52bd818

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_mips.deb
Size/MD5 checksum: 569824 97649ee57827bc0457d7d3109aad979f
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_mips.deb
Size/MD5 checksum: 10428362 aa2e57c26344871a7207a9b40a24e9b4
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_mips.deb
Size/MD5 checksum: 113232 631809792c778d8afd0cad51fbf795e1
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_mips.deb
Size/MD5 checksum: 636972 37a54296214e58bb2e79ec741d554e59

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_mipsel.deb
Size/MD5 checksum: 9729516 88aea35735f93ed40b78fb6eb034d306
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_mipsel.deb
Size/MD5 checksum: 569836 dcd46532b9af203d7e9ee791b52a25a0
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_mipsel.deb
Size/MD5 checksum: 113238 23907a5ef09f4869f82c7a8436d30301
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_mipsel.deb
Size/MD5 checksum: 627004 866ed04fef75ed90b746a67428304f55

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_powerpc.deb
Size/MD5 checksum: 122178 81d3c641d508b17f8fd8ce365e8c8085
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_powerpc.deb
Size/MD5 checksum: 11232680 30510f3f026ea8b39d789dd0da02bfd6
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_powerpc.deb
Size/MD5 checksum: 583938 a36bfd97b21516a0c848c229aeb5acb9
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_powerpc.deb
Size/MD5 checksum: 677326 040fc1728ce81c21889f7812c8b23117

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_s390.deb
Size/MD5 checksum: 12488346 6bc809171c6ac41dfe9d4303dbf6aeda
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_s390.deb
Size/MD5 checksum: 584720 c4eb7f1bbde19d287ceb4a4c48f01c32
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_s390.deb
Size/MD5 checksum: 122152 44fc5e4aa25b890f3981f618288e86d5
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_s390.deb
Size/MD5 checksum: 671070 682574782e0c22d437d30cb886a66007


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAktljEUACgkQXm3vHE4uylqeuACfRr5ve+kbB4kCR833PVIsrWI8
Ug4AoKXvKJ8ioZPViXgubYlTUPvyjTcm
=i8eH
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1983_1_new_wireshark_packages_fix_several_vulnerabilities.html)