DSA 853-1: New ethereal packages fix several vulnerabilities
Posted on: 10/09/2005 07:32 AM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 853-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 9th, 2005 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : ethereal
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-2360 CAN-2005-2361 CAN-2005-2363 CAN-2005-2364 CAN-2005-2365 CAN-2005-2366 CAN-2005-2367

Several security problems have been discovered in ethereal, a commonly
used network traffic analyser. The Common Vulnerabilities and
Exposures project identifies the following problems:

CAN-2005-2360

Memory allocation errors in the LDAP dissector can cause a denial
of service.

CAN-2005-2361

Various errors in the AgentX, PER, DOCSIS, RADIUS, Telnet, IS-IS,
HTTP, DCERPC, DHCP and SCTP dissectors can cause a denial of
service.

CAN-2005-2363

Various errors in the SMPP, 802.3, H1 and DHCP dissectors can
cause a denial of service.

CAN-2005-2364

Null pointer dereferences in the WBXML and GIOP dissectors can
cause a denial of service.

CAN-2005-2365

A buffer overflow and null pointer dereferences in the SMB
dissector can cause a denial of service.

CAN-2005-2366

Wrong address calculation in the BER dissector can cause an
infinite loop or abortion.

CAN-2005-2367

Format string vulnerabilities in the several dissectors allow
remote attackers to write to arbitrary memory locations and thus
gain privileges.

For the old stable distribution (woody) these problems have been fixed in
version 0.9.4-1woody13.

For the stable distribution (sarge) these problems have been fixed in
version 0.10.10-2sarge3.

For the unstable distribution (sid) these problems have been fixed in
version 0.10.12-2.

We recommend that you upgrade your ethereal packages.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13.dsc
Size/MD5 checksum: 681 a14972c16fc38134c821341149b15a5a
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13.diff.gz
Size/MD5 checksum: 45597 19cab69d49a02ad1edb539b25ea68c75
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
Size/MD5 checksum: 3278908 42e999daa659820ee93aaaa39ea1e9ea

Alpha architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_alpha.deb
Size/MD5 checksum: 1941188 952157656d9161e6a28ece7c14a2c555
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_alpha.deb
Size/MD5 checksum: 334858 edcf3011bcb0e54ab74c84dfe19776d7
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_alpha.deb
Size/MD5 checksum: 223118 e2720177ee4f1211857676fc391d00d3
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_alpha.deb
Size/MD5 checksum: 1708360 ec7c1f48cdf360bf483d4eeb1860249b

ARM architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_arm.deb
Size/MD5 checksum: 1635932 8910e5fc6cbe7682af2075879b55a858
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_arm.deb
Size/MD5 checksum: 298468 9e40dcca2b8b00eba260fe94f79d4450
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_arm.deb
Size/MD5 checksum: 207002 c6d6f567c88253a8740dd99edc668130
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_arm.deb
Size/MD5 checksum: 1439858 c3bee95dedeca0840c8c7c8a05dbdd68

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_i386.deb
Size/MD5 checksum: 1513478 87d0692acb79e31d22fc75e793b6e297
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_i386.deb
Size/MD5 checksum: 287308 f8e2ad89ee905143f6b45c7e882473d3
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_i386.deb
Size/MD5 checksum: 198964 cc1ba32c0c8b55a82d6f70a2df30050f
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_i386.deb
Size/MD5 checksum: 1327044 c9085f4a0907ef25ab7bbbcacfdc4ef8

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_ia64.deb
Size/MD5 checksum: 2150448 f659c70de493fda86b516c26ccbdf4ff
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_ia64.deb
Size/MD5 checksum: 373822 432a623071185fa13dd7846938624660
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_ia64.deb
Size/MD5 checksum: 234624 b771c21771b097adb67bc873237240f4
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_ia64.deb
Size/MD5 checksum: 1861946 1af8550c20f578818fb914b4cdab373b

HP Precision architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_hppa.deb
Size/MD5 checksum: 1805114 03f0ee1f26bccd8bd06afcbd362e5a16
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_hppa.deb
Size/MD5 checksum: 323274 81a556881ec81a5454226e3792c9fd5e
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_hppa.deb
Size/MD5 checksum: 217650 c5d1f9b04ef88c445bf76ea7cb3d39ff
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_hppa.deb
Size/MD5 checksum: 1576474 7c9f0de387ed98b7f6ad193d1eebd65b

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_m68k.deb
Size/MD5 checksum: 1424958 29e4fb9bd982b34e3b817b720b504887
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_m68k.deb
Size/MD5 checksum: 283620 1eafdce67f2caf49eb38f91d8e890b07
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_m68k.deb
Size/MD5 checksum: 195920 5f31f70f910899e04060dbc51adca631
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_m68k.deb
Size/MD5 checksum: 1249154 0b22f6dd317393fffcedfc24fd0594fe

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_mips.deb
Size/MD5 checksum: 1617196 3167d42c291812f12c4a2d9d41ade0b8
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_mips.deb
Size/MD5 checksum: 306020 23dfd273a4f037d75fe13e6120483ca8
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_mips.deb
Size/MD5 checksum: 214566 c4a6a6fcababc389fc6e744b9cc6768d
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_mips.deb
Size/MD5 checksum: 1422232 320baf32c90be1bfcc244ac3b93be25f

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_mipsel.deb
Size/MD5 checksum: 1598562 4573d8fc4571fed4245acc95ee785872
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_mipsel.deb
Size/MD5 checksum: 305506 aac45f1ab9667ebca1d4402a20140cd4
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_mipsel.deb
Size/MD5 checksum: 214188 9ec3e426f078964f19b207f738a2890b
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_mipsel.deb
Size/MD5 checksum: 1406744 a48af1c598617dba5cca476b332a6065

PowerPC architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_powerpc.deb
Size/MD5 checksum: 1618594 53a5b20824374a7e5c79208bd296136b
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_powerpc.deb
Size/MD5 checksum: 302794 20245fb6bb9ea58ec72e02c6fe457bf7
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_powerpc.deb
Size/MD5 checksum: 209852 f2f9341ded7609237dc942d17b5795a4
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_powerpc.deb
Size/MD5 checksum: 1419820 31e423ce00a86c7fa42ac44dce2143c6

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_s390.deb
Size/MD5 checksum: 1574966 2483e8356413e3279a75da2529a55d9e
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_s390.deb
Size/MD5 checksum: 301568 27bce6f8ddcc5c1717d04ec8de2b8257
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_s390.deb
Size/MD5 checksum: 204900 1d92ae0a1c815fd2f1b592205a6be472
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_s390.deb
Size/MD5 checksum: 1387670 18f5e9b5e7aeb368bc0894f29ad0146d

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_sparc.deb
Size/MD5 checksum: 1583740 27c3837c712ec20801296c271f7f5574
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_sparc.deb
Size/MD5 checksum: 318820 f3a07ddbbd077b6d8de40b121f788fb9
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_sparc.deb
Size/MD5 checksum: 205662 9ec1889a5e3f10000ee8eabc9a93342b
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_sparc.deb
Size/MD5 checksum: 1389812 5a4bb26b67f1f8a9e5d1f00ef735d713


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3.dsc
Size/MD5 checksum: 855 2f3011894f29728f1b4b667418a83b20
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3.diff.gz
Size/MD5 checksum: 166589 208197070a9bffebf9ca3286ab606e7d
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
Size/MD5 checksum: 7411510 e6b74468412c17bb66cd459bfb61471c

Alpha architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_alpha.deb
Size/MD5 checksum: 541634 8467337e4b372914419c5f33c4486048
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_alpha.deb
Size/MD5 checksum: 5474828 5a5ccad452cd5f72005b64a663cbde45
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_alpha.deb
Size/MD5 checksum: 153736 2022700af3d2f20539be0b53dfd68b3b
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_alpha.deb
Size/MD5 checksum: 105004 c31e05995f3bf595479489326772b2d4

AMD64 architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_amd64.deb
Size/MD5 checksum: 485220 e01fe329d0fbc6c2edb85641d583c916
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_amd64.deb
Size/MD5 checksum: 5333782 b0edc8a4194bcf3e646f98d4e0accce4
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_amd64.deb
Size/MD5 checksum: 153730 28cb9daf3417180f398b46f9e766071c
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_amd64.deb
Size/MD5 checksum: 98284 d49a2f3c0d0c60cba44e14f661d24dd4

ARM architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_arm.deb
Size/MD5 checksum: 471584 e86b521d4c73ed25a363155a440ddf72
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_arm.deb
Size/MD5 checksum: 4686010 8e29ff9d0739550f709ed110e322758a
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_arm.deb
Size/MD5 checksum: 153750 352080c1f5ae27e3d9a6dfb0f2f3660f
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_arm.deb
Size/MD5 checksum: 94232 9586fda35f4aeb9f276e6c3ebbe30449

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_i386.deb
Size/MD5 checksum: 442330 cd7dd7e542d49f2637dc37471dabda3f
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_i386.deb
Size/MD5 checksum: 4491428 1b421b03dc36bcf24f8dcd6e8ba1d686
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_i386.deb
Size/MD5 checksum: 153566 0afa50ccbe9ead20dd61bf5942889b68
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_i386.deb
Size/MD5 checksum: 89728 d6be5e22faa8b2e2ff2ed5e6b217018d

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_ia64.deb
Size/MD5 checksum: 673324 f6cb0da9666864418db7ca2e19d30891
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_ia64.deb
Size/MD5 checksum: 6625798 22d82f26a4b9e3125f8fb7150f62c9d6
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_ia64.deb
Size/MD5 checksum: 153724 6f25d2e866cdc235adb8f76fbb0376b2
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_ia64.deb
Size/MD5 checksum: 127998 cc1fe884aae15e10fb2c258b9188e877

HP Precision architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_hppa.deb
Size/MD5 checksum: 488006 f2e4d90a29044fb5fd67e325719b1f15
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_hppa.deb
Size/MD5 checksum: 5786030 090527370ed04b383a29b326b23b9068
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_hppa.deb
Size/MD5 checksum: 153766 4ef286e994d17f1913bb38d075422173
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_hppa.deb
Size/MD5 checksum: 97288 cf6b5f91105e4bdab6b990d3351abf6d

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_m68k.deb
Size/MD5 checksum: 446618 bdd31e470380ee9678b87a8d9ff983a4
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_m68k.deb
Size/MD5 checksum: 5563736 6be9de1247286c7b153accfe834fe767
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_m68k.deb
Size/MD5 checksum: 153800 cd3dbb07333adf5c17772bb7236426b8
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_m68k.deb
Size/MD5 checksum: 89806 4182783993c017ae07bd86febba3856f

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_mips.deb
Size/MD5 checksum: 461298 b64d99e8fe40e18fa4b7060e23dc8cd5
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_mips.deb
Size/MD5 checksum: 4722614 d76d340ebc6c30f442a7bccfd59c2282
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_mips.deb
Size/MD5 checksum: 153730 99f3ae59636a44dd39085714415b07aa
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_mips.deb
Size/MD5 checksum: 93490 5b84b97cdca540b72f6c977867f948e4

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_mipsel.deb
Size/MD5 checksum: 456600 06eeea77def3c5c963321e9c172c1549
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_mipsel.deb
Size/MD5 checksum: 4458842 5b4bf525350a429124986d896e2c0577
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_mipsel.deb
Size/MD5 checksum: 153758 b7eb9c0e3fba302bfceb98fdebad2e69
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_mipsel.deb
Size/MD5 checksum: 93436 a71148d1be63d63bfbad7ddea8987170

PowerPC architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_powerpc.deb
Size/MD5 checksum: 454474 48e260c08135b4bfaf040332fa6165d6
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_powerpc.deb
Size/MD5 checksum: 5069306 cada16e51ac36beb419c5a9e5244fc77
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_powerpc.deb
Size/MD5 checksum: 153766 8ddad2121b0db827060d2886efecbf3d
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_powerpc.deb
Size/MD5 checksum: 93322 043923838d836bd067659bf7533bc157

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_s390.deb
Size/MD5 checksum: 478686 c9097866661b177049a51c22878497ad
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_s390.deb
Size/MD5 checksum: 5620462 e05dcbf9b772756cb6dcffa55ef3da3a
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_s390.deb
Size/MD5 checksum: 153734 e48d9671680e76186be783ee97228b2e
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_s390.deb
Size/MD5 checksum: 98812 eddb2492f9e0d9996920c7b81656e986

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_sparc.deb
Size/MD5 checksum: 463952 1ad7f54137bba08dc313ca4c967c0460
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_sparc.deb
Size/MD5 checksum: 5127628 771302e93a266684523a2ea4d01fa949
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_sparc.deb
Size/MD5 checksum: 153756 2ef798897bdea7c31ce6ef4c13b6cff3
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_sparc.deb
Size/MD5 checksum: 92690 27a7dbe545e8b3a4e6e749963f58ccb5


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDSQB2W5ql+IAeqTIRAn3qAJwI0wZZscRlRUBiNUd6LByRNmw8cACfRDYm
Xg9np2L5BHE3OgKFJctL4RE=
=u13C
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_853_1_new_ethereal_packages_fix_several_vulnerabilities.html)