Debian 9858 Published by

The following updates has been released for Debian:

[DLA 58-2] apt regression fix
[DSA 3049-1] wireshark security update



[DLA 58-2] apt regression fix

Package : apt
Version : 0.8.10.3+squeeze6
CVE ID : CVE-2014-6273

This update fixes a regression introduced in 0.8.10.3+squeeze5 where
apt would send invalid HTTP requests when sending If-Range queries.

Thanks to Steven McDonald who reported[1] the regression and to Michael
Vogt for having uploaded a fixed package.

[1] https://lists.debian.org/debian-lts/2014/10/msg00023.html
[2] https://tracker.debian.org/news/577677

[DSA 3049-1] wireshark security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3049-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
October 14, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : wireshark
CVE ID : CVE-2014-6422 CVE-2014-6423 CVE-2014-6424 CVE-2014-6427
CVE-2014-6428 CVE-2014-6429 CVE-2014-6430 CVE-2014-6431
CVE-2014-6432

Multiple vulnerabilities were discovered in the dissectors/parsers for
RTP, MEGACO, Netflow, RTSP, SES and Sniffer, which could result in denial
of service.

For the stable distribution (wheezy), these problems have been fixed in
version 1.8.2-5wheezy12.

For the testing distribution (jessie), these problems have been fixed in
version 1.12.1+g01b65bf-1.

For the unstable distribution (sid), these problems have been fixed in
version 1.12.1+g01b65bf-1.

We recommend that you upgrade your wireshark packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/