Timo Sirainen discovered several vulnerabilities in ethereal, a
network traffic analyzer. These include one-byte buffer overflows in
the AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB,
SMPP, and TSP dissectors, and integer overflows in the Mount and PPP
dissectors.
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 313-1 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
June 11th, 2003 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : ethereal
Vulnerability : buffer overflows, integer overflows
Problem-Type : remote
Debian-specific: no
CVE Ids : CAN-2003-0356 CAN-2003-0357
Timo Sirainen discovered several vulnerabilities in ethereal, a
network traffic analyzer. These include one-byte buffer overflows in
the AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB,
SMPP, and TSP dissectors, and integer overflows in the Mount and PPP
dissectors.
For the stable distribution (woody) these problems have been fixed in
version 0.9.4-1woody4.
The old stable distribution (potato) does not appear to contain these
vulnerabilities.
For the unstable distribution (sid) these problems are fixed in version
0.9.12-1.
We recommend that you update your ethereal package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4.dsc
Size/MD5 checksum: 679 a6456b3e20f44a3f53256bf722c010cd
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4.diff.gz
Size/MD5 checksum: 31800 160670a883256ee0d40066424ffc527a
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
Size/MD5 checksum: 3278908 42e999daa659820ee93aaaa39ea1e9ea
Alpha architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_alpha.deb
Size/MD5 checksum: 1939098 67c1fd2e2851976aef3db87a2d128484
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_alpha.deb
Size/MD5 checksum: 333810 c239ee7f87136dd0d7750996a702b387
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_alpha.deb
Size/MD5 checksum: 221594 9b6bad1bd7d23ec7c54c40ec336e5edd
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_alpha.deb
Size/MD5 checksum: 1706008 5ac67ca2d0530676c41563dae337a0e4
ARM architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_arm.deb
Size/MD5 checksum: 1633108 73c97178ef157e709fcc36753a1ea85c
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_arm.deb
Size/MD5 checksum: 296662 0a9bec8514d203e90c712b12ef19de25
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_arm.deb
Size/MD5 checksum: 205452 9641c7fa333a0ce2f33bf38a78640351
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_arm.deb
Size/MD5 checksum: 1437636 4286845b2a848f4d293c1be807d62446
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_i386.deb
Size/MD5 checksum: 1511802 4e554f6ef3da40ac3215099141e7c10b
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_i386.deb
Size/MD5 checksum: 285948 df25b50bfa385f84b091227df926bc0f
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_i386.deb
Size/MD5 checksum: 197860 6eb91acb63bd5e3938cdb186b507dd38
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_i386.deb
Size/MD5 checksum: 1324426 96887c970d1725be47988c498708762f
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_ia64.deb
Size/MD5 checksum: 2148676 f39ffacba60f1f2a132750d76cb972b7
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_ia64.deb
Size/MD5 checksum: 372650 866ee108f08e625d3981362726d9799a
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_ia64.deb
Size/MD5 checksum: 233180 e125fa9dc0e59d7d14d43505ffe05368
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_ia64.deb
Size/MD5 checksum: 1858536 904fce57cb39662e9560f0143d326bb8
HP Precision architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_hppa.deb
Size/MD5 checksum: 1802046 d5114f9632deea43ba5f99ff79a67db3
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_hppa.deb
Size/MD5 checksum: 321802 33656ff4dbd495d3c8f1dc9ed6c798ff
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_hppa.deb
Size/MD5 checksum: 216336 34bbb2832844a7bb83fcff37cae852c0
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_hppa.deb
Size/MD5 checksum: 1574474 da9563f1c19e93d7f68caf369540af35
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_m68k.deb
Size/MD5 checksum: 1422378 43efc6d431fc6d8c7587e18bd24fe8f2
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_m68k.deb
Size/MD5 checksum: 282076 2d3fc00fe2260fb85062c0d8697f5a31
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_m68k.deb
Size/MD5 checksum: 194600 ffe9f83876b5a9ac1c4527057e76f2a5
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_m68k.deb
Size/MD5 checksum: 1246858 b9e8b7a88e11032e86697ca1570322f4
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_mips.deb
Size/MD5 checksum: 1615618 6075fa7c13fa8ca8f3dc7258be8352d7
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_mips.deb
Size/MD5 checksum: 304780 9f9632fc4b81f7091a3d06821188f8d1
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_mips.deb
Size/MD5 checksum: 213104 f006c9731d11e3a04dbeca5c3590a15f
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_mips.deb
Size/MD5 checksum: 1420708 45f88bb1c3af5021ecc06cce889cc752
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_mipsel.deb
Size/MD5 checksum: 1596150 3448b7e38f8cb465b10e24aff4cf0194
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_mipsel.deb
Size/MD5 checksum: 304294 eb86e3592b8d655e6365e3633784eed1
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_mipsel.deb
Size/MD5 checksum: 212736 27602ffe5022eaa068cb72d2df940d13
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_mipsel.deb
Size/MD5 checksum: 1404954 3e5de4a79c1b139c3b2f0ae179469be7
PowerPC architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_powerpc.deb
Size/MD5 checksum: 1616730 f14611ce9d14d7dd4bdb68f944ff9d1b
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_powerpc.deb
Size/MD5 checksum: 301440 2c0628a56ff3695877daf9f31dffc1ee
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_powerpc.deb
Size/MD5 checksum: 208310 fce4f437ba8aaf2e258eaf322de1d070
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_powerpc.deb
Size/MD5 checksum: 1417094 0d39172de87a53c1f048113606acaa01
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_s390.deb
Size/MD5 checksum: 1573090 d6aa9760cfcf8e50085fbad1ac1c519a
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_s390.deb
Size/MD5 checksum: 300270 17aee5bcac8c012541f30dc6fb594563
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_s390.deb
Size/MD5 checksum: 203304 c6a7ea1eacb1d13748eaeeb54357b203
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_s390.deb
Size/MD5 checksum: 1385758 d529f4ca3dd4c9275947beb24b462057
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_sparc.deb
Size/MD5 checksum: 1580628 d29f917e447c05e878dc0d5133a6253e
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_sparc.deb
Size/MD5 checksum: 317574 64bff1a09c7120f16d1ace0857b285d7
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_sparc.deb
Size/MD5 checksum: 204094 1af2856d9cb07f3fb680a6891217b4b7
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_sparc.deb
Size/MD5 checksum: 1387272 1b9ce45f55bdbf9ce990a058b0318c12
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE+57olArxCt0PiXR4RApciAKCKYCIHXaMeXen3Aer2edrpxJHJXACgvDTr
o50U1eMRBRl7Nfw87WrAKIM=
=SAEp
-----END PGP SIGNATURE-----
|