Format: 1.7 Date: Thu, 29 Nov 2007 13:58:59 +0100 Source: wireshark Binary: ethereal ethereal-common ethereal-dev tethereal tshark wireshark wireshark-common wireshark-dev Architecture: amd64 i386 ia64 lpia powerpc source sparc Version: 0.99.6rel-3ubuntu0.1 Distribution: gutsy-security Urgency: low Maintainer: Ubuntu MOTU Developers Changed-By: Stephan Hermann Description: ethereal - dummy upgrade package for ethereal -> wireshark ethereal-common - dummy upgrade package for ethereal -> wireshark ethereal-dev - dummy upgrade package for ethereal -> wireshark tethereal - dummy upgrade package for ethereal -> wireshark tshark - network traffic analyzer (console) wireshark - network traffic analyzer wireshark-common - network traffic analyser (common files) wireshark-dev - network traffic analyser (development tools) Changes: wireshark (0.99.6rel-3ubuntu0.1) gutsy-security; urgency=low . * SECURITY UPDATE: (LP: #164501) + CVE-2007-6121: Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet. + CVE-2007-6120: The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. + CVE-2007-6117: Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6 has unknown impact and remote attack vectors related to chunked messages. + CVE-2007-6114: Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser. + CVE-2007-6113: Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP packet. + CVE-2007-6119: The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. + CVE-2007-6118: The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. + CVE-2007-6116: The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors. + CVE-2007-6115: Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors. + CVE-2007-6112: Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. + CVE-2007-6111: Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector. * debian/patches/13_CVE-2007-6121.dpatch: - Applied patch by upstream - Link: http://bugs.wireshark.org/bugzilla/attachment.cgi?id=1132 * debian/patches/13_CVE-2007-6120.dpatch: - Applied patch by upstream - Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-btsdp.c?r1=21431&r2=23496&view=patch * debian/patches/13_CVE-2007-6117.dpatch: - Applied patch by upstream - Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-http.c?r1=22515&r2=23415&view=patch * debian/patches/13_CVE-2007-6114.dpatch: - Applied patch by upstream - Link 1: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-ssl-utils.h?r1=21445&r2=22883&view=patch - Link 2: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-ssl.c?r1=22625&r2=22883&view=patch - Link 3: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/wiretap/iseries.c?r1=23000&r2=23232&view=patch * debian/patches/13_CVE-2007-6113.dpatch: - Applied patch by upstream - Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-dnp.c?r1=22764&r2=22811&view=patch * debian/patches/13_CVE-2007-6119.dpatch: - Applied patch by upstream - Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-dcp-etsi.c?r1=22542&r2=23463&view=patch * debian/patches/13_CVE-2007-6118.dpatch: - Applied patch by upstream - Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-megaco.c?r1=23150&r2=23449&view=patch * debian/patches/13_CVE-2007-6116.dpatch: - Applied patch by upstream - Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-gdsdb.c?r1=23211&r2=23251&view=patch * debian/patches/13_CVE-2007-6115.dpatch: - Applied patch by upstream - Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-ansi_map.c?r1=22866&r2=22892&view=patch * debian/patches/13_CVE-2007-6112.dpatch: - Applied patch by upstream - Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-ppp.c?r1=23252&r2=23475&view=patch * debian/patches/13_CVE-2007-6111.dpatch: - Applied patch by upstream - Link 1: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/wiretap/mpeg.c?r1=21489&r2=22261 - Link 2: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-ncp.c?r1=21167&r2=23252&view=patch * debian/control: - Updated Maintainer field following Ubuntu Maintainer Policy * References: CVE-2007-6121 CVE-2007-6120 CVE-2007-6117 CVE-2007-6114 CVE-2007-6113 CVE-2007-6119 CVE-2007-6118 CVE-2007-6116 CVE-2007-6115 CVE-2007-6112 CVE-2007-6111 http://www.wireshark.org/security/wnpa-sec-2007-03.html Files: f4fc0047de4bacf5af86acfa41b848b2 10159794 net optional wireshark-common_0.99.6rel-3ubuntu0.1_amd64.deb 3efc34f4c992267e938671dcdb06257f 623824 net optional wireshark_0.99.6rel-3ubuntu0.1_amd64.deb 09ef4b0d8a44b411ed6d7ef19238332a 118262 net optional tshark_0.99.6rel-3ubuntu0.1_amd64.deb ba07179aa6d0adcc99bfc803d5fecae3 554214 devel optional wireshark-dev_0.99.6rel-3ubuntu0.1_amd64.deb 79f049c8f5735bf0498e742ee2dc14e8 24220 net optional ethereal-common_0.99.6rel-3ubuntu0.1_amd64.deb 3f928d59ec10ba153b84893d2f57a888 23832 devel optional ethereal-dev_0.99.6rel-3ubuntu0.1_amd64.deb 3c1a1943588b08bd2ec91a7f1102ecc4 23812 net optional ethereal_0.99.6rel-3ubuntu0.1_amd64.deb 114ce7a82f82b3464bef9b329f045324 23826 net optional tethereal_0.99.6rel-3ubuntu0.1_amd64.deb bf8c7b8f6ebd18be19a3ec2ef5a15bb7 8645346 net optional wireshark-common_0.99.6rel-3ubuntu0.1_i386.deb 5f1fb6c24e026d44f593b6b29bd77a2f 589560 net optional wireshark_0.99.6rel-3ubuntu0.1_i386.deb 25e4c501b7452020dd663ba89a2d578c 110770 net optional tshark_0.99.6rel-3ubuntu0.1_i386.deb 83705014e60e6cc12537466d8306c417 554210 devel optional wireshark-dev_0.99.6rel-3ubuntu0.1_i386.deb 35f46990d26a77335a6094525f18336f 24222 net optional ethereal-common_0.99.6rel-3ubuntu0.1_i386.deb 6bc64faf32026a19c583ce4be5cf4295 23842 devel optional ethereal-dev_0.99.6rel-3ubuntu0.1_i386.deb 2617c333e22141212e02934c0b2b3622 23820 net optional ethereal_0.99.6rel-3ubuntu0.1_i386.deb 8799e0b9609526e912361ef857acd563 23830 net optional tethereal_0.99.6rel-3ubuntu0.1_i386.deb fdc6c2c4766f93fdf5a92427a649c173 11839088 net optional wireshark-common_0.99.6rel-3ubuntu0.1_ia64.deb b2d8e7a1486e8d901aa4d323a244c9e6 888096 net optional wireshark_0.99.6rel-3ubuntu0.1_ia64.deb cfb99a63c3c706d5b649ec9d9b9e2a8f 154306 net optional tshark_0.99.6rel-3ubuntu0.1_ia64.deb 57889b048e4a0d70dd757e5b57248f3f 554206 devel optional wireshark-dev_0.99.6rel-3ubuntu0.1_ia64.deb e0b86e4b8340683cdea4a2b20c74753b 24220 net optional ethereal-common_0.99.6rel-3ubuntu0.1_ia64.deb dcd445cfa4761d2f5d08a663489446ef 23834 devel optional ethereal-dev_0.99.6rel-3ubuntu0.1_ia64.deb 65c195b0a5f8fa1ab9e100ff3ce045e6 23816 net optional ethereal_0.99.6rel-3ubuntu0.1_ia64.deb 24820047a22006c10ba883764d8454de 23828 net optional tethereal_0.99.6rel-3ubuntu0.1_ia64.deb f3fd35228b027bc9e99f0fe8aaeb53f1 8520790 net optional wireshark-common_0.99.6rel-3ubuntu0.1_lpia.deb 23ad765500ecb80eceddbe5c48e81732 596228 net optional wireshark_0.99.6rel-3ubuntu0.1_lpia.deb 3d320e3682982e74d3e75b2c963a332d 111470 net optional tshark_0.99.6rel-3ubuntu0.1_lpia.deb 489ba8c3e84a52e722844971e5a027a5 554206 devel optional wireshark-dev_0.99.6rel-3ubuntu0.1_lpia.deb 5e2abadba3a317f329b521420a58d1f1 24216 net optional ethereal-common_0.99.6rel-3ubuntu0.1_lpia.deb 07d425b43a8a3d46484c1fb8f3c1f5f2 23830 devel optional ethereal-dev_0.99.6rel-3ubuntu0.1_lpia.deb 0e01d19cfc9883efe5650c216d4b5794 23818 net optional ethereal_0.99.6rel-3ubuntu0.1_lpia.deb 1a16cbaa08fd5669e4e52b7b2b742974 23826 net optional tethereal_0.99.6rel-3ubuntu0.1_lpia.deb 626852d794463027fc000fd6198c09eb 9931514 net optional wireshark-common_0.99.6rel-3ubuntu0.1_powerpc.deb ba6435ec5cfff513e65cb66aae2afe2d 644000 net optional wireshark_0.99.6rel-3ubuntu0.1_powerpc.deb ac71d8d959ce3df0dc9abfabf599da9c 121744 net optional tshark_0.99.6rel-3ubuntu0.1_powerpc.deb aff546a528f7f02dfe025bd984af040f 554196 devel optional wireshark-dev_0.99.6rel-3ubuntu0.1_powerpc.deb 6d28d5f14b363d017e95ff3dd3088eba 24222 net optional ethereal-common_0.99.6rel-3ubuntu0.1_powerpc.deb 077939ce7ae0719587a709791e12fec9 23838 devel optional ethereal-dev_0.99.6rel-3ubuntu0.1_powerpc.deb 2c0dde84f2d6e4f8b75b1ca6b7f9b426 23820 net optional ethereal_0.99.6rel-3ubuntu0.1_powerpc.deb 12e55a96ad01a50d6aa7aa59666e80b0 23828 net optional tethereal_0.99.6rel-3ubuntu0.1_powerpc.deb c9a2a5e11fc7fdcf3c0a5f8f335997d2 1167 net optional wireshark_0.99.6rel-3ubuntu0.1.dsc c31ce5697eae8504f79110f328a29609 39360 net optional wireshark_0.99.6rel-3ubuntu0.1.diff.gz 538737d22a84a6a5c23c2b5216731d29 9724032 net optional wireshark-common_0.99.6rel-3ubuntu0.1_sparc.deb 32fb738e87f29329ace7cce3e102b079 602150 net optional wireshark_0.99.6rel-3ubuntu0.1_sparc.deb b77ffe64606f86a7fdbf6e9b4714e02c 113334 net optional tshark_0.99.6rel-3ubuntu0.1_sparc.deb 6ae597d1711ac4695425dcfb6b1a8273 554218 devel optional wireshark-dev_0.99.6rel-3ubuntu0.1_sparc.deb b5700d262105bb4ef8e4ca60e764398f 24216 net optional ethereal-common_0.99.6rel-3ubuntu0.1_sparc.deb c876d350faf74a11d3ecc676d3eb723a 23832 devel optional ethereal-dev_0.99.6rel-3ubuntu0.1_sparc.deb f7254cd3e2a261cab4255fb939137e75 23812 net optional ethereal_0.99.6rel-3ubuntu0.1_sparc.deb 0d122f581ab97d903c17316a6c058232 23824 net optional tethereal_0.99.6rel-3ubuntu0.1_sparc.deb Launchpad-Bugs-Fixed: 164501 Original-Maintainer: Frederic Peters