wireshark 1.0.0-1ubuntu0.2 source package in Ubuntu
Changelog
wireshark (1.0.0-1ubuntu0.2) hardy-security; urgency=low * SECURITY UPDATE: packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB). (LP #290716) - debian/patches/30_CVE-2008-4680.dpatch - Properly initialise data structures in packet-usb.c - Gerald Combs. - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk - Revision: 26333 - CVE-2008-4680 * SECURITY UPDATE: Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets. (LP #290716) - debian/patches/31_CVE-2008-4681.dpatch - Properly initialise data structures in btrfcomm.c - Gerald Combs. - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk - Revision: 26333 - CVE-2008-4681 * SECURITY UPDATE: wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion. (LP #290716) - debian/patches/32_CVE-2008-4682.dpatch - Return an error if it finds an unknown/unexpected packet type - Jeff Morris. - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk - Revision: 26327 - CVE-2008-4682 * SECURITY UPDATE: The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call. (LP #290716) - debian/patches/33_CVE-2008-4683.dpatch - buffer check to prevent overflow - Jeff Morris. - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk - Revision: 25195 - Included patch not listed by CVE to prevent memory overflow in bluetooth dissector - Jeff Morris. - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk - Revision: 25196 - CVE-2008-4683 * SECURITY UPDATE: packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector. (LP #290716) - debian/patches/34_CVE-2008-4684.dpatch - Catch errors given post dissectors - Jeff Morris, wmeier - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk - Revision: 25339, 25342, 25344 - CVE-2008-4684 * SECURITY UPDATE: Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception. (LP #290716) - debian/patches/35_CVE-2008-4685.dpatch - Wrap dissect_q931_cause_ie() in which clears the have_valid_q931_pi semaphore - Jaap Keuter. - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk - Revision: 26190 - CVE-2008-4685 -- Stefan Lesicnik <email address hidden> Thu, 30 Oct 2008 13:17:54 +0200
Upload details
- Uploaded by:
- Stefan Lesicnik
- Sponsored by:
- Kees Cook
- Uploaded to:
- Hardy
- Original maintainer:
- MOTU
- Architectures:
- any
- Section:
- net
- Urgency:
- Low Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
wireshark_1.0.0.orig.tar.gz | 16.2 MiB | ded6535231919fba5cc3c674e0753612f544ca46281005453f03d131d0e795ca |
wireshark_1.0.0-1ubuntu0.2.diff.gz | 50.4 KiB | 547162cf867b9b5b17a6949b73a08b124c449f7ee12631c85c9d8b7f43059bcc |
wireshark_1.0.0-1ubuntu0.2.dsc | 1.2 KiB | d712a74f3e8a2f19fca4db57832455f6c2135798bdcd306477f593c9bb9725f7 |
Available diffs
- diff from 1.0.0-1ubuntu0.1 to 1.0.0-1ubuntu0.2 (291 bytes)
Binary packages built by this source
- ethereal: No summary available for ethereal in ubuntu hardy.
No description available for ethereal in ubuntu hardy.
- ethereal-common: No summary available for ethereal-common in ubuntu hardy.
No description available for ethereal-common in ubuntu hardy.
- ethereal-dev: No summary available for ethereal-dev in ubuntu hardy.
No description available for ethereal-dev in ubuntu hardy.
- tethereal: No summary available for tethereal in ubuntu hardy.
No description available for tethereal in ubuntu hardy.
- tshark: No summary available for tshark in ubuntu hardy.
No description available for tshark in ubuntu hardy.
- wireshark: No summary available for wireshark in ubuntu hardy.
No description available for wireshark in ubuntu hardy.
- wireshark-common: No summary available for wireshark-common in ubuntu hardy.
No description available for wireshark-common in ubuntu hardy.
- wireshark-dev: No summary available for wireshark-dev in ubuntu hardy.
No description available for wireshark-dev in ubuntu hardy.