wireshark 1.0.0-1ubuntu0.2 source package in Ubuntu

Changelog

wireshark (1.0.0-1ubuntu0.2) hardy-security; urgency=low

   * SECURITY UPDATE: packet-usb.c in the USB dissector in Wireshark 0.99.7
    through 1.0.3 allows remote attackers to cause a denial of service
    (application crash or abort) via a malformed USB Request Block (URB).
    (LP #290716)
    - debian/patches/30_CVE-2008-4680.dpatch - Properly initialise
      data structures in packet-usb.c - Gerald Combs.
    - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk
    - Revision: 26333
    - CVE-2008-4680
  * SECURITY UPDATE: Unspecified vulnerability in the Bluetooth RFCOMM
    dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers
    to cause a denial of service (application crash or abort) via unknown
    packets. (LP #290716)
    - debian/patches/31_CVE-2008-4681.dpatch - Properly initialise
      data structures in btrfcomm.c - Gerald Combs.
    - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk
    - Revision: 26333
    - CVE-2008-4681
  * SECURITY UPDATE: wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote
    attackers to cause a denial of service (application abort) via a
    malformed Tamos CommView capture file (aka .ncf file) with an
    "unknown/unexpected packet type" that triggers a failed assertion.
    (LP #290716)
    - debian/patches/32_CVE-2008-4682.dpatch - Return an error if it
      finds an unknown/unexpected packet type - Jeff Morris.
    - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk
    - Revision: 26327
    - CVE-2008-4682
  * SECURITY UPDATE: The dissect_btacl function in packet-bthci_acl.c in the
    Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote
    attackers to cause a denial of service (application crash or abort) via
    a packet with an invalid length, related to an erroneous tvb_memcpy call.
    (LP #290716)
    - debian/patches/33_CVE-2008-4683.dpatch - buffer check to prevent
      overflow - Jeff Morris.
    - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk
    - Revision: 25195
    - Included patch not listed by CVE to prevent memory overflow in
      bluetooth dissector - Jeff Morris.
    - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk
    - Revision: 25196
    - CVE-2008-4683
  * SECURITY UPDATE: packet-frame in Wireshark 0.99.2 through 1.0.3 does not
    properly handle exceptions thrown by post dissectors, which allows
    remote attackers to cause a denial of service (application crash) via
    a certain series of packets, as demonstrated by enabling the (1) PRP
    or (2) MATE post dissector. (LP #290716)
    - debian/patches/34_CVE-2008-4684.dpatch - Catch errors given
      post dissectors - Jeff Morris, wmeier
    - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk
    - Revision: 25339, 25342, 25344
    - CVE-2008-4684
  * SECURITY UPDATE: Use-after-free vulnerability in the dissect_q931_cause_ie
    function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through
    1.0.3 allows remote attackers to cause a denial of service (application crash
    or abort) via certain packets that trigger an exception. (LP #290716)
    - debian/patches/35_CVE-2008-4685.dpatch - Wrap dissect_q931_cause_ie() in
      which clears the have_valid_q931_pi semaphore - Jaap Keuter.
    - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk
    - Revision: 26190
    - CVE-2008-4685

 -- Stefan Lesicnik <email address hidden>   Thu, 30 Oct 2008 13:17:54 +0200

Upload details

Uploaded by:
Stefan Lesicnik on 2009-01-08
Sponsored by:
Kees Cook
Uploaded to:
Hardy
Original maintainer:
MOTU
Component:
main
Architectures:
any
Section:
net
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size MD5 Checksum
wireshark_1.0.0.orig.tar.gz 16.2 MiB f3f3d2211fe8b1f4358cd9250d99abe8
wireshark_1.0.0-1ubuntu0.2.diff.gz 50.4 KiB 1ff7137c2da5f793167b5e3074ad0848
wireshark_1.0.0-1ubuntu0.2.dsc 1.2 KiB 0e355b3eac89f3ffc9344efd4ef1dbc0

View changes file

Binary packages built by this source

ethereal: No summary available for ethereal in ubuntu hardy.

No description available for ethereal in ubuntu hardy.

ethereal-common: No summary available for ethereal-common in ubuntu hardy.

No description available for ethereal-common in ubuntu hardy.

ethereal-dev: No summary available for ethereal-dev in ubuntu hardy.

No description available for ethereal-dev in ubuntu hardy.

tethereal: No summary available for tethereal in ubuntu hardy.

No description available for tethereal in ubuntu hardy.

tshark: No summary available for tshark in ubuntu hardy.

No description available for tshark in ubuntu hardy.

wireshark: No summary available for wireshark in ubuntu hardy.

No description available for wireshark in ubuntu hardy.

wireshark-common: No summary available for wireshark-common in ubuntu hardy.

No description available for wireshark-common in ubuntu hardy.

wireshark-dev: No summary available for wireshark-dev in ubuntu hardy.

No description available for wireshark-dev in ubuntu hardy.