Format: 1.7
Date: Mon, 24 Mar 2008 03:21:13 +0100
Source: wireshark
Binary: wireshark ethereal-dev wireshark-common tshark wireshark-dev ethereal ethereal-common tethereal
Architecture: amd64
Version: 0.99.6rel-3ubuntu0.2
Distribution: gutsy
Urgency: low
Maintainer: Ubuntu/amd64 Build Daemon <buildd@yellow.buildd>
Changed-By: Emanuele Gentili <emgent@emanuele-gentili.com>
Description: 
 ethereal   - dummy upgrade package for ethereal -> wireshark
 ethereal-common - dummy upgrade package for ethereal -> wireshark
 ethereal-dev - dummy upgrade package for ethereal -> wireshark
 tethereal  - dummy upgrade package for ethereal -> wireshark
 tshark     - network traffic analyzer (console)
 wireshark  - network traffic analyzer
 wireshark-common - network traffic analyser (common files)
 wireshark-dev - network traffic analyser (development tools)
Launchpad-Bugs-Fixed: 172283
Changes: 
 wireshark (0.99.6rel-3ubuntu0.2) gutsy-security; urgency=low
 .
   * SECURITY UPDATE: (LP: #172283)
    + CVE-2007-6438
     - Vulnerability in the SMB dissector in Wireshark 0.99.6 allows remote
       attackers to cause a denial of service via unknown vectors.
    + CVE-2007-6539
     - Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause
       a denial of service (infinite or large loop) via the (1) IPv6 or (2)
       USB dissector, which can trigger resource consumption or a crash.
    + CVE-2007-6441
     - The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows
       remote attackers to cause a denial of service (crash) via unknown
       vectors related to "unaligned access on some platforms."
    + CVE-2007-6450
     - The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6
       allows remote attackers to cause a denial of service (infinite loop)
       via unknown vectors.
    + CVE-2007-6451
     - vulnerability in the CIP dissector in Wireshark (formerly Ethereal)
       0.9.14 to 0.99.6 allows remote attackers to cause a denial of service
       (crash) via unknown vectors that trigger allocation of large amounts
       of memory.
    + CVE-2008-1070
     - The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through
       0.99.7 allows remote attackers to cause a denial of service (crash)
       via a malformed packet.
    + CVE-2008-1071
     - The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through
       0.99.7 allows remote attackers to cause a denial of service (crash)
       via a malformed packet. (not vulnerable in Gutsy)
    + CVE-2008-1072
     - The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through
       0.99.7, when running on Ubuntu 7.10, allows remote attackers to caus
       e a denial of service (crash or memory consumption) via a malformed
       packet, possibly related to a Cairo library bug.
 .
    + debian/patches/13_CVE-2007-6438.dpatch
     - Applied patch by upstream
     - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
       dissectors/packet-smb.c?r1=23412&r2=23593&pathrev=23593
    + debian/patches/13_CVE-2007-6439.dpatch
     - Applied patch by upstream
     - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
       dissectors/packet-ipv6.c?r1=23412&r2=23593&pathrev=23593
     - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
       dissectors/packet-usb.c?r1=23412&r2=23593&pathrev=23593
    + debian/patches/13_CVE-2007-6441.dpatch
     - Applied patch by upstream
     - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/plugins/
       wimax/wimax_bits.h?r1=23412&r2=23787&pathrev=23555
    + debian/patches/13_CVE-2007-6450.dpatch
     - Applied patch by upstream
     - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
       dissectors/packet-rpl.c?r1=23412&r2=23687&pathrev=23687
    + debian/patches/13_CVE-2007-6451.dpatch
     - Applied patch by upstream
     - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
       dissectors/packet-cip.c?r1=23412&r2=12070&pathrev=12070
    + debian/patches/14_CVE-2008-1070.dpatch
     - Applied patch by upastream
     - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
       dissectors/packet-sctp.c?r1=24295&r2=24471&pathrev=24563
    + debian/patches/14_CVE-2008-1072.dpatch
     - Applied patch by upstream
     - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
       dissectors/packet-tftp.c?r1=23412&r2=23962&pathrev=23962
 .
   * References
    + http://www.wireshark.org/security/wnpa-sec-2007-03.html
     - CVE-2007-6438
     - CVE-2007-6439
     - CVE-2007-6441
     - CVE-2007-6450
     - CVE-2007-6451
    + http://www.wireshark.org/security/wnpa-sec-2008-01.html
     - CVE-2008-1070
     - CVE-2008-1071 (not vulnerable in gutsy and not patched.)
     - CVE-2008-1072
Files: 
 3baa2892664424605480eafb09bba70e 10162210 net optional wireshark-common_0.99.6rel-3ubuntu0.2_amd64.deb
 1764997f0247c3f5e2b83131274a25b4 624606 net optional wireshark_0.99.6rel-3ubuntu0.2_amd64.deb
 90a351ca3014118461728a4ce591393c 118930 net optional tshark_0.99.6rel-3ubuntu0.2_amd64.deb
 d66a576aca7ef3cb3dcc7e6332ae7156 554822 devel optional wireshark-dev_0.99.6rel-3ubuntu0.2_amd64.deb
 d5b9a6e60df1e88e1b91741998439de3 24840 net optional ethereal-common_0.99.6rel-3ubuntu0.2_amd64.deb
 4edc3bc157eed23e058970df5b479129 24492 devel optional ethereal-dev_0.99.6rel-3ubuntu0.2_amd64.deb
 8294fa6d8f611e7a2cc620498dd9e269 24480 net optional ethereal_0.99.6rel-3ubuntu0.2_amd64.deb
 48428bcb0398126892cd88719fc52c35 24488 net optional tethereal_0.99.6rel-3ubuntu0.2_amd64.deb
Original-Maintainer: Frederic Peters <fpeters@debian.org>