Format: 1.7
Date: Mon, 24 Mar 2008 03:21:13 +0100
Source: wireshark
Binary: wireshark ethereal-dev wireshark-common tshark wireshark-dev ethereal ethereal-common tethereal
Architecture: i386
Version: 0.99.6rel-3ubuntu0.2
Distribution: gutsy
Urgency: low
Maintainer: Ubuntu/i386 Build Daemon <buildd@palmer.buildd>
Changed-By: Emanuele Gentili <emgent@emanuele-gentili.com>
Description: 
 ethereal   - dummy upgrade package for ethereal -> wireshark
 ethereal-common - dummy upgrade package for ethereal -> wireshark
 ethereal-dev - dummy upgrade package for ethereal -> wireshark
 tethereal  - dummy upgrade package for ethereal -> wireshark
 tshark     - network traffic analyzer (console)
 wireshark  - network traffic analyzer
 wireshark-common - network traffic analyser (common files)
 wireshark-dev - network traffic analyser (development tools)
Launchpad-Bugs-Fixed: 172283
Changes: 
 wireshark (0.99.6rel-3ubuntu0.2) gutsy-security; urgency=low
 .
   * SECURITY UPDATE: (LP: #172283)
    + CVE-2007-6438
     - Vulnerability in the SMB dissector in Wireshark 0.99.6 allows remote
       attackers to cause a denial of service via unknown vectors.
    + CVE-2007-6539
     - Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause
       a denial of service (infinite or large loop) via the (1) IPv6 or (2)
       USB dissector, which can trigger resource consumption or a crash.
    + CVE-2007-6441
     - The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows
       remote attackers to cause a denial of service (crash) via unknown
       vectors related to "unaligned access on some platforms."
    + CVE-2007-6450
     - The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6
       allows remote attackers to cause a denial of service (infinite loop)
       via unknown vectors.
    + CVE-2007-6451
     - vulnerability in the CIP dissector in Wireshark (formerly Ethereal)
       0.9.14 to 0.99.6 allows remote attackers to cause a denial of service
       (crash) via unknown vectors that trigger allocation of large amounts
       of memory.
    + CVE-2008-1070
     - The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through
       0.99.7 allows remote attackers to cause a denial of service (crash)
       via a malformed packet.
    + CVE-2008-1071
     - The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through
       0.99.7 allows remote attackers to cause a denial of service (crash)
       via a malformed packet. (not vulnerable in Gutsy)
    + CVE-2008-1072
     - The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through
       0.99.7, when running on Ubuntu 7.10, allows remote attackers to caus
       e a denial of service (crash or memory consumption) via a malformed
       packet, possibly related to a Cairo library bug.
 .
    + debian/patches/13_CVE-2007-6438.dpatch
     - Applied patch by upstream
     - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
       dissectors/packet-smb.c?r1=23412&r2=23593&pathrev=23593
    + debian/patches/13_CVE-2007-6439.dpatch
     - Applied patch by upstream
     - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
       dissectors/packet-ipv6.c?r1=23412&r2=23593&pathrev=23593
     - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
       dissectors/packet-usb.c?r1=23412&r2=23593&pathrev=23593
    + debian/patches/13_CVE-2007-6441.dpatch
     - Applied patch by upstream
     - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/plugins/
       wimax/wimax_bits.h?r1=23412&r2=23787&pathrev=23555
    + debian/patches/13_CVE-2007-6450.dpatch
     - Applied patch by upstream
     - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
       dissectors/packet-rpl.c?r1=23412&r2=23687&pathrev=23687
    + debian/patches/13_CVE-2007-6451.dpatch
     - Applied patch by upstream
     - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
       dissectors/packet-cip.c?r1=23412&r2=12070&pathrev=12070
    + debian/patches/14_CVE-2008-1070.dpatch
     - Applied patch by upastream
     - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
       dissectors/packet-sctp.c?r1=24295&r2=24471&pathrev=24563
    + debian/patches/14_CVE-2008-1072.dpatch
     - Applied patch by upstream
     - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
       dissectors/packet-tftp.c?r1=23412&r2=23962&pathrev=23962
 .
   * References
    + http://www.wireshark.org/security/wnpa-sec-2007-03.html
     - CVE-2007-6438
     - CVE-2007-6439
     - CVE-2007-6441
     - CVE-2007-6450
     - CVE-2007-6451
    + http://www.wireshark.org/security/wnpa-sec-2008-01.html
     - CVE-2008-1070
     - CVE-2008-1071 (not vulnerable in gutsy and not patched.)
     - CVE-2008-1072
Files: 
 c57ae0ede565258aa236fe9a9d5cbeb4 8650658 net optional wireshark-common_0.99.6rel-3ubuntu0.2_i386.deb
 8454f2c9355094d8514e0006a10df440 590432 net optional wireshark_0.99.6rel-3ubuntu0.2_i386.deb
 e20a4ff9463dab56bec06f5aa787782e 111460 net optional tshark_0.99.6rel-3ubuntu0.2_i386.deb
 7e8a61b875182cc2604d6fa2c015eaf7 554810 devel optional wireshark-dev_0.99.6rel-3ubuntu0.2_i386.deb
 e50aa02701a4ba53fc52f1008042b89b 24840 net optional ethereal-common_0.99.6rel-3ubuntu0.2_i386.deb
 fe0b9a53dca231a95312b2526691376b 24496 devel optional ethereal-dev_0.99.6rel-3ubuntu0.2_i386.deb
 9c64cf0f49664176e784a91b517dc2b5 24480 net optional ethereal_0.99.6rel-3ubuntu0.2_i386.deb
 208e1136fb3fd2fb3d22ac4a51cfa9a3 24490 net optional tethereal_0.99.6rel-3ubuntu0.2_i386.deb
Original-Maintainer: Frederic Peters <fpeters@debian.org>