Debian-Sicherheitsankündigung

DSA-1049-1 ethereal -- Mehrere Verwundbarkeiten

Datum des Berichts:

02. Mai 2006

Betroffene Pakete:

Verwundbar:

Sicherheitsdatenbanken-Referenzen:

In der Bugtraq-Datenbank (bei SecurityFocus): BugTraq ID 17682.
In Mitres CVE-Verzeichnis: CVE-2006-1932, CVE-2006-1933, CVE-2006-1934, CVE-2006-1935, CVE-2006-1936, CVE-2006-1937, CVE-2006-1938, CVE-2006-1939, CVE-2006-1940.

Weitere Informationen:

Gerald Combs berichtete über mehrere Verwundbarkeiten in ethereal, einem populärem Analyseprogramm für Netzwerkverkehr. Das Common Vulnerabilities and Exposures Project identifiziert die folgenden Probleme:

CVE-2006-1932
Die OID-Druckroutine ist anfällig gegenüber einem Off-By-One-Fehler.
CVE-2006-1933
Die UMA- und BER-Zerteiler könnten in eine unendliche Schliefe geraten.
CVE-2006-1934
Der Dateicode für Network Instruments könnte einen Puffer überlaufen lassen.
CVE-2006-1935
Der COPS-Zerteiler weist einen potenziellen Pufferüberlauf auf.
CVE-2006-1936
Der telnet-Zerteiler weist einen Pufferüberlauf auf.
CVE-2006-1937
Fehler in den SRVLOC- und AIM-Zerteiler und im Statistik-Zähler könnten ethereal abstürzen lassen.
CVE-2006-1938
Null-Pointer-Dereferenzierungen im SMB-PIPE-Zerteiler und beim Lesen eines fehlgeformten Sniffer-Protokolls könnten ethereal abstürzen lassen.
CVE-2006-1939
Null-Pointer-Dereferenzierungen in den ASN.1-, GSM-SMS-, RPC- und ASN.1-basierten Zerteilern und ein ungültiger Anzeigefilter könnten ethereal abstürzen lassen.
CVE-2006-1940
Der SNDCP-Zerteiler könnte einen nicht beabsichtigten Programmabbruch auslösen.

Für die alte Stable-Distribution (Woody) wurden diese Probleme in Version 0.9.4-1woody15 behoben.

Für die Stable-Distribution (Sarge) wurden diese Probleme in Version 0.10.10-2sarge5 behoben.

Für die Unstable-Distribution (Sid) werden diese Probleme bald behoben sein.

Wir empfehlen Ihnen, Ihre ethereal-Pakete zu aktualisieren.

Behoben in:

Debian GNU/Linux 3.0 (woody)

Quellcode:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15.dsc; http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15.diff.gz; http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_alpha.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_alpha.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_alpha.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_arm.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_arm.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_arm.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_i386.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_i386.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_i386.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_ia64.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_ia64.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_ia64.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_hppa.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_hppa.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_hppa.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_m68k.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_m68k.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_m68k.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_mips.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_mips.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_mips.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_mipsel.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_mipsel.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_mipsel.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_powerpc.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_powerpc.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_powerpc.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_s390.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_s390.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_s390.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_sparc.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_sparc.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_sparc.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_sparc.deb

Debian GNU/Linux 3.1 (sarge)

Quellcode:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5.dsc; http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5.diff.gz; http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_alpha.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_alpha.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_alpha.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_amd64.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_amd64.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_amd64.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_arm.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_arm.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_arm.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_i386.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_i386.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_i386.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_ia64.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_ia64.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_ia64.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_hppa.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_hppa.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_hppa.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_m68k.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_m68k.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_m68k.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_mips.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_mips.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_mips.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_mipsel.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_mipsel.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_mipsel.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_powerpc.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_powerpc.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_powerpc.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_s390.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_s390.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_s390.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_sparc.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_sparc.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_sparc.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_sparc.deb

MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.