Debians sikkerhedsbulletin

DSA-1942-1 wireshark -- flere sårbarheder

Rapporteret den:
29. nov 2009
Berørte pakker:
wireshark
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
I Mitres CVE-ordbog: CVE-2009-1268, CVE-2008-1829, CVE-2009-2560, CVE-2009-2562, CVE-2009-3241, CVE-2009-3550, CVE-2009-3829.
Yderligere oplysninger:

Flere fjernudnytbare sårbarheder er opdaget i Wireshark, et program til analysering af netværkstrafik, hvilket måske kunne føre til udførelse af vilkårlig kode eller lammelsesangreb (denial of service). Projektet Common Vulnerabilities and Exposures har registreret følgende problemer:

  • CVE-2009-2560

    En NULL-pointerdereference blev fundet i RADIUS-dissektoren.

  • CVE-2009-3550

    En NULL-pointerdereference blev fundet DCERP/NT-dissektoren.

  • CVE-2009-3829

    Et heltalsoverløb blev opdageti ERF-fortolkeren.

Denne opdatering indeholder også rettelser af tre mindre problemer (CVE-2008-1829, CVE-2009-2562, CVE-2009-3241), der var planlagt til medtagelse i den næste punktopdatering af den stabile distribution. Desuden blev CVE-2009-1268 rettet i etch. Da denne sikkerhedsopdatering blev frigivet før udgivelsen af punktopdateringen, blev rettelserne medtaget.

I den gamle stabile distribution (etch), er dette problem rettet i version 0.99.4-5.etch.4.

I den stabile distribution (lenny), er dette problem rettet i version 1.0.2-3+lenny7.

I den ustabile distribution (sid) er disse problemer rettet i version 1.2.3-1.

Vi anbefaler at du opgraderer dine Wireshark-pakker.

Rettet i:

Debian GNU/Linux 4.0 (etch)

Kildekode:
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4.orig.tar.gz
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4.dsc
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4.diff.gz
Alpha:
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.4_alpha.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.4_alpha.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.4_alpha.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.4_alpha.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.4_alpha.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4_alpha.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.4_alpha.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.4_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4_amd64.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.4_amd64.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.4_amd64.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.4_amd64.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.4_amd64.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.4_amd64.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.4_amd64.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.4_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.4_arm.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.4_arm.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.4_arm.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.4_arm.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.4_arm.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.4_arm.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4_arm.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.4_arm.deb
HP Precision:
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.4_hppa.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.4_hppa.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.4_hppa.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.4_hppa.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.4_hppa.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4_hppa.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.4_hppa.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.4_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.4_i386.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.4_i386.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4_i386.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.4_i386.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.4_i386.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.4_i386.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.4_i386.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.4_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.4_ia64.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.4_ia64.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.4_ia64.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.4_ia64.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.4_ia64.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.4_ia64.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4_ia64.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.4_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.4_mips.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.4_mips.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.4_mips.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4_mips.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.4_mips.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.4_mips.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.4_mips.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.4_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.4_mipsel.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4_mipsel.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.4_mipsel.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.4_mipsel.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.4_mipsel.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.4_mipsel.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.4_mipsel.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.4_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.4_powerpc.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.4_powerpc.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.4_powerpc.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.4_powerpc.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.4_powerpc.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.4_powerpc.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.4_powerpc.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.4_s390.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.4_s390.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.4_s390.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.4_s390.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.4_s390.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4_s390.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.4_s390.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.4_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.4_sparc.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4_sparc.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.4_sparc.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.4_sparc.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.4_sparc.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.4_sparc.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.4_sparc.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.4_sparc.deb

Debian GNU/Linux 5.0 (lenny)

Kildekode:
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7.diff.gz
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2.orig.tar.gz
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7.dsc
Alpha:
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny7_alpha.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7_alpha.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny7_alpha.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny7_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny7_amd64.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7_amd64.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny7_amd64.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny7_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny7_arm.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7_arm.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny7_arm.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny7_arm.deb
ARM EABI:
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny7_armel.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7_armel.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny7_armel.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny7_armel.deb
HP Precision:
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny7_hppa.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7_hppa.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny7_hppa.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny7_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny7_i386.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny7_i386.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7_i386.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny7_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny7_ia64.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny7_ia64.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny7_ia64.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny7_mips.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny7_mips.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7_mips.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny7_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny7_mipsel.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny7_mipsel.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny7_mipsel.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny7_powerpc.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny7_powerpc.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7_powerpc.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny7_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny7_s390.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny7_s390.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7_s390.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny7_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny7_sparc.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7_sparc.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny7_sparc.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny7_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.