Debian-Sicherheitsankündigung
DSA-1322-1 wireshark -- Mehrere Verwundbarkeiten
- Datum des Berichts:
- 27. Jun 2007
- Betroffene Pakete:
- wireshark
- Verwundbar:
- Ja
- Sicherheitsdatenbanken-Referenzen:
- In Mitres CVE-Verzeichnis: CVE-2007-3390, CVE-2007-3392, CVE-2007-3393.
- Weitere Informationen:
-
Mehrere entfernte Verwundbarkeiten wurden im Wireshark-Netzwerkaufkommenanalysierer gefunden, die zu einer Diensteverweigerung (
denial of service
) führen können. DasCommon Vulnerabilities and Exposures
-Projekt identifiziert die folgenden Probleme:- CVE-2007-3390
Um eines daneben
-Überläufe wurden im iSeries-Sezierer (dissector
) entdeckt. - CVE-2007-3392
Die MMS- und SSL-Sezierer können in eine unendliche Schleife gezwungen werden.
- CVE-2007-3393
Ein
Um eines daneben
-Überlauf wurden im DHCP/BOOTP-Sezierer entdeckt.
Die alte Stable-Distribution (Sarge) ist von diesen Problemen nicht betroffen. (In Sarge hieß Wireshark noch Ethereal).
Für die Stable-Distribution (Etch) wurden diese Probleme in Version 0.99.4-5.etch.0 behoben. Pakete für die Big-Endian-MIPS-Architektur sind noch nicht verfügbar. Sie werden später bereitgestellt.
Für die Unstable-Distribution (Sid) wurden diese Probleme in Version 0.99.6pre1-1 behoben.
Wir empfehlen Ihnen, Ihre Wireshark-Pakete zu aktualisieren.
- CVE-2007-3390
- Behoben in:
-
Debian GNU/Linux 4.0 (etch)
- Quellcode:
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0.dsc
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0.diff.gz
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4.orig.tar.gz
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_alpha.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_alpha.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_alpha.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_alpha.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_alpha.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_alpha.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_alpha.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_alpha.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_amd64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_amd64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_amd64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_amd64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_amd64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_amd64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_amd64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_amd64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_arm.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_arm.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_arm.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_arm.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_arm.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_arm.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_arm.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_arm.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_arm.deb
- HPPA:
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_hppa.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_hppa.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_hppa.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_hppa.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_hppa.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_hppa.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_hppa.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_hppa.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_i386.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_i386.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_i386.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_i386.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_i386.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_i386.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_i386.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_i386.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_ia64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_ia64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_ia64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_ia64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_ia64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_ia64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_ia64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_ia64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_ia64.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_mipsel.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_mipsel.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_mipsel.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_mipsel.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_mipsel.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_mipsel.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_mipsel.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_mipsel.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_powerpc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_powerpc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_powerpc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_powerpc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_powerpc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_powerpc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_powerpc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_powerpc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_s390.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_s390.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_s390.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_s390.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_s390.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_s390.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_s390.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_s390.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_sparc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_sparc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_sparc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_sparc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_sparc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_sparc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_sparc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_sparc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_sparc.deb
MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.