Рекомендация Debian по безопасности

DSA-1414-1 wireshark -- несколько уязвимостей

Дата сообщения:
27.11.2007
Затронутые пакеты:
wireshark
Уязвим:
Да
Ссылки на базы данных по безопасности:
В каталоге Mitre CVE: CVE-2007-6114, CVE-2007-6117, CVE-2007-6118, CVE-2007-6120, CVE-2007-6121.
Более подробная информация:

В Wireshark, программе для анализа сетевого трафика, было обнаружено несколько удалённых уязвимостей, которые могут приводить к отказу в обслуживании или выполнению произвольного кода. Проект Common Vulnerabilities and Exposures определяет следующие проблемы:

  • CVE-2007-6114

    Штефан Эссер обнаружил переполнение буфера в диссекторе SSL. Fabiodds обнаружил переполнение буфера в диссекторе трассировки iSeries.

  • CVE-2007-6117

    В диссекторе HTTP была обнаружена ошибка программирования, которая может приводить к отказу в обслуживании.

  • CVE-2007-6118

    Диссектор MEGACO может использоваться для истощения ресурсов.

  • CVE-2007-6120

    Диссектор Bluetooth SDP может использоваться для вызова бесконечного цикла.

  • CVE-2007-6121

    Диссектор RPC portmap может использоваться для разыменования NULL-указателя.

В предыдущем стабильном выпуске (sarge) эти проблемы были исправлены в версии 0.10.10-2sarge10. (В Sarge Wireshark имеет название Ethereal). Обновлённые пакеты для архитектур sparc и m68k будут предоставлены позже.

В стабильном выпуске (etch) эти проблемы были исправлены в версии 0.99.4-5.etch.1. Обновлённые пакеты для архтектуры sparc будут предоставлены позже.

Рекомендуется обновить пакеты wireshark/ethereal.

Исправлено в:

Debian GNU/Linux 3.1 (oldstable)

Исходный код:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10.dsc
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10.diff.gz
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_alpha.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_alpha.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_alpha.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_amd64.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_amd64.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_amd64.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_arm.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_arm.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_arm.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_arm.deb
HP Precision:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_hppa.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_hppa.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_hppa.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_i386.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_i386.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_i386.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_ia64.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_ia64.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_ia64.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_mips.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_mips.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_mips.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_mipsel.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_mipsel.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_mipsel.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_powerpc.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_powerpc.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_powerpc.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_s390.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_s390.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_s390.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_s390.deb

Debian GNU/Linux 4.0 (etch)

Исходный код:
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4.orig.tar.gz
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1.dsc
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1.diff.gz
Alpha:
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_alpha.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_alpha.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_alpha.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_alpha.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_alpha.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_alpha.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_alpha.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_amd64.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_amd64.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_amd64.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_amd64.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_amd64.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_amd64.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_amd64.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_arm.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_arm.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_arm.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_arm.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_arm.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_arm.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_arm.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_arm.deb
HP Precision:
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_hppa.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_hppa.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_hppa.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_hppa.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_hppa.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_hppa.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_hppa.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_i386.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_i386.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_i386.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_i386.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_i386.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_i386.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_i386.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_ia64.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_ia64.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_ia64.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_ia64.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_ia64.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_ia64.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_ia64.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_mips.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_mips.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_mips.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_mips.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_mips.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_mips.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_mips.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_mipsel.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_mipsel.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_mipsel.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_mipsel.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_mipsel.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_mipsel.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_mipsel.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_powerpc.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_powerpc.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_powerpc.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_powerpc.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_powerpc.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_powerpc.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_powerpc.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_s390.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_s390.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_s390.deb
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_s390.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_s390.deb
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_s390.deb
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_s390.deb
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_s390.deb

Контрольные суммы MD5 этих файлов доступны в исходном сообщении.