Debian Security Advisory
DSA-1673-1 wireshark -- several vulnerabilities
- Date Reported:
- 29 Nov 2008
- Affected Packages:
- wireshark
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2008-3137, CVE-2008-3138, CVE-2008-3141, CVE-2008-3145, CVE-2008-3933, CVE-2008-4683, CVE-2008-4684, CVE-2008-4685.
- More information:
-
Several remote vulnerabilities have been discovered in network traffic analyzer Wireshark. The Common Vulnerabilities and Exposures project identifies the following problems:
- CVE-2008-3137
The GSM SMS dissector is vulnerable to denial of service.
- CVE-2008-3138
The PANA and KISMET dissectors are vulnerable to denial of service.
- CVE-2008-3141
The RMI dissector could disclose system memory.
- CVE-2008-3145
The packet reassembling module is vulnerable to denial of service.
- CVE-2008-3933
The zlib uncompression module is vulnerable to denial of service.
- CVE-2008-4683
The Bluetooth ACL dissector is vulnerable to denial of service.
- CVE-2008-4684
The PRP and MATE dissectors are vulnerable to denial of service.
- CVE-2008-4685
The Q931 dissector is vulnerable to denial of service.
For the stable distribution (etch), these problems have been fixed in version 0.99.4-5.etch.3.
For the upcoming stable distribution (lenny), these problems have been fixed in version 1.0.2-3+lenny2.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your wireshark packages.
- CVE-2008-3137
- Fixed in:
-
Debian GNU/Linux 4.0 (etch)
- Source:
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4.orig.tar.gz
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3.dsc
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3.diff.gz
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3.dsc
- Alpha:
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_alpha.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_alpha.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_alpha.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_alpha.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_alpha.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_alpha.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_alpha.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_alpha.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_amd64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_amd64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_amd64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_amd64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_amd64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_amd64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_amd64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_amd64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_arm.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_arm.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_arm.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_arm.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_arm.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_arm.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_arm.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_arm.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_arm.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_hppa.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_hppa.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_hppa.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_hppa.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_hppa.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_hppa.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_hppa.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_hppa.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_i386.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_i386.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_i386.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_i386.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_i386.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_i386.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_i386.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_i386.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_ia64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_ia64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_ia64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_ia64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_ia64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_ia64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_ia64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_ia64.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_mips.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_mips.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_mips.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_mips.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_mips.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_mips.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_mips.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_mips.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_mipsel.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_mipsel.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_mipsel.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_mipsel.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_mipsel.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_mipsel.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_mipsel.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_mipsel.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_powerpc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_powerpc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_powerpc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_powerpc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_powerpc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_powerpc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_powerpc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_powerpc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_s390.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_s390.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_s390.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_s390.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_s390.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_s390.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_s390.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_s390.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_sparc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_sparc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_sparc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_sparc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_sparc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_sparc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_sparc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_sparc.deb
- http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_sparc.deb
MD5 checksums of the listed files are available in the original advisory.