Debian セキュリティ勧告

DSA-1673-1 wireshark -- 複数の脆弱性

報告日時:

2008-11-29

影響を受けるパッケージ:

危険性:

あり

参考セキュリティデータベース:

Mitre の CVE 辞書: CVE-2008-3137, CVE-2008-3138, CVE-2008-3141, CVE-2008-3145, CVE-2008-3933, CVE-2008-4683, CVE-2008-4684, CVE-2008-4685.

詳細:

ネットワークトラフィックアナライザ wireshark に、リモートから攻撃可能な複数の問題が発見されました。The Common Vulnerabilities and Exposures project は以下の問題を認識しています。

CVE-2008-3137
GSM SMS ディスセクタにサービス拒否攻撃脆弱性が発見されました。
CVE-2008-3138
PANA および KISMET ディスセクタにサービス拒否攻撃脆弱性が発見されました。
CVE-2008-3141
RMI ディスセクタがシステムメモリの内容を漏洩します。
CVE-2008-3145
パケット再アセンブルモジュールにサービス拒否攻撃脆弱性が発見されました。
CVE-2008-3933
zlib 伸張モジュールにサービス拒否攻撃脆弱性が発見されました。
CVE-2008-4683
Bluetooth ACL ディスセクタにサービス拒否攻撃脆弱性が発見されました。
CVE-2008-4684
PRP および MATE ディスセクタにサービス拒否攻撃脆弱性が発見されました。
CVE-2008-4685
Q931 ディスセクタにサービス拒否攻撃脆弱性が発見されました。

安定版 (stable) ディストリビューション (etch) では、これらの問題はバージョン 0.99.4-5.etch.3 で修正されています。

次期安定版 (lenny) ディストリビューションでは、これらの問題はバージョン 1.0.2-3+lenny2 で修正されています。

不安定版 (unstable) ディストリビューション (sid) では、この問題は近く修正予定です。

直ぐに wireshark パッケージをアップグレードすることを勧めます。

修正:

Debian GNU/Linux 4.0 (etch)

ソース:: http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4.orig.tar.gz; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3.dsc; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3.diff.gz
Alpha:: http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_alpha.deb; http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_alpha.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_alpha.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_alpha.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_alpha.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_alpha.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_alpha.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_amd64.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_amd64.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_amd64.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_amd64.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_amd64.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_amd64.deb; http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_amd64.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_arm.deb; http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_arm.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_arm.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_arm.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_arm.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_arm.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_arm.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_arm.deb
HP Precision:: http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_hppa.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_hppa.deb; http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_hppa.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_hppa.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_hppa.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_hppa.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_hppa.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_hppa.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_i386.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_i386.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_i386.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_i386.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_i386.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_i386.deb; http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_i386.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_ia64.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_ia64.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_ia64.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_ia64.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_ia64.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_ia64.deb; http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_ia64.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_ia64.deb
Big-endian MIPS:: http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_mips.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_mips.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_mips.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_mips.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_mips.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_mips.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_mips.deb; http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_mips.deb
Little-endian MIPS:: http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_mipsel.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_mipsel.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_mipsel.deb; http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_mipsel.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_mipsel.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_mipsel.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_mipsel.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_powerpc.deb; http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_powerpc.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_powerpc.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_powerpc.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_powerpc.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_powerpc.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_powerpc.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_s390.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_s390.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_s390.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_s390.deb; http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_s390.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_s390.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_s390.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_sparc.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_sparc.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_sparc.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_sparc.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_sparc.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_sparc.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_sparc.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_sparc.deb

一覧にあるファイルの MD5 チェックサムは勧告の原文にあります。