Рекомендация Debian по безопасности

DSA-1983-1 wireshark -- несколько уязвимостей

Дата сообщения:

30.01.2010

Затронутые пакеты:

wireshark

Уязвим:

Да

Ссылки на базы данных по безопасности:

В каталоге Mitre CVE: CVE-2009-4377, CVE-2010-0304.

Более подробная информация:

В Wireshark, анализаторе сетевого трафика, было обнаружено несколько удалённых уязвимостей, которые могут приводить к выполнению произвольного кода или отказу в обслуживании. Проект Common Vulnerabilities and Exposures определяет следующие проблемы:

CVE-2009-4377
Было обнаружено разыменование NULL-указателя в диссекторах SMB/SMB2.
CVE-2010-0304
Несколько переполнений буфера было обнаружено в диссекторе LWRES.

В стабильном выпуске (lenny) эти проблемы были исправлены в версии 1.0.2-3+lenny8.

В нестабильном выпуске (sid) эти проблемы были исправлены в версии 1.2.6-1.

Рекомендуется обновить пакеты Wireshark.

Исправлено в:

Debian GNU/Linux 5.0 (lenny)

Исходный код:: http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8.dsc; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2.orig.tar.gz; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8.diff.gz
Alpha:: http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_alpha.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_alpha.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_alpha.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_amd64.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_amd64.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_amd64.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_arm.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_arm.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_arm.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_arm.deb
ARM EABI:: http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_armel.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_armel.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_armel.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_armel.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_i386.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_i386.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_i386.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_ia64.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_ia64.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_ia64.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_ia64.deb
Big-endian MIPS:: http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_mips.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_mips.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_mips.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_mips.deb
Little-endian MIPS:: http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_mipsel.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_mipsel.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_mipsel.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_powerpc.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_powerpc.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_powerpc.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_s390.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_s390.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_s390.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_s390.deb

Контрольные суммы MD5 этих файлов доступны в исходном сообщении.