-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1785-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 01, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : wireshark Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2009-1210 CVE-2009-1268 CVE-2009-1269 Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1210 A format string vulnerability was discovered in the PROFINET dissector. CVE-2009-1268 The dissector for the Check Point High-Availability Protocol could be forced to crash. CVE-2009-1269 Malformed Tektronix files could lead to a crash. The old stable distribution (etch), is only affected by the CPHAP crash, which doesn't warrant an update on its own. The fix will be queued up for an upcoming security update or a point release. For the stable distribution (lenny), these problems have been fixed in version 1.0.2-3+lenny5. For the unstable distribution (sid), these problems have been fixed in version 1.0.7-1. We recommend that you upgrade your wireshark packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5.dsc Size/MD5 checksum: 1501 b3a17f219c87c961b35ecd42649f3162 http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5.diff.gz Size/MD5 checksum: 101699 5f1e2ad455d391b99f1b0e10fdb01606 http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2.orig.tar.gz Size/MD5 checksum: 16935492 1834437f7c6dbed02082e7757133047d alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_alpha.deb Size/MD5 checksum: 730878 815eea657d82ccaa5b63eaf6c3c7f381 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_alpha.deb Size/MD5 checksum: 12100214 905b9c09b3fbc882febb0af6b4cef5f6 http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_alpha.deb Size/MD5 checksum: 126580 03d8a47ed6c6d1ab7fccdc22efa667cd http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_alpha.deb Size/MD5 checksum: 569476 b0c251c829c5fcb415e833c9c334cd35 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_amd64.deb Size/MD5 checksum: 11872180 92384dd416ac63a999d10a3c697691c9 http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_amd64.deb Size/MD5 checksum: 118488 45dc2934cf797bdc24044a2e2f9be9a4 http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_amd64.deb Size/MD5 checksum: 659500 965baca8e755bcb11f130009ef9bc12b http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_amd64.deb Size/MD5 checksum: 583274 da0fbbd79779d6ae19e51fc546c9bfb7 arm architecture (ARM) http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_arm.deb Size/MD5 checksum: 613798 e87592377139dcd68a5b3fac67e6bb16 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_arm.deb Size/MD5 checksum: 584000 6c67088dacf4720a066c6db5ebc93337 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_arm.deb Size/MD5 checksum: 10216512 f21e8b719dfc980eb7ae7034039c432a http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_arm.deb Size/MD5 checksum: 110818 b681333b90dcbbd680dab5052671e337 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_armel.deb Size/MD5 checksum: 10216300 91560627d9f15c59ade557986abd3519 http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_armel.deb Size/MD5 checksum: 113278 0b36066d921e43404a4c85d7cc2493c1 http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_armel.deb Size/MD5 checksum: 619654 8f9955bdf98a19e9b54b4ad819cd74fb http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_armel.deb Size/MD5 checksum: 584548 b9808f1e00c34bb49aea790b48061fa0 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_hppa.deb Size/MD5 checksum: 695086 f36bf0d98055841819b9b3839a0a8189 http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_hppa.deb Size/MD5 checksum: 120288 da6829be3a76a54851795cf49f58d473 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_hppa.deb Size/MD5 checksum: 13276580 64a7a853d096e0fc99db298fbe98f460 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_hppa.deb Size/MD5 checksum: 582556 93d52e72ab8733c53c28c1e66cab8a73 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_i386.deb Size/MD5 checksum: 582848 ea57fc7c03a29c4ebe03c96b5ffbca56 http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_i386.deb Size/MD5 checksum: 619190 a210bbe83969b492ee6da0798909c3fa http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_i386.deb Size/MD5 checksum: 10113510 dd3c1129fe3e1350398ca5ea65a89178 http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_i386.deb Size/MD5 checksum: 111286 bedb1816542ca9319a16561f64d627b6 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_ia64.deb Size/MD5 checksum: 929950 9c31e886abb0cfbf52ea0da1f4ccad74 http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_ia64.deb Size/MD5 checksum: 153672 02170cb1a0172a3bdb7a29a2ed9b7f12 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_ia64.deb Size/MD5 checksum: 569466 a9d0e6d240d29db562599b8cb63750d9 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_ia64.deb Size/MD5 checksum: 13690454 3056b0146c50963786406c0048642a22 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_mips.deb Size/MD5 checksum: 112952 6e67c164403df894d25863603bf20f43 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_mips.deb Size/MD5 checksum: 10429740 6553d71d68e52731241f0dc83b02329b http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_mips.deb Size/MD5 checksum: 636716 78dd552e011d08b3ad684139d55661f3 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_mips.deb Size/MD5 checksum: 569484 dac116cfa7eb3a4ade558cea06d465e5 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_mipsel.deb Size/MD5 checksum: 112968 47f018f83a7e926f4d9e90a6be20c170 http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_mipsel.deb Size/MD5 checksum: 626732 c2908d4143379549d038e848adb4200e http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_mipsel.deb Size/MD5 checksum: 9730716 8cdb40dc02035f5ab45788c0c0d8fb5e http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_mipsel.deb Size/MD5 checksum: 569470 ef6483a532821c6db028ded13b68c2ce powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_powerpc.deb Size/MD5 checksum: 122156 36b42babe8468b5b44c98e6b85d71b5c http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_powerpc.deb Size/MD5 checksum: 569464 9c258ed03004a9a8c213b46f44bd839c http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_powerpc.deb Size/MD5 checksum: 11230120 b9c17ad442834c8a0e26c24a00ce625b http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_powerpc.deb Size/MD5 checksum: 677260 bc4776cfddd139098d8797105707567a s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_s390.deb Size/MD5 checksum: 670908 1e51b5daf82994c7f9bc438d6cf02929 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_s390.deb Size/MD5 checksum: 12490148 40a312a358fd3201036e178906686473 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_s390.deb Size/MD5 checksum: 569470 47e7d1cc5dd3e7ae69d23cb7150388f7 http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_s390.deb Size/MD5 checksum: 121696 9ee1d87e7fe84000291e6eafa3c479c8 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_sparc.deb Size/MD5 checksum: 11289992 aab8af6c486ce6415eb4bd4555b25618 http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_sparc.deb Size/MD5 checksum: 629260 07202801496e99004a92a618dc8c26ea http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_sparc.deb Size/MD5 checksum: 113246 e91ee3ba76dc7e9343251b651a9d24d0 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_sparc.deb Size/MD5 checksum: 569496 aa9859ef128ec7afddb566b2f84d9888 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkn7CvoACgkQXm3vHE4uylqSFACfYtIe3PKYFlZNfGodxD0gg4XP KfcAoOVGWWbg20c+SSn8ltZP+wCsLzrr =MC0u -----END PGP SIGNATURE-----