Well, this is only one of them.....
here is the complete list with fixes...I'm preparing some debdiffs from dapper
to feisty. gutsy is clean.
* SECURITY UPDATE: wireshark has several vulnerabilities:
+ CVE-2007-3389: Wireshark before 0.99.6 allows remote attackers to cause
a denial of service (crash) via a crafted chunked encoding in an HTTP
response, possibly related to a zero-length payload.
+ CVE-2007-3390: Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running
on certain systems, allows remote attackers to cause a denial of service
(crash) via crafted iSeries capture files that trigger a SIGTRAP.
+ CVE-2007-3392: Wireshark before 0.99.6 allows remote attackers to cause
a denial of service via malformed (1) SSL or (2) MMS packets that trigger
an
infinite loop.
+ CVE-2007-3393: Off-by-one error in the DHCP/BOOTP dissector in Wireshark
before 0.99.6 allows remote attackers to cause a denial of service
(crash) via
crafted DHCP-over-DOCSIS packets.
* debian/patches/12_secu_0.99.6_r21034.dpatch:
- applied patch from upstream
(Link:
http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-http.c?view=log&pathrev=21034)
* debian/patches/12_secu_0.99.6_r20990.dpatch:
- applied patch from upstream
(Link:
http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/wiretap/iseries.c?r1=19814&r2=20990&pathrev=20990)
* debian/patches/12_secu_0.99.6_r21392.dpatch ,
12_secu_0.99.6_r21665.dpatch:
- applied patches from upstream
(Link:
http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-ssl.c?r1=21650&r2=21665&pathrev=21665&view=patch)
(Link:
http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-mms.c?r1=21088&r2=21392&pathrev=21392&view=patch)
* debian/patches/12_secu_0.99.6_r21947.dpatch:
- applied patch from upstream
(Link:
http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-bootp.c?r1=21924&r2=21947&pathrev=21947&view=patch)
* References:
CVE-2007-3389
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1394
CVE-2007-3390
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1415
CVE-2007-3392
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1342
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1582
CVE-2007-3393
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1416
** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-3389
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-3390
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-3392
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-3393
** Changed in: wireshark (Ubuntu)
Assignee: (unassigned) => Stephan Hermann (shermann)
Status: New => In Progress
--
WireShark versions prior to 0.99.6 vulnerability
https://bugs.launchpad.net/bugs/132915
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
