wireshark (0.99.4-6ubuntu0.1) feisty-security; urgency=low
* SECURITY UPDATE: wireshark has several vulnerabilities:
(LP: #132915)
+ CVE-2007-3389: Wireshark before 0.99.6 allows remote attackers to cause
a denial of service (crash) via a crafted chunked encoding in an HTTP
response, possibly related to a zero-length payload.
+ CVE-2007-3390: Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running
on certain systems, allows remote attackers to cause a denial of service
(crash) via crafted iSeries capture files that trigger a SIGTRAP.
+ CVE-2007-3392: Wireshark before 0.99.6 allows remote attackers to cause
a denial of service via malformed (1) SSL or (2) MMS packets that trigger
an
infinite loop.
+ CVE-2007-3393: Off-by-one error in the DHCP/BOOTP dissector in Wireshark
before 0.99.6 allows remote attackers to cause a denial of service
(crash) via
crafted DHCP-over-DOCSIS packets.
+ CVE-2007-4721: Integer signedness error in the DNP3 dissector in
Wireshark 0.99.5 and earlier allows remote attackers to cause a denial of
service (infinite loop) via a certain DNP3 packet.
* debian/patches/12_secu_0.99.6_r21034.dpatch:
- applied patch from upstream
(Link:
http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-http.c?view=log&pathrev=21034)
* debian/patches/12_secu_0.99.6_r20990.dpatch:
- applied patch from upstream
(Link:
http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/wiretap/iseries.c?r1=19814&r2=20990&pathrev=20990)
* debian/patches/12_secu_0.99.6_r21392.dpatch ,
12_secu_0.99.6_r21665.dpatch:
- applied patches from upstream
(Link:
http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-ssl.c?r1=21650&r2=21665&pathrev=21665&view=patch)
(Link:
http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-mms.c?r1=21088&r2=21392&pathrev=21392&view=patch)
* debian/patches/12_secu_0.99.6_r21947.dpatch:
- applied patch from upstream
(Link:
http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-bootp.c?r1=21924&r2=21947&pathrev=21947&view=patch)
* debian/patches/13_CVE-2007-4721.dpatch:
- Applied patch according to the explanation on bugtraq.
(Link: http://archives.neohapsis.com/archives/bugtraq/2007-09/0030.html)
* References:
CVE-2007-3389
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1394
CVE-2007-3390
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1415
CVE-2007-3392
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1342
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1582
CVE-2007-3393
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1416
CVE-2007-4721
http://archives.neohapsis.com/archives/bugtraq/2007-09/0030.html
-- Stephan Hermann <[EMAIL PROTECTED]> Thu, 15 Nov 2007 20:45:17 +0100
** Changed in: wireshark (Ubuntu Feisty)
Status: Fix Committed => Fix Released
--
WireShark versions prior to 0.99.6 vulnerability
https://bugs.launchpad.net/bugs/132915
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
