** Description changed: Binary package hint: wireshark Wireshark 1.0 has been released on March 31, 2008. Changelog: http://www.wireshark.org/docs/relnotes/wireshark-1.0.0.html + wireshark (1.0.0-1) unstable; urgency=low + + * Several security issues were solved in 0.99.7 already: + (closes: #452381) + * allow remote attackers to cause a denial of service (crash) via (1) a + crafted MP3 file or (2) unspecified vectors to the NCP dissector + (CVE-2007-6111) + * Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) + 0.99.6 allows remote attackers to cause a denial of service (crash) + and possibly execute arbitrary code via unknown vectors. + (CVE-2007-6112) + * Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote + attackers to cause a denial of service (long loop) via a malformed DNP + packet (CVE-2007-6113) + * Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 + through 0.99.6 allow remote attackers to cause a denial of service + (crash) and possibly execute arbitrary code via (1) the SSL dissector + or (2) the iSeries (OS/400) Communication trace file parser + (CVE-2007-6114) + * Buffer overflow in the ANSI MAP dissector for Wireshark (formerly + Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, + allows remote attackers to cause a denial of service and possibly + execute arbitrary code via unknown vectors. (CVE-2007-6115) + * The Firebird/Interbase dissector in Wireshark (formerly Ethereal) + 0.99.6 allows remote attackers to cause a denial of service (infinite + loop or crash) via unknown vectors. (CVE-2007-6116) + * Unspecified vulnerability in the HTTP dissector for Wireshark + (formerly Ethereal) 0.10.14 to 0.99.6 has unknown impact and remote + attack vectors related to chunked messages. (CVE-2007-6117) + * The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 + allows remote attackers to cause a denial of service (long loop and + resource consumption) via unknown vectors. (CVE-2007-6118) + * The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows + remote attackers to cause a denial of service (long loop and resource + consumption) via unknown vectors. (CVE-2007-6119) + * The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to + 0.99.6 allows remote attackers to cause a denial of service (infinite + loop) via unknown vectors. (CVE-2007-6120) + * Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers + to cause a denial of service (crash) via a malformed RPC Portmap + packet. (CVE-2007-6121) + * current wireshark has SSL support (closes: #172939) + * and H323 support (closes: #117201) + * resizing columns bugfix was applied last year (closes: #369044) + * new upstream release 1.0.0 + http://www.wireshark.org/docs/relnotes/wireshark-1.0.0.html + * remove debian/ directory from upstream + * update 14_disable-cmip.dpatch. + * if wireshark has no priv, it now prints: + dumpcap: There are no interfaces on which a capture can be done + (closes: #468400) + * wireshark uses su-to-root now (closes: #472478) + * vulnerabilities fixed: + * The X.509sat and other dissector could crash (CVE-2008-1561) + * The LDAP dissector could crash on Windows and other platforms. + (CVE-2008-1562) + * The SCCP dissector could crash while using the "decode as" + feature (CVE-2008-1563) + + -- Joost Yervante Damad <[EMAIL PROTECTED]> Tue, 01 Apr 2008 19:48:19 + +0200 + + Packages are available from Debian sid (http://packages.debian.org/sid/wireshark). Is there a chance of getting this release (which includes several important security fixes [but also new features!]) into Hardy? I'd file a FFe if someone tells me if it's got a chance.
-- Wireshark 1.0 is available- Fixes Multiple Vulnerabilities https://bugs.launchpad.net/bugs/210687 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
