Ubuntu
wireshark package

Bug #132915
Comment #1

Comment 1 for bug 132915

Revision history for this message

Stephan Rügamer (sruegamer) wrote on 2007-11-15:

Well, this is only one of them.....

here is the complete list with fixes...I'm preparing some debdiffs from dapper to feisty. gutsy is clean.

  * SECURITY UPDATE: wireshark has several vulnerabilities:
    + CVE-2007-3389: Wireshark before 0.99.6 allows remote attackers to cause
      a denial of service (crash) via a crafted chunked encoding in an HTTP
      response, possibly related to a zero-length payload.
    + CVE-2007-3390: Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running
      on certain systems, allows remote attackers to cause a denial of service
      (crash) via crafted iSeries capture files that trigger a SIGTRAP.
    + CVE-2007-3392: Wireshark before 0.99.6 allows remote attackers to cause
      a denial of service via malformed (1) SSL or (2) MMS packets that trigger an
      infinite loop.
    + CVE-2007-3393: Off-by-one error in the DHCP/BOOTP dissector in Wireshark
      before 0.99.6 allows remote attackers to cause a denial of service (crash) via
      crafted DHCP-over-DOCSIS packets.
  * debian/patches/12_secu_0.99.6_r21034.dpatch:
    - applied patch from upstream
      (Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-http.c?view=log&pathrev=21034)
  * debian/patches/12_secu_0.99.6_r20990.dpatch:
    - applied patch from upstream
      (Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/wiretap/iseries.c?r1=19814&r2=20990&pathrev=20990)
  * debian/patches/12_secu_0.99.6_r21392.dpatch ,
    12_secu_0.99.6_r21665.dpatch:
    - applied patches from upstream
      (Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-ssl.c?r1=21650&r2=21665&pathrev=21665&view=patch)
      (Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-mms.c?r1=21088&r2=21392&pathrev=21392&view=patch)
  * debian/patches/12_secu_0.99.6_r21947.dpatch:
    - applied patch from upstream
      (Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-bootp.c?r1=21924&r2=21947&pathrev=21947&view=patch)
  * References:
    CVE-2007-3389
    http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1394
    CVE-2007-3390
    http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1415
    CVE-2007-3392
    http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1342
    http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1582
    CVE-2007-3393
    http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1416

Well, this is only one of them.....

here is the complete list with fixes...I'm preparing some debdiffs from dapper to feisty. gutsy is clean.

* SECURITY UPDATE: wireshark has several vulnerabilities:
    + CVE-2007-3389: Wireshark before 0.99.6 allows remote attackers to cause
      a denial of service (crash) via a crafted chunked encoding in an HTTP
      response, possibly related to a zero-length payload.
    + CVE-2007-3390:  Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running
      on certain systems, allows remote attackers to cause a denial of service
      (crash) via crafted iSeries capture files that trigger a SIGTRAP.
    + CVE-2007-3392: Wireshark before 0.99.6 allows remote attackers to cause
      a denial of service via malformed (1) SSL or (2) MMS packets that trigger an
      infinite loop.
    + CVE-2007-3393: Off-by-one error in the DHCP/BOOTP dissector in Wireshark
      before 0.99.6 allows remote attackers to cause a denial of service (crash) via
      crafted DHCP-over-DOCSIS packets.
  * debian/patches/12_secu_0.99.6_r21034.dpatch:
    - applied patch from upstream
      (Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-http.c?view=log&pathrev=21034)
  * debian/patches/12_secu_0.99.6_r20990.dpatch:
    - applied patch from upstream
      (Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/wiretap/iseries.c?r1=19814&r2=20990&pathrev=20990)
  * debian/patches/12_secu_0.99.6_r21392.dpatch ,
    12_secu_0.99.6_r21665.dpatch:
    - applied patches from upstream
      (Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-ssl.c?r1=21650&r2=21665&pathrev=21665&view=patch)
      (Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-mms.c?r1=21088&r2=21392&pathrev=21392&view=patch)
  * debian/patches/12_secu_0.99.6_r21947.dpatch:
    - applied patch from upstream
      (Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/dissectors/packet-bootp.c?r1=21924&r2=21947&pathrev=21947&view=patch)
  * References:
    CVE-2007-3389
    http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1394
    CVE-2007-3390
    http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1415
    CVE-2007-3392
    http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1342
    http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1582
    CVE-2007-3393
    http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1416

Ubuntuwireshark package

Comment 1 for bug 132915

Ubuntu
wireshark package