User: Password:
Subscribe / Log in / New account

Debian alert DSA-1127-1 (ethereal)

From:  Moritz Muehlenhoff <>
Subject:  [SECURITY] [DSA 1127-1] New ethereal packages fix several vulnerabilities
Date:  Fri, 28 Jul 2006 07:41:07 +0200

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1127-1 Moritz Muehlenhoff July 28th, 2006 - -------------------------------------------------------------------------- Package : ethereal Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2006-3628 CVE-2006-3629 CVE-2006-3630 CVE-2006-3631 CVE-2006-3632 Debian Bug : 373913 375694 Several remote vulnerabilities have been discovered in the Ethereal network sniffer, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-3628 Ilja van Sprundel discovered that the FW-1 and MQ dissectors are vulnerable to format string attacks. CVE-2006-3629 Ilja van Sprundel discovered that the MOUNT dissector is vulnerable to denial of service through memory exhaustion. CVE-2006-3630 Ilja van Sprundel discovered off-by-one overflows in the NCP NMAS and NDPS dissectors. CVE-2006-3631 Ilja van Sprundel discovered a buffer overflow in the NFS dissector. CVE-2006-3632 Ilja van Sprundel discovered that the SSH dissector is vulnerable to denial of service through an infinite loop. For the stable distribution (sarge) these problems have been fixed in version 0.10.10-2sarge6. For the unstable distribution (sid) these problems have been fixed in version 0.99.2-1 of wireshark, the sniffer formerly known as ethereal. We recommend that you upgrade your ethereal packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 855 c707f586104e8686d9d2244ce2d7a506 Size/MD5 checksum: 173252 9c9821b8ebead45753446356c22cb578 Size/MD5 checksum: 7411510 e6b74468412c17bb66cd459bfb61471c Alpha architecture: Size/MD5 checksum: 542792 15de1eb27365d6cae79d8d702e090f13 Size/MD5 checksum: 5475590 bef681e66102e67d36b7e6a42c2c2c3f Size/MD5 checksum: 154412 847bd247de53a90c7280043bedac7d93 Size/MD5 checksum: 106004 bee2da8a58d6e84c05b6a80537183694 AMD64 architecture: Size/MD5 checksum: 486278 e6239c6efadea1399ad1fcab5a0da5f3 Size/MD5 checksum: 5333976 61bcb38c72686eeb7e8587179ab7594f Size/MD5 checksum: 154406 a13fdfd340be02a602f6fc576f166005 Size/MD5 checksum: 99298 7dd892a57430d66f7c97088b8c1eb187 ARM architecture: Size/MD5 checksum: 472738 a10f7886e67d41949ec8488715276ca7 Size/MD5 checksum: 4687198 d18c46329bf526579e7c1af409323610 Size/MD5 checksum: 154434 5c23b40f20e4079a6c58c697914b54ef Size/MD5 checksum: 95276 a56fa4124bd4193ec75bdedeaefcb47b Intel IA-32 architecture: Size/MD5 checksum: 443394 e72fd2ff7eec3cbd08fc07ed9458aada Size/MD5 checksum: 4495996 9e1aebd1a408bf7472608917660ce9aa Size/MD5 checksum: 154398 d84eaeb2fae751e3b36046e87c1981e1 Size/MD5 checksum: 90684 c699e114b221acd10350cf8b51c608b9 Intel IA-64 architecture: Size/MD5 checksum: 674208 354b3cc9866e6fefe48b38925a48ae32 Size/MD5 checksum: 6628612 e72ee2bfd8b6997a121c8a95b6742e4f Size/MD5 checksum: 154382 da6b4cf3246a63b4b8b94bc0db6d3dac Size/MD5 checksum: 128860 370f38c0c53088195b7418d3af996d35 HP Precision architecture: Size/MD5 checksum: 489076 bf76e69441ef032d5d8ad8420b5b25b8 Size/MD5 checksum: 5786654 7e88aabad273d3dd0e239f78ecc35491 Size/MD5 checksum: 154442 325e842eae1b96b8a33ec8ae025739e2 Size/MD5 checksum: 98192 7400d5ce588c3899f6e2b43f945bde6e Motorola 680x0 architecture: Size/MD5 checksum: 447546 489e9c8ae8069112a937c8a26d297709 Size/MD5 checksum: 5564820 636aff3dca750cb3ac139c21404c49a1 Size/MD5 checksum: 154472 776225c24043d3056c5b45914f24450a Size/MD5 checksum: 90680 98475c71576aaee068be4ff5353050fe Big endian MIPS architecture: Size/MD5 checksum: 462502 716d233fbf38161464290950590a071f Size/MD5 checksum: 4723270 60f129963a2ce9ffbd599b60cfba11cd Size/MD5 checksum: 154406 386b68e0403f729687d82786afb0241d Size/MD5 checksum: 94498 af2ed192e6d4690d263f01127a8edfee Little endian MIPS architecture: Size/MD5 checksum: 457750 ef72d36a3f9fa3945a98c14abc62e2ce Size/MD5 checksum: 4459970 36bf7f5d57e23e14d1ade0bf9f9d49b0 Size/MD5 checksum: 154416 5d36a2d02f29374ef45bcdb1597423c5 Size/MD5 checksum: 94410 c585ae00dadccef338c292c1a2c268f9 PowerPC architecture: Size/MD5 checksum: 455484 893d1f6bbc3097840ba7e53cc542bbee Size/MD5 checksum: 5067540 e17cde3f8ff57a31a12270cb5d701257 Size/MD5 checksum: 154414 7b51770205dc37fc2fde1fd9ca344dda Size/MD5 checksum: 94112 7a49b609694e1eea450e621da3b2bc1f IBM S/390 architecture: Size/MD5 checksum: 479470 528b47d9a5c453856edd9b6df28ebae7 Size/MD5 checksum: 5620570 874edf4f0f86ab3aee3f48a55f95f0d0 Size/MD5 checksum: 154400 86f2d581fa46af34788e0629c6e62ec5 Size/MD5 checksum: 99696 1b622377fb056fe37b8104d295e56d28 Sun Sparc architecture: Size/MD5 checksum: 465138 ad9fd25554415ff19dba6b89b5d48513 Size/MD5 checksum: 5129848 f1a7015616428128a1c65394226a87fe Size/MD5 checksum: 154424 ff78808097ae2bc2b4ed753f1b76f1b9 Size/MD5 checksum: 93600 a97f833739a88b5484b59989be966d0d These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: Package info: `apt-cache show <pkg>' and<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEyaMXXm3vHE4uyloRAvMLAKCmEhnqBdURa2zVfJoWKPWjj/wIJwCdFE3B 2nDYi9cpb0AmiNjuFJjUcLs= =hiNY -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to with a subject of "unsubscribe". Trouble? Contact

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds