Debian Bug report logs -
#396258
multiple wireshark security issues fixed in 0.99.4
Reported by: Stefan Fritsch <sf@sfritsch.de>
Date: Mon, 30 Oct 2006 20:48:12 UTC
Severity: grave
Tags: security
Fixed in version wireshark/0.99.4-1
Done: Frederic Peters <fpeters@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Frederic Peters <fpeters@debian.org>
:
Bug#396258
; Package wireshark
.
(full text, mbox, link).
Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>
:
New Bug report received and forwarded. Copy sent to Frederic Peters <fpeters@debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
package: wireshark
severity: grave
tags: security
Wireshark 0.99.4 fixes the following vulnerabilities:
The HTTP dissector could crash. (Bugs 1050 and 1079)
Versions affected: 0.99.3.
CVE-2006-5468
The LDAP dissector (and possibly others) could crash. (Bug 1054)
Versions affected: 0.99.3.
CVE-2006-5740
The XOT dissector could attempt to allocate a large amount of memory
and crash. (Bug 1133)
Versions affected: 0.9.8 to 0.99.3.
CVE-2006-4805
The WBXML dissector could crash. (Bug 1134)
Versions affected: 0.10.11 to 0.99.3.
CVE-2006-5469
The MIME Multipart dissector was susceptible to an off-by-one error.
(Bug 1135)
Versions affected: 0.10.1 to 0.99.3.
CVE-2006-4574
If AirPcap support was enabled, parsing a WEP key could sometimes
cause a crash.
Versions affected: 0.99.3.
See
http://www.wireshark.org/security/wnpa-sec-2006-03.html
for details.
Reply sent to Frederic Peters <fpeters@debian.org>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Stefan Fritsch <sf@sfritsch.de>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #10 received at 396258-close@bugs.debian.org (full text, mbox, reply):
Source: wireshark
Source-Version: 0.99.4-1
We believe that the bug you reported is fixed in the latest version of
wireshark, which is due to be installed in the Debian FTP archive:
ethereal-common_0.99.4-1_amd64.deb
to pool/main/w/wireshark/ethereal-common_0.99.4-1_amd64.deb
ethereal-dev_0.99.4-1_amd64.deb
to pool/main/w/wireshark/ethereal-dev_0.99.4-1_amd64.deb
ethereal_0.99.4-1_amd64.deb
to pool/main/w/wireshark/ethereal_0.99.4-1_amd64.deb
tethereal_0.99.4-1_amd64.deb
to pool/main/w/wireshark/tethereal_0.99.4-1_amd64.deb
tshark_0.99.4-1_amd64.deb
to pool/main/w/wireshark/tshark_0.99.4-1_amd64.deb
wireshark-common_0.99.4-1_amd64.deb
to pool/main/w/wireshark/wireshark-common_0.99.4-1_amd64.deb
wireshark-dev_0.99.4-1_amd64.deb
to pool/main/w/wireshark/wireshark-dev_0.99.4-1_amd64.deb
wireshark_0.99.4-1.diff.gz
to pool/main/w/wireshark/wireshark_0.99.4-1.diff.gz
wireshark_0.99.4-1.dsc
to pool/main/w/wireshark/wireshark_0.99.4-1.dsc
wireshark_0.99.4-1_amd64.deb
to pool/main/w/wireshark/wireshark_0.99.4-1_amd64.deb
wireshark_0.99.4.orig.tar.gz
to pool/main/w/wireshark/wireshark_0.99.4.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 396258@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Frederic Peters <fpeters@debian.org> (supplier of updated wireshark package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 1 Nov 2006 10:05:05 +0100
Source: wireshark
Binary: wireshark ethereal-dev wireshark-common tshark wireshark-dev ethereal ethereal-common tethereal
Architecture: source amd64
Version: 0.99.4-1
Distribution: unstable
Urgency: high
Maintainer: Frederic Peters <fpeters@debian.org>
Changed-By: Frederic Peters <fpeters@debian.org>
Description:
ethereal - dummy upgrade package for ethereal -> wireshark
ethereal-common - dummy upgrade package for ethereal -> wireshark
ethereal-dev - dummy upgrade package for ethereal -> wireshark
tethereal - dummy upgrade package for ethereal -> wireshark
tshark - network traffic analyzer (console)
wireshark - network traffic analyzer
wireshark-common - network traffic analyser (common files)
wireshark-dev - network traffic analyser (development tools)
Closes: 375022 396258
Changes:
wireshark (0.99.4-1) unstable; urgency=high
.
* Backported security patches from yet unreleased 0.99.4 (closes: #396258)
* http://www.wireshark.org/security/wnpa-sec-2006-03.html has details
* HTTP dissector could crash (CVE-2006-5468)
* LDAP dissector (and others) could crash (CVE-2006-5740)
* XOT dissector could attempt to allocate a large amount of memory and
crash (CVE-2006-4805)
* WBXML dissector could crash (CVE-2006-5469)
* MIME Multipart dissectar was susceptible to an off-by-one error
(CVE-2006-4574)
* Parsing a WEP key could cause a crash
* debian/control: disabled libcap-dev for kfreebsd and hurd
(closes: #375022)
Files:
5cbec27c77fc064236a8ecfac187c2f0 1034 net optional wireshark_0.99.4-1.dsc
2556a31d0d770dd1990bd67b98bd2f9b 13306790 net optional wireshark_0.99.4.orig.tar.gz
f3e655ac1b1cf292f374fabce17d1446 14524 net optional wireshark_0.99.4-1.diff.gz
b707378f7de405b9a2a1e6a7f90acafe 9117990 net optional wireshark-common_0.99.4-1_amd64.deb
0ac6f11a4618a3bf6d4ab2e8ab47f74e 607536 net optional wireshark_0.99.4-1_amd64.deb
55218d2e10c37104482d0653c9a783a2 111680 net optional tshark_0.99.4-1_amd64.deb
7151a52c7567f9994bb1d976955e5ee2 172190 devel optional wireshark-dev_0.99.4-1_amd64.deb
2e2901fecdc7392b241524008c608a68 22252 net optional ethereal-common_0.99.4-1_amd64.deb
9362d78bdb14817d5498939d242b6769 21906 devel optional ethereal-dev_0.99.4-1_amd64.deb
219475aec28d146543424fc857986c67 21890 net optional ethereal_0.99.4-1_amd64.deb
bee9da6c03f009e45c04f75d4d45a5e0 21902 net optional tethereal_0.99.4-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFSHT1oR3LsWeD7V4RAlLRAJ4vKPLcAwELctIDUwW9WdhYMSg84QCfU23u
p2kLsy7GPt0J6HVawgzXbKE=
=dPVY
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Tue, 26 Jun 2007 01:40:06 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:28:16 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.