multiple wireshark security issues fixed in 0.99.4

Debian Bug report logs - #396258
multiple wireshark security issues fixed in 0.99.4

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Stefan Fritsch <sf@sfritsch.de>

To: submit@bugs.debian.org

Subject: multiple wireshark security issues fixed in 0.99.4

Date: Mon, 30 Oct 2006 21:35:57 +0100

package: wireshark
severity: grave
tags: security

Wireshark 0.99.4 fixes the following vulnerabilities: 

The HTTP dissector could crash.  (Bugs 1050 and 1079) 
Versions affected: 0.99.3. 
 CVE-2006-5468 

The LDAP dissector (and possibly others) could crash.  (Bug 1054) 
Versions affected: 0.99.3. 
 CVE-2006-5740 

The XOT dissector could attempt to allocate a large amount of memory    
and crash.  (Bug 1133) 
Versions affected: 0.9.8 to 0.99.3. 
 CVE-2006-4805 

The WBXML dissector could crash.  (Bug 1134) 
Versions affected: 0.10.11 to 0.99.3. 
 CVE-2006-5469 

The MIME Multipart dissector was susceptible to an off-by-one error.  
(Bug 1135) 
Versions affected: 0.10.1 to 0.99.3. 
 CVE-2006-4574 

If AirPcap support was enabled, parsing a WEP key could sometimes 
cause a crash.   
 Versions affected: 0.99.3.

See
http://www.wireshark.org/security/wnpa-sec-2006-03.html
for details.

Message #10 received at 396258-close@bugs.debian.org (full text, mbox, reply):

From: Frederic Peters <fpeters@debian.org>

To: 396258-close@bugs.debian.org

Subject: Bug#396258: fixed in wireshark 0.99.4-1

Date: Wed, 01 Nov 2006 02:32:22 -0800

Source: wireshark
Source-Version: 0.99.4-1

We believe that the bug you reported is fixed in the latest version of
wireshark, which is due to be installed in the Debian FTP archive:

ethereal-common_0.99.4-1_amd64.deb
  to pool/main/w/wireshark/ethereal-common_0.99.4-1_amd64.deb
ethereal-dev_0.99.4-1_amd64.deb
  to pool/main/w/wireshark/ethereal-dev_0.99.4-1_amd64.deb
ethereal_0.99.4-1_amd64.deb
  to pool/main/w/wireshark/ethereal_0.99.4-1_amd64.deb
tethereal_0.99.4-1_amd64.deb
  to pool/main/w/wireshark/tethereal_0.99.4-1_amd64.deb
tshark_0.99.4-1_amd64.deb
  to pool/main/w/wireshark/tshark_0.99.4-1_amd64.deb
wireshark-common_0.99.4-1_amd64.deb
  to pool/main/w/wireshark/wireshark-common_0.99.4-1_amd64.deb
wireshark-dev_0.99.4-1_amd64.deb
  to pool/main/w/wireshark/wireshark-dev_0.99.4-1_amd64.deb
wireshark_0.99.4-1.diff.gz
  to pool/main/w/wireshark/wireshark_0.99.4-1.diff.gz
wireshark_0.99.4-1.dsc
  to pool/main/w/wireshark/wireshark_0.99.4-1.dsc
wireshark_0.99.4-1_amd64.deb
  to pool/main/w/wireshark/wireshark_0.99.4-1_amd64.deb
wireshark_0.99.4.orig.tar.gz
  to pool/main/w/wireshark/wireshark_0.99.4.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 396258@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Frederic Peters <fpeters@debian.org> (supplier of updated wireshark package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed,  1 Nov 2006 10:05:05 +0100
Source: wireshark
Binary: wireshark ethereal-dev wireshark-common tshark wireshark-dev ethereal ethereal-common tethereal
Architecture: source amd64
Version: 0.99.4-1
Distribution: unstable
Urgency: high
Maintainer: Frederic Peters <fpeters@debian.org>
Changed-By: Frederic Peters <fpeters@debian.org>
Description: 
 ethereal   - dummy upgrade package for ethereal -> wireshark
 ethereal-common - dummy upgrade package for ethereal -> wireshark
 ethereal-dev - dummy upgrade package for ethereal -> wireshark
 tethereal  - dummy upgrade package for ethereal -> wireshark
 tshark     - network traffic analyzer (console)
 wireshark  - network traffic analyzer
 wireshark-common - network traffic analyser (common files)
 wireshark-dev - network traffic analyser (development tools)
Closes: 375022 396258
Changes: 
 wireshark (0.99.4-1) unstable; urgency=high
 .
   * Backported security patches from yet unreleased 0.99.4 (closes: #396258)
     * http://www.wireshark.org/security/wnpa-sec-2006-03.html has details
     * HTTP dissector could crash (CVE-2006-5468)
     * LDAP dissector (and others) could crash (CVE-2006-5740)
     * XOT dissector could attempt to allocate a large amount of memory and
       crash (CVE-2006-4805)
     * WBXML dissector could crash (CVE-2006-5469)
     * MIME Multipart dissectar was susceptible to an off-by-one error
       (CVE-2006-4574)
     * Parsing a WEP key could cause a crash
   * debian/control: disabled libcap-dev for kfreebsd and hurd
     (closes: #375022)
Files: 
 5cbec27c77fc064236a8ecfac187c2f0 1034 net optional wireshark_0.99.4-1.dsc
 2556a31d0d770dd1990bd67b98bd2f9b 13306790 net optional wireshark_0.99.4.orig.tar.gz
 f3e655ac1b1cf292f374fabce17d1446 14524 net optional wireshark_0.99.4-1.diff.gz
 b707378f7de405b9a2a1e6a7f90acafe 9117990 net optional wireshark-common_0.99.4-1_amd64.deb
 0ac6f11a4618a3bf6d4ab2e8ab47f74e 607536 net optional wireshark_0.99.4-1_amd64.deb
 55218d2e10c37104482d0653c9a783a2 111680 net optional tshark_0.99.4-1_amd64.deb
 7151a52c7567f9994bb1d976955e5ee2 172190 devel optional wireshark-dev_0.99.4-1_amd64.deb
 2e2901fecdc7392b241524008c608a68 22252 net optional ethereal-common_0.99.4-1_amd64.deb
 9362d78bdb14817d5498939d242b6769 21906 devel optional ethereal-dev_0.99.4-1_amd64.deb
 219475aec28d146543424fc857986c67 21890 net optional ethereal_0.99.4-1_amd64.deb
 bee9da6c03f009e45c04f75d4d45a5e0 21902 net optional tethereal_0.99.4-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFSHT1oR3LsWeD7V4RAlLRAJ4vKPLcAwELctIDUwW9WdhYMSg84QCfU23u
p2kLsy7GPt0J6HVawgzXbKE=
=dPVY
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.