LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 15th, 2014
Linux Advisory Watch: August 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New ethereal packages fix denial of service Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1201-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
October 31st, 2006                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : ethereal
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2006-4574 CVE-2006-4805
Debian Bug     : 396258

Several remote vulnerabilities have been discovered in the Ethereal network
scanner. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2005-4574

    It was discovered that the MIME multipart dissector is vulnerable to
    denial of service caused by an off-by-one overflow.

CVE-2006-4805

    It was discovered that the XOT dissector is vulnerable to denial
    of service caused by memory corruption.

For the stable distribution (sarge) these problems have been fixed in
version 0.10.10-2sarge9. Due to technical problems with the security
buildd infrastructure this update lacks builds for the hppa and sparc
architecture. They will be released as soon as the problems are resolved.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your ethereal packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9.dsc
      Size/MD5 checksum:      855 4111fa99ac63f549e0ed3e2db668e542
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9.diff.gz
      Size/MD5 checksum:   178221 6566de4d9fc112f25f6bfaf45ad77faa
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
      Size/MD5 checksum:  7411510 e6b74468412c17bb66cd459bfb61471c

  Alpha architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_alpha.deb
      Size/MD5 checksum:   543092 c89ff6f8bdc7e6f7eb2650d5076f03e6
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_alpha.deb
      Size/MD5 checksum:  5476386 e2a8e648f15a347d05f5e5cd624edb4c
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_alpha.deb
      Size/MD5 checksum:   154592 5e0d5c37c0cc589d05d6e748e51e03ea
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_alpha.deb
      Size/MD5 checksum:   106306 f23e0e55dc96d7bdcb0fb95cdfba5548

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_amd64.deb
      Size/MD5 checksum:   486550 ffd006375c90a4d059af7a024188776e
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_amd64.deb
      Size/MD5 checksum:  5334530 341c8645167abbae9ae6147b83649edb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_amd64.deb
      Size/MD5 checksum:   154598 b1d1d14d3d41120c1c5c65ce89f08ab2
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_amd64.deb
      Size/MD5 checksum:    99588 fdf5d3d8677e03c3edf2cfff04fba4ec

  ARM architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_arm.deb
      Size/MD5 checksum:   473062 9a901ea673c269ccbf41ecdff1df53dd
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_arm.deb
      Size/MD5 checksum:  4688102 09120393788e912b7ac18182b09fcd2e
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_arm.deb
      Size/MD5 checksum:   154596 e539e5c413c0c39957c0abb9b34c9cfb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_arm.deb
      Size/MD5 checksum:    95664 2131328ee58a900aedf3766ddbbfc98e

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_i386.deb
      Size/MD5 checksum:   443698 7693be67596d17632cf4723f8a54d047
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_i386.deb
      Size/MD5 checksum:  4529248 0139a1d19b4957c004df779e38a24a59
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_i386.deb
      Size/MD5 checksum:   154592 9c0525063d401ee054b27ce38d634e33
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_i386.deb
      Size/MD5 checksum:    90942 96abf559fb9430b1692d2d90a66ecc5c

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_ia64.deb
      Size/MD5 checksum:   674472 4abd34b813b05e024043da18bb3e402c
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_ia64.deb
      Size/MD5 checksum:  6630134 99f54db4831942d42296ab0a95342478
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_ia64.deb
      Size/MD5 checksum:   154594 97f03089c5a2f20ba38344f6cec55b30
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_ia64.deb
      Size/MD5 checksum:   129198 1112f7607579fcd8b9ca08f71343f634

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_m68k.deb
      Size/MD5 checksum:   447802 232f5842aa0e6adb46d20a7bb185f96d
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_m68k.deb
      Size/MD5 checksum:  5565136 fb513962f4e20d66c623a73b5ee9e885
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_m68k.deb
      Size/MD5 checksum:   154662 a3b9b1d5863b3aa898f0cc99c1cd6698
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_m68k.deb
      Size/MD5 checksum:    90952 dd7d57c87b84651cf379e89001605323

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_mips.deb
      Size/MD5 checksum:   462804 d4684b24816cc54d47cfad4ce32bd0b5
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_mips.deb
      Size/MD5 checksum:  4723362 7656bd956876056e532df9ecaec97471
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_mips.deb
      Size/MD5 checksum:   154588 8645620716b8d688475fd2ca631ab986
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_mips.deb
      Size/MD5 checksum:    94788 40066b71cfc3a122453e130e537c2302

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_mipsel.deb
      Size/MD5 checksum:   458076 1ac138ade7fd91253806ae4d8480154b
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_mipsel.deb
      Size/MD5 checksum:  4460986 7e9ca725df417dae65208e865ea329d6
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_mipsel.deb
      Size/MD5 checksum:   154606 ce8c4b32631676bc7817c3f4dfa5f6ca
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_mipsel.deb
      Size/MD5 checksum:    94696 d9525ded73ae609c0dc7672f1279626a

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_powerpc.deb
      Size/MD5 checksum:   455752 8e5806f6f6a86f8b066c6366fbdaacfe
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_powerpc.deb
      Size/MD5 checksum:  5067972 c832d4ee9e201fffe698c4e5e8c064d6
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_powerpc.deb
      Size/MD5 checksum:   154602 ec05dd9cb9fda2cb532fc4a02b73870d
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_powerpc.deb
      Size/MD5 checksum:    94360 811445845ed5bc677c68597f4dc57553

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_s390.deb
      Size/MD5 checksum:   479716 1f9523a1563752c8b3f3ae3b77ee9e15
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_s390.deb
      Size/MD5 checksum:  5621732 36e4ce1ddaf99edf598933bc8af19c7b
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_s390.deb
      Size/MD5 checksum:   154590 5b08647010fc5275a27ded68e63d4859
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_s390.deb
      Size/MD5 checksum:    99946 93cb4151f77499728d2734c64a04f8c2


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
State-of-the-art spear phishing and defenses
Linux kernel source code repositories get better security
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.