Bulletin d'alerte Debian

DSA-1414-1 wireshark -- Plusieurs vulnérabilités

Date du rapport:

27 novembre 2007

Paquets concernés:

wireshark

Vulnérabilité:

Oui

Références dans la base de données de sécurité:

Dans le dictionnaire CVE du Mitre : CVE-2007-6114, CVE-2007-6117, CVE-2007-6118, CVE-2007-6120, CVE-2007-6121.

Pour plus d'information:

Plusieurs vulnérabilités ont été découvertes dans l'analyseur de trafic réseau Wireshark. Cela peut conduire à un déni de service ou à l'exécution de code arbitraire. Le projet des expositions et vulnérabilités communes (CVE) identifie les problèmes suivants :

CVE-2007-6114
Stefan Esser a découvert un débordement de mémoire tampon dans les dissecteur SSL. Fabiodds a découvert un débordement de mémoire tampon dans le dissecteur de traces iSeries.
CVE-2007-6117
Une erreur de programmation a été découverte dans le dissecteur HTTP. Cela peut conduire à un déni de service.
CVE-2007-6118
Il est possible de tromper le dissecteur MEGACO et lui faire épuiser les ressources.
CVE-2007-6120
Il est possible de tromper le dissecteur SDP Bluetooth et le faire entrer dans une boucle infinie.
CVE-2007-6121
Il est possible de tromper le dissecteur portmap RPC et lui faire déréférencer un pointeur vide.

Pour l'ancienne distribution stable (Sarge), ces problèmes ont été corrigés dans la version 0.10.10-2sarge10. Dans Sarge Wireshark s'appelait Ethereal. Les paquets mis à jour pour les architectures sparc et m68k seront fournis ultérieurement.

Pour la distribution stable (Etch), ces problèmes ont été corrigés dans la version 0.99.4-5.etch.1. Les paquets mis à jour pour l'architecture sparc seront fournis ultérieurement.

Nous vous recommandons de mettre à jour vos paquets wireshark et ethereal.

Corrigé dans:

Debian GNU/Linux 3.1 (oldstable)

Source :: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10.dsc; http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10.diff.gz; http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_alpha.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_alpha.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_alpha.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_amd64.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_amd64.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_amd64.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_arm.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_arm.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_arm.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_arm.deb
HP Precision:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_hppa.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_hppa.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_hppa.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_hppa.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_i386.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_i386.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_i386.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_ia64.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_ia64.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_ia64.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_ia64.deb
Big-endian MIPS:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_mips.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_mips.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_mips.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_mips.deb
Little-endian MIPS:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_mipsel.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_mipsel.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_mipsel.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_powerpc.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_powerpc.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_powerpc.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_s390.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_s390.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_s390.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_s390.deb

Debian GNU/Linux 4.0 (etch)

Source :: http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4.orig.tar.gz; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1.dsc; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1.diff.gz
Alpha:: http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_alpha.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_alpha.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_alpha.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_alpha.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_alpha.deb; http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_alpha.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_alpha.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_amd64.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_amd64.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_amd64.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_amd64.deb; http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_amd64.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_amd64.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_amd64.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_arm.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_arm.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_arm.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_arm.deb; http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_arm.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_arm.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_arm.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_arm.deb
HP Precision:: http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_hppa.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_hppa.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_hppa.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_hppa.deb; http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_hppa.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_hppa.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_hppa.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_hppa.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_i386.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_i386.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_i386.deb; http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_i386.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_i386.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_i386.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_i386.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_ia64.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_ia64.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_ia64.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_ia64.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_ia64.deb; http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_ia64.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_ia64.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_ia64.deb
Big-endian MIPS:: http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_mips.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_mips.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_mips.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_mips.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_mips.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_mips.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_mips.deb; http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_mips.deb
Little-endian MIPS:: http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_mipsel.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_mipsel.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_mipsel.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_mipsel.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_mipsel.deb; http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_mipsel.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_mipsel.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_powerpc.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_powerpc.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_powerpc.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_powerpc.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_powerpc.deb; http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_powerpc.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_powerpc.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_s390.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_s390.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_s390.deb; http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_s390.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_s390.deb; http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_s390.deb; http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_s390.deb; http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_s390.deb

Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.