-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1049-1 security@debian.org http://www.debian.org/security/ Martin Schulze May 2nd, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : ethereal Vulnerability : several Problem type : remote Debian-specific: no CVE IDs : CVE-2006-1932 CVE-2006-1933 CVE-2006-1934 CVE-2006-1935 CVE-2006-1936 CVE-2006-1937 CVE-2006-1938 CVE-2006-1939 CVE-2006-1940 BugTraq ID : 17682 Gerald Combs reported several vulnerabilities in ethereal, a popular network traffic analyser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-1932 The OID printing routine is susceptible to an off-by-one error. CVE-2006-1933 The UMA and BER dissectors could go into an infinite loop. CVE-2006-1934 The Network Instruments file code could overrun a buffer. CVE-2006-1935 The COPS dissector contains a potential buffer overflow. CVE-2006-1936 The telnet dissector contains a buffer overflow. CVE-2006-1937 Bugs in the SRVLOC and AIM dissector, and in the statistics counter could crash ethereal. CVE-2006-1938 Null pointer dereferences in the SMB PIPE dissector and when reading a malformed Sniffer capture could crash ethereal. CVE-2006-1939 Null pointer dereferences in the ASN.1, GSM SMS, RPC and ASN.1-based dissector and an invalid display filter could crash ethereal. CVE-2006-1940 The SNDCP dissector could cause an unintended abortion. For the old stable distribution (woody) these problems have been fixed in version 0.9.4-1woody15. For the stable distribution (sarge) these problems have been fixed in version 0.10.10-2sarge5. For the unstable distribution (sid) these problems have be fixed soon. We recommend that you upgrade your ethereal packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15.dsc Size/MD5 checksum: 683 f5bff4550f2712706891be0b33a5c319 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15.diff.gz Size/MD5 checksum: 47029 aa2c792d7c10aeb0afddace8dbcc3142 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz Size/MD5 checksum: 3278908 42e999daa659820ee93aaaa39ea1e9ea Alpha architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_alpha.deb Size/MD5 checksum: 1941176 c0bd9e770bd04be7e2ff5ea6cb2b0fa5 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_alpha.deb Size/MD5 checksum: 335152 95a1b229d7a6e79543194b82aff29c30 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_alpha.deb Size/MD5 checksum: 223422 54df193d5c200311f8f9276090036195 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_alpha.deb Size/MD5 checksum: 1708640 ab25aa5e1fee8e278f9c425829615309 ARM architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_arm.deb Size/MD5 checksum: 1636176 f82c9584151a33eef1b3693b8e67a631 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_arm.deb Size/MD5 checksum: 298738 421896ca7bd894b16420225f25248690 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_arm.deb Size/MD5 checksum: 207324 4427bba0d6eec28709ece4d090f4fbf5 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_arm.deb Size/MD5 checksum: 1440192 c26ae759afa2a89790e199ce3e1abfed Intel IA-32 architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_i386.deb Size/MD5 checksum: 1513692 0ea6ae18aad890b75e52e2033a8d7272 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_i386.deb Size/MD5 checksum: 287672 4a3da72b1f31bc66629cdf55ee1ea515 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_i386.deb Size/MD5 checksum: 199334 dada2cfb3d56156bd8eeb1085376fa64 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_i386.deb Size/MD5 checksum: 1327554 b4203d22fef4cfeb40d8902ddada1431 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_ia64.deb Size/MD5 checksum: 2150562 2613c355f9eaf55685e2628ce3dcaa96 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_ia64.deb Size/MD5 checksum: 374188 26efa65989409843726e4d25ec5d2220 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_ia64.deb Size/MD5 checksum: 234984 a19b594fae37f2b9ddf7b5e48b7eeaf2 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_ia64.deb Size/MD5 checksum: 1862538 f0c3877a52ee7e203684a69e8e1b7a16 HP Precision architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_hppa.deb Size/MD5 checksum: 1805158 f75ba9035748d6c56e31571451aa1fcb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_hppa.deb Size/MD5 checksum: 323506 53a83902125dab0c0951988ab7e3a52e http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_hppa.deb Size/MD5 checksum: 217950 3bb7ef272aae97afc95d5bc14731e95c http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_hppa.deb Size/MD5 checksum: 1576712 01eaa92aa7125d31d18d2d36c055e080 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_m68k.deb Size/MD5 checksum: 1425114 7dc8a68ec7e806877f95966ab39a64b3 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_m68k.deb Size/MD5 checksum: 283944 5d68f9b3b916d979f298c8a54478c8fa http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_m68k.deb Size/MD5 checksum: 196166 6c221c27973e2f44c71ff7e90c8be0ce http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_m68k.deb Size/MD5 checksum: 1249342 c5e31cc4eea91b0e9e2c634d1f87d21b Big endian MIPS architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_mips.deb Size/MD5 checksum: 1617562 0cbc2fd3db0d85516179a7488694f5bf http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_mips.deb Size/MD5 checksum: 306282 a0588f15ebdf26f8f9ebf78489a3f828 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_mips.deb Size/MD5 checksum: 214840 1a9f079bc38f12c5492da1161d70fd82 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_mips.deb Size/MD5 checksum: 1422372 1398d89817d64174dde7f554abbcaff1 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_mipsel.deb Size/MD5 checksum: 1599136 e17fec90a0bfe47abec4bbb6c067fce3 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_mipsel.deb Size/MD5 checksum: 305862 06c9e9a0b7a3b4eed475fa87c3f33d7e http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_mipsel.deb Size/MD5 checksum: 214510 707495648b0ec05fd635ebd40809c44d http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_mipsel.deb Size/MD5 checksum: 1407034 049872af7e26a2a3eed37f7d1b8da397 PowerPC architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_powerpc.deb Size/MD5 checksum: 1618582 0969944695575c38bfe97f0f1ec8fa4c http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_powerpc.deb Size/MD5 checksum: 302984 73905beb4fee0207c55ac2bf56600b28 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_powerpc.deb Size/MD5 checksum: 210170 5e6ed572204bf8e97cbd9163e26cb172 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_powerpc.deb Size/MD5 checksum: 1420014 ab01e06c2040e057bc511667bbf941ea IBM S/390 architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_s390.deb Size/MD5 checksum: 1575414 2bfa67f145a98258ea0ca34e336ab528 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_s390.deb Size/MD5 checksum: 301808 167cc96dab3135a280b7b13c2758223c http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_s390.deb Size/MD5 checksum: 205232 d4c8a9b70a29fccfcb493c9458799a40 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_s390.deb Size/MD5 checksum: 1388106 1ed73c9d9980171c4f8eaa8532778d8e Sun Sparc architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_sparc.deb Size/MD5 checksum: 1583892 ac3be0a8fc225d51d27aee15caeb077c http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_sparc.deb Size/MD5 checksum: 319082 841f2a50f55bc67df857f2481a3f92d2 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_sparc.deb Size/MD5 checksum: 205974 c59519dbf11aa5f56c731a16e20acdda http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_sparc.deb Size/MD5 checksum: 1390150 bdf573848be36b6ed3165c5d75a3f29d Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5.dsc Size/MD5 checksum: 858 55a58ea14ca887cc2dfeec270bb11561 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5.diff.gz Size/MD5 checksum: 172040 46280d94fb41aa0b736d35f0186e60ef http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz Size/MD5 checksum: 7411510 e6b74468412c17bb66cd459bfb61471c Alpha architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_alpha.deb Size/MD5 checksum: 542638 3de386402c0ee496cbc5bd3b491c302a http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_alpha.deb Size/MD5 checksum: 5475346 02b5d6d19cdec4961215ac98e6cdd7e1 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_alpha.deb Size/MD5 checksum: 154312 ceb6ee17ab969db103347a9d275644ef http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_alpha.deb Size/MD5 checksum: 105846 24e4e919dc119af96a7780b41f8d9e32 AMD64 architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_amd64.deb Size/MD5 checksum: 486106 c972edd617e2cca42380a76c65d733dc http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_amd64.deb Size/MD5 checksum: 5334006 558ff699cf05fe2cd3bf07c5e6adb106 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_amd64.deb Size/MD5 checksum: 154310 d7307316882b8af56a553ae661910fed http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_amd64.deb Size/MD5 checksum: 99140 4e3efe5e09d720a5e30572ad4d3d33e6 ARM architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_arm.deb Size/MD5 checksum: 472542 be6a76f72e5ffabee250b42c24f982fb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_arm.deb Size/MD5 checksum: 4686232 637e1824c42a2ae44cfd699344448309 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_arm.deb Size/MD5 checksum: 154330 c7bed2201c069908da4c6e5df9e5047c http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_arm.deb Size/MD5 checksum: 95104 382ee4fa876cf4ca1aeb74bd69b93ff1 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_i386.deb Size/MD5 checksum: 443180 b0a5f623a201cd807ae1da8977d9ea5e http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_i386.deb Size/MD5 checksum: 4495948 8a96bb9faa906c50bf57b1fdc8df3cbc http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_i386.deb Size/MD5 checksum: 154312 85dd88fd93b4451f8f727b5a95983527 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_i386.deb Size/MD5 checksum: 90532 8c089e8bbd339dd1a4b7541b20b8c683 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_ia64.deb Size/MD5 checksum: 674048 2dc16c501bb13d4a9fac22bd0d46ad5c http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_ia64.deb Size/MD5 checksum: 6627824 238c462588134eb5b351b52ad720d584 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_ia64.deb Size/MD5 checksum: 154306 1eb55c9c9068752971ab0871a77bd661 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_ia64.deb Size/MD5 checksum: 128724 7c04bc28c4bd99d6464efbfee112515c HP Precision architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_hppa.deb Size/MD5 checksum: 488920 99725a317fcdc7b6cdb444ce922cc48f http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_hppa.deb Size/MD5 checksum: 5786134 143e9e89865995d2763eb11de40086e3 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_hppa.deb Size/MD5 checksum: 154340 0bacc6d1202a966d3f68472a99b81c55 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_hppa.deb Size/MD5 checksum: 98030 f4ebbd89e4e728abef8cc6c9f97f1f8b Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_m68k.deb Size/MD5 checksum: 447424 eff5a596b7648649dc4983d3fcae0112 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_m68k.deb Size/MD5 checksum: 5564316 6d378f14862d6de83162b14e4d81a48d http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_m68k.deb Size/MD5 checksum: 154378 d0620b1cdd51a8fe59b46a6003481e52 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_m68k.deb Size/MD5 checksum: 90548 8bc91b64b63b44e19e006a4bf506553c Big endian MIPS architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_mips.deb Size/MD5 checksum: 462302 c1c320cc88f930f6335be5268cfa3b05 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_mips.deb Size/MD5 checksum: 4722898 c301653c8be5e563de9e97efdb740080 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_mips.deb Size/MD5 checksum: 154330 d71e4632c48fb395446749786f8db366 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_mips.deb Size/MD5 checksum: 94354 ad11352de2c17df2c092474eed1c5473 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_mipsel.deb Size/MD5 checksum: 457580 03034cef09a07e434a474bca2b923c0b http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_mipsel.deb Size/MD5 checksum: 4459718 9e871979481810bbfbbeb580f935da90 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_mipsel.deb Size/MD5 checksum: 154314 b854bd978b90440301a2416ced863ed9 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_mipsel.deb Size/MD5 checksum: 94262 6c91edd661a6ec3b7db42c201494898a PowerPC architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_powerpc.deb Size/MD5 checksum: 455296 e4ea400be56f6c9cd743e4be344c2401 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_powerpc.deb Size/MD5 checksum: 5066916 f2b0f6b96d0dfce11d85a8a7d95c0434 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_powerpc.deb Size/MD5 checksum: 154310 ed3b54822bf824812fd1bdafada04a13 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_powerpc.deb Size/MD5 checksum: 93982 8bda085946c6a883938492e8c96b1636 IBM S/390 architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_s390.deb Size/MD5 checksum: 479364 fb07e0e6e6985780eeabcb8b91108600 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_s390.deb Size/MD5 checksum: 5620226 71156fa57a0679fa75e824b7c830b17c http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_s390.deb Size/MD5 checksum: 154316 7f686ed7c1c505f2addc401878988380 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_s390.deb Size/MD5 checksum: 99570 42200d3bf40bc90f7d2b2073cc6bd9aa Sun Sparc architecture: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_sparc.deb Size/MD5 checksum: 464956 9dd7c8b97c13c43fceaaa4fe6b2ce03d http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_sparc.deb Size/MD5 checksum: 5128390 315b2acfa8c9192b1831c067b20a7720 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_sparc.deb Size/MD5 checksum: 154324 49965a9ebadab664b0b7e93cbe90343f http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_sparc.deb Size/MD5 checksum: 93458 9c5f0182f18b8aca3e3c0acd22569db8 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEVxJQW5ql+IAeqTIRAoS2AJ9H/QhXBjTO5K1KPwijhAwBVBE2WACdFz/X lkSYmodsoONReuRtFGB9Jdg= =y0oD -----END PGP SIGNATURE-----