-
Committer:
Bazaar Package Importer
-
Author(s):
Emanuele Gentili
-
Date:
2008-03-24 03:21:13 UTC
-
Revision ID:
james.westby@ubuntu.com-20080324032113-d1j4zykc3du9kg4l
Tags: 0.99.6rel-3ubuntu0.2
* SECURITY UPDATE: (LP: #172283)
+ CVE-2007-6438
- Vulnerability in the SMB dissector in Wireshark 0.99.6 allows remote
attackers to cause a denial of service via unknown vectors.
+ CVE-2007-6539
- Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause
a denial of service (infinite or large loop) via the (1) IPv6 or (2)
USB dissector, which can trigger resource consumption or a crash.
+ CVE-2007-6441
- The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows
remote attackers to cause a denial of service (crash) via unknown
vectors related to "unaligned access on some platforms."
+ CVE-2007-6450
- The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6
allows remote attackers to cause a denial of service (infinite loop)
via unknown vectors.
+ CVE-2007-6451
- vulnerability in the CIP dissector in Wireshark (formerly Ethereal)
0.9.14 to 0.99.6 allows remote attackers to cause a denial of service
(crash) via unknown vectors that trigger allocation of large amounts
of memory.
+ CVE-2008-1070
- The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through
0.99.7 allows remote attackers to cause a denial of service (crash)
via a malformed packet.
+ CVE-2008-1071
- The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through
0.99.7 allows remote attackers to cause a denial of service (crash)
via a malformed packet. (not vulnerable in Gutsy)
+ CVE-2008-1072
- The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through
0.99.7, when running on Ubuntu 7.10, allows remote attackers to caus
e a denial of service (crash or memory consumption) via a malformed
packet, possibly related to a Cairo library bug.
+ debian/patches/13_CVE-2007-6438.dpatch
- Applied patch by upstream
- http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
dissectors/packet-smb.c?r1=23412&r2=23593&pathrev=23593
+ debian/patches/13_CVE-2007-6439.dpatch
- Applied patch by upstream
- http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
dissectors/packet-ipv6.c?r1=23412&r2=23593&pathrev=23593
- http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
dissectors/packet-usb.c?r1=23412&r2=23593&pathrev=23593
+ debian/patches/13_CVE-2007-6441.dpatch
- Applied patch by upstream
- http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/plugins/
wimax/wimax_bits.h?r1=23412&r2=23787&pathrev=23555
+ debian/patches/13_CVE-2007-6450.dpatch
- Applied patch by upstream
- http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
dissectors/packet-rpl.c?r1=23412&r2=23687&pathrev=23687
+ debian/patches/13_CVE-2007-6451.dpatch
- Applied patch by upstream
- http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
dissectors/packet-cip.c?r1=23412&r2=12070&pathrev=12070
+ debian/patches/14_CVE-2008-1070.dpatch
- Applied patch by upastream
- http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
dissectors/packet-sctp.c?r1=24295&r2=24471&pathrev=24563
+ debian/patches/14_CVE-2008-1072.dpatch
- Applied patch by upstream
- http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
dissectors/packet-tftp.c?r1=23412&r2=23962&pathrev=23962
* References
+ http://www.wireshark.org/security/wnpa-sec-2007-03.html
- CVE-2007-6438
- CVE-2007-6439
- CVE-2007-6441
- CVE-2007-6450
- CVE-2007-6451
+ http://www.wireshark.org/security/wnpa-sec-2008-01.html
- CVE-2008-1070
- CVE-2008-1071 (not vulnerable in gutsy and not patched.)
- CVE-2008-1072