Package: wireshark Version: 0.99.2-5 Severity: critical Tags: security Justification: root security hole
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - From <http://www.wireshark.org/security/wnpa-sec-2006-02.html>: Wireshark 0.99.3 fixes the following vulnerabilities: * The SCSI dissector could crash. Versions affected: 0.99.2. CVE: CVE-2006-4330 * If Wireshark was compiled with ESP decryption support, the IPsec ESP preference parser was susceptible to off-by-one errors. Versions affected: 0.99.2. CVE: CVE-2006-4331 * The DHCP dissector (and possibly others) in the Windows version of Wireshark could trigger a bug in Glib and crash. Versions affected: 0.10.13 - 0.99.2. CVE: CVE-2006-4332 * If the SSCOP dissector has a port range configured and the SSCOP payload protocol is Q.2931, a malformed packet could make the Q.2931 dissector use up available memory. No port range is configured by default. Versions affected: 0.7.9 - 0.99.2. CVE: CVE-2006-4333 It may be possible to make Wireshark or Ethereal crash, use up available memory, or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file. - -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (530, 'testing'), (520, 'unstable'), (510, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-2-k7 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages wireshark depends on: ii libadns1 1.1-4 Asynchronous-capable DNS client li ii libatk1.0-0 1.12.1-1 The ATK accessibility toolkit ii libc6 2.3.6-15 GNU C Library: Shared libraries ii libcairo2 1.2.4-1 The Cairo 2D vector graphics libra ii libcap1 1:1.10-14 support for getting/setting POSIX. ii libcomerr2 1.39-1 common error description library ii libfontconfig1 2.3.2-7 generic font configuration library ii libglib2.0-0 2.12.2-1 The GLib library of C routines ii libgnutls13 1.4.2-1 the GNU TLS library - runtime libr ii libgtk2.0-0 2.8.20-1 The GTK+ graphical user interface ii libkrb53 1.4.3-9 MIT Kerberos runtime libraries ii libpango1.0-0 1.12.3-1+b1 Layout and rendering of internatio ii libpcap0.8 0.9.4-2 System interface for user-level pa ii libpcre3 6.4-2 Perl 5 Compatible Regular Expressi ii libx11-6 2:1.0.0-8 X11 client-side library ii libxcursor1 1.1.5.2-5 X cursor management library ii libxext6 1:1.0.0-4 X11 miscellaneous extension librar ii libxfixes3 1:3.0.1.2-4 X11 miscellaneous 'fixes' extensio ii libxi6 1:1.0.0-5 X11 Input extension library ii libxinerama1 1:1.0.1-4 X11 Xinerama extension library ii libxrandr2 2:1.1.0.2-4 X11 RandR extension library ii libxrender1 1:0.9.0.2-4 X Rendering Extension client libra ii wireshark-common 0.99.2-5 network traffic analyser (common f ii zlib1g 1:1.2.3-13 compression library - runtime Versions of packages wireshark recommends: ii gksu 1.9.2-1 graphical frontend to su - -- no debconf information -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFE7hgxshl/216gEHgRAu53AJ9mdfcbd4gDSg+ce54B48jH4ASXtQCeMKOO RkEzJd3JY+tHSy1EgOZPIJg= =we6s -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
