[SECURITY] [DSA 2201-1] wireshark security update

2011-03-2321:51:30

lists.debian.org

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.01 Low

EPSS

Percentile

83.2%

JSON

Debian Security Advisory DSA-2201-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
March 23, 2011 http://www.debian.org/security/faq

Package : wireshark
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-0538 CVE-2011-0713 CVE-2011-1139 CVE-2011-1140 CVE-2011-1141

Huzaifa Sidhpurwala, Joernchen, and Xiaopeng Zhang discovered several
vulnerabilities in the Wireshark network traffic analyzer.
Vulnerabilities in the DCT3, LDAP and SMB dissectors and in the code to
parse pcag-ng files could lead to denial of service or the execution of
arbitrary code.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.0.2-3+lenny13.

For the stable distribution (squeeze), this problem has been fixed in
version 1.2.11-6+squeeze1

For the unstable distribution (sid), this problem has been fixed in
version 1.4.4-1.

We recommend that you upgrade your wireshark packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian5i386wireshark-common< 1.0.2-3+lenny13wireshark-common_1.0.2-3+lenny13_i386.deb
Debian5powerpcwireshark-common< 1.0.2-3+lenny13wireshark-common_1.0.2-3+lenny13_powerpc.deb
Debian6i386wireshark-dbg< 1.2.11-6+squeeze1wireshark-dbg_1.2.11-6+squeeze1_i386.deb
Debian6i386wireshark-dev< 1.2.11-6+squeeze1wireshark-dev_1.2.11-6+squeeze1_i386.deb
Debian6ia64wireshark< 1.2.11-6+squeeze1wireshark_1.2.11-6+squeeze1_ia64.deb
Debian6sparcwireshark-common< 1.2.11-6+squeeze1wireshark-common_1.2.11-6+squeeze1_sparc.deb
Debian5hppawireshark-dev< 1.0.2-3+lenny13wireshark-dev_1.0.2-3+lenny13_hppa.deb
Debian6kfreebsd-amd64tshark< 1.2.11-6+squeeze1tshark_1.2.11-6+squeeze1_kfreebsd-amd64.deb
Debian6powerpcwireshark-common< 1.2.11-6+squeeze1wireshark-common_1.2.11-6+squeeze1_powerpc.deb
Debian6powerpcwireshark< 1.2.11-6+squeeze1wireshark_1.2.11-6+squeeze1_powerpc.deb

OS	Version	Architecture	Package	Version	Filename
Debian	5	i386	wireshark-common	< 1.0.2-3+lenny13	wireshark-common_1.0.2-3+lenny13_i386.deb
Debian	5	powerpc	wireshark-common	< 1.0.2-3+lenny13	wireshark-common_1.0.2-3+lenny13_powerpc.deb
Debian	6	i386	wireshark-dbg	< 1.2.11-6+squeeze1	wireshark-dbg_1.2.11-6+squeeze1_i386.deb
Debian	6	i386	wireshark-dev	< 1.2.11-6+squeeze1	wireshark-dev_1.2.11-6+squeeze1_i386.deb
Debian	6	ia64	wireshark	< 1.2.11-6+squeeze1	wireshark_1.2.11-6+squeeze1_ia64.deb
Debian	6	sparc	wireshark-common	< 1.2.11-6+squeeze1	wireshark-common_1.2.11-6+squeeze1_sparc.deb
Debian	5	hppa	wireshark-dev	< 1.0.2-3+lenny13	wireshark-dev_1.0.2-3+lenny13_hppa.deb
Debian	6	kfreebsd-amd64	tshark	< 1.2.11-6+squeeze1	tshark_1.2.11-6+squeeze1_kfreebsd-amd64.deb
Debian	6	powerpc	wireshark-common	< 1.2.11-6+squeeze1	wireshark-common_1.2.11-6+squeeze1_powerpc.deb
Debian	6	powerpc	wireshark	< 1.2.11-6+squeeze1	wireshark_1.2.11-6+squeeze1_powerpc.deb