wireshark 0.99.6rel-3ubuntu0.2 source package in Ubuntu

Changelog

wireshark (0.99.6rel-3ubuntu0.2) gutsy-security; urgency=low

  * SECURITY UPDATE: (LP: #172283)
   + CVE-2007-6438
    - Vulnerability in the SMB dissector in Wireshark 0.99.6 allows remote
      attackers to cause a denial of service via unknown vectors.
   + CVE-2007-6539
    - Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause
      a denial of service (infinite or large loop) via the (1) IPv6 or (2)
      USB dissector, which can trigger resource consumption or a crash.
   + CVE-2007-6441
    - The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows
      remote attackers to cause a denial of service (crash) via unknown
      vectors related to "unaligned access on some platforms."
   + CVE-2007-6450
    - The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6
      allows remote attackers to cause a denial of service (infinite loop)
      via unknown vectors.
   + CVE-2007-6451
    - vulnerability in the CIP dissector in Wireshark (formerly Ethereal)
      0.9.14 to 0.99.6 allows remote attackers to cause a denial of service
      (crash) via unknown vectors that trigger allocation of large amounts
      of memory.
   + CVE-2008-1070
    - The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through
      0.99.7 allows remote attackers to cause a denial of service (crash)
      via a malformed packet.
   + CVE-2008-1071
    - The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through
      0.99.7 allows remote attackers to cause a denial of service (crash)
      via a malformed packet. (not vulnerable in Gutsy)
   + CVE-2008-1072
    - The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through
      0.99.7, when running on Ubuntu 7.10, allows remote attackers to caus
      e a denial of service (crash or memory consumption) via a malformed
      packet, possibly related to a Cairo library bug.

   + debian/patches/13_CVE-2007-6438.dpatch
    - Applied patch by upstream
    - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
      dissectors/packet-smb.c?r1=23412&r2=23593&pathrev=23593
   + debian/patches/13_CVE-2007-6439.dpatch
    - Applied patch by upstream
    - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
      dissectors/packet-ipv6.c?r1=23412&r2=23593&pathrev=23593
    - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
      dissectors/packet-usb.c?r1=23412&r2=23593&pathrev=23593
   + debian/patches/13_CVE-2007-6441.dpatch
    - Applied patch by upstream
    - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/plugins/
      wimax/wimax_bits.h?r1=23412&r2=23787&pathrev=23555
   + debian/patches/13_CVE-2007-6450.dpatch
    - Applied patch by upstream
    - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
      dissectors/packet-rpl.c?r1=23412&r2=23687&pathrev=23687
   + debian/patches/13_CVE-2007-6451.dpatch
    - Applied patch by upstream
    - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
      dissectors/packet-cip.c?r1=23412&r2=12070&pathrev=12070
   + debian/patches/14_CVE-2008-1070.dpatch
    - Applied patch by upastream
    - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
      dissectors/packet-sctp.c?r1=24295&r2=24471&pathrev=24563
   + debian/patches/14_CVE-2008-1072.dpatch
    - Applied patch by upstream
    - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
      dissectors/packet-tftp.c?r1=23412&r2=23962&pathrev=23962

  * References
   + http://www.wireshark.org/security/wnpa-sec-2007-03.html
    - CVE-2007-6438
    - CVE-2007-6439
    - CVE-2007-6441
    - CVE-2007-6450
    - CVE-2007-6451
   + http://www.wireshark.org/security/wnpa-sec-2008-01.html
    - CVE-2008-1070
    - CVE-2008-1071 (not vulnerable in gutsy and not patched.)
    - CVE-2008-1072

 -- Emanuele Gentili <email address hidden>   Mon, 24 Mar 2008 03:21:13 +0100