[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:39143] Forward: [SECURITY] [DSA 407-1] New ethereal packages fix several vulnerabilities



現在の Debian 安定版 (3.0 woody) にセキュリティに関する深刻な問題が発見
されました。

対象パッケージ: ethereal

対処済みのパッケージに更新するには、

deb http://security.debian.org/ stable/updates main contrib non-free

を /etc/apt/sources.list に追加し、

apt-get update ; apt-get upgrade

を実行してください。

詳細については添付のアナウンスをご覧ください。

--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 407-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 5th, 2004                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : ethereal
Vulnerability  : buffer overflows
Problem-Type   : remote
Debian-specific: no
CVE IDs        : CAN-2003-0925 CAN-2003-0926 CAN-2003-0927 CAN-2003-1012 CAN-2003-1013

Several vulnerabilities were discovered upstream in ethereal, a
network traffic analyzer.  The Common Vulnerabilities and Exposures
project identifies the following problems:

CAN-2003-0925

   A buffer overflow allows remote attackers to cause a denial of
   service and possibly execute arbitrary code via a malformed GTP
   MSISDN string.

CAN-2003-0926

   Via certain malformed ISAKMP or MEGACO packets remote attackers are
   able to cause a denial of service (crash).

CAN-2003-0927

   A heap-based buffer overflow allows remote attackers to cause a
   denial of service (crash) and possibly execute arbitrary code via
   the SOCKS dissector.

CAN-2003-1012

   The SMB dissector allows remote attackers to cause a denial of
   service via a malformed SMB packet that triggers a segmentation
   fault during processing of selected packets.

CAN-2003-1013

   The Q.931 dissector allows remote attackers to cause a denial of
   service (crash) via a malformed Q.931, which triggers a null
   dereference.

For the stable distribution (woody) this problem has been fixed in
version 0.9.4-1woody6.

For the unstable distribution (sid) this problem has been fixed in
version 0.10.0-1.

We recommend that you upgrade your ethereal and tethereal packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6.dsc
      Size/MD5 checksum:      679 6c3d2beab693578b827bc0c2ecc13eb2
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6.diff.gz
      Size/MD5 checksum:    37597 7456c1b4708a869295bb71480300370d
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
      Size/MD5 checksum:  3278908 42e999daa659820ee93aaaa39ea1e9ea

  Alpha architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_alpha.deb
      Size/MD5 checksum:  1940256 e8a45a24a24a145f2870d65b26fdda20
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_alpha.deb
      Size/MD5 checksum:   334238 0035322af1972fa6c1547e881b5b27fa
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_alpha.deb
      Size/MD5 checksum:   222006 da4e9538a37ac5dd740010b828afed8b
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_alpha.deb
      Size/MD5 checksum:  1706878 3c2e6c03f6383f3ae8d599a01853c344

  ARM architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_arm.deb
      Size/MD5 checksum:  1634664 f5f5d2aeba5fa26ac8d6b722f4d52b39
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_arm.deb
      Size/MD5 checksum:   297294 267317a8d6f43f009673f3e9864e0308
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_arm.deb
      Size/MD5 checksum:   205964 fe0528d0ee4b0922d1a449f9c12c0b81
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_arm.deb
      Size/MD5 checksum:  1439166 390f1e6d9173454162195c47a10c6a0e

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_i386.deb
      Size/MD5 checksum:  1512408 b9efde468cca1ddd6b731a3b343bd51d
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_i386.deb
      Size/MD5 checksum:   286370 c618774e3718d11d94347b0d66f72af4
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_i386.deb
      Size/MD5 checksum:   198298 a7c01d2560880e783e899cd623a27e7a
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_i386.deb
      Size/MD5 checksum:  1325838 a7706f7f82b44a30d4a99b299c58b4ca

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_ia64.deb
      Size/MD5 checksum:  2150174 e2aba915304534ac4fbb060a2552d9c6
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_ia64.deb
      Size/MD5 checksum:   373042 f06169aeefd918e4e5b809393edb8dc2
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_ia64.deb
      Size/MD5 checksum:   233630 e7f788d020319a8147beb4172cdc736f
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_ia64.deb
      Size/MD5 checksum:  1860802 6c8ef685b4e61f34a0146eb6fc666fdb

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_hppa.deb
      Size/MD5 checksum:  1803668 213d7f4221de714ee5c4ef938d0bae54
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_hppa.deb
      Size/MD5 checksum:   322334 b6ebeeb39d2d57c0ed664f65389e55a2
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_hppa.deb
      Size/MD5 checksum:   216804 fd2e27b35aedd419a12db17bee96c596
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_hppa.deb
      Size/MD5 checksum:  1575270 f3ed65cc62fb1155e8e38a25320d0614

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_m68k.deb
      Size/MD5 checksum:  1424112 69cccce7cf5ead38369e6d508031d821
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_m68k.deb
      Size/MD5 checksum:   282604 e5c3264948cd2cad0c159893173f0748
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_m68k.deb
      Size/MD5 checksum:   195028 647f483dbf79dc47a95d48d105d6a7c4
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_m68k.deb
      Size/MD5 checksum:  1248072 8085433927ed54f1c1c8196d7c835709

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_mips.deb
      Size/MD5 checksum:  1616398 9a41bb228b9b33894825d6cfd2bba741
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_mips.deb
      Size/MD5 checksum:   305168 b4a94497386ab45e0494c7980def8e3e
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_mips.deb
      Size/MD5 checksum:   213590 20a3ad3d4b5126890aa23179c1730f1a
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_mips.deb
      Size/MD5 checksum:  1421550 ad0decba7ea5907e6a3149cacbc178f8

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_mipsel.deb
      Size/MD5 checksum:  1596866 0321997c79a03298c65548bb5687e87d
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_mipsel.deb
      Size/MD5 checksum:   304676 9a3fad3fe8394ae63f79d09580b41b39
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_mipsel.deb
      Size/MD5 checksum:   213222 28bfeefdf54278545c2c132fe381dc12
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_mipsel.deb
      Size/MD5 checksum:  1405698 182282caefb7aaf8025559894d7b9801

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_powerpc.deb
      Size/MD5 checksum:  1617784 38000a653b7da7552904e66b8c736ecc
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_powerpc.deb
      Size/MD5 checksum:   301846 70dede9038a6098642119765c87f6f80
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_powerpc.deb
      Size/MD5 checksum:   208786 d69f6942493800fd491e90605d0be931
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_powerpc.deb
      Size/MD5 checksum:  1418638 9394c10dff060a961329382c7a3433ad

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_s390.deb
      Size/MD5 checksum:  1574214 a21cbd59b1d36e14da777da012768f21
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_s390.deb
      Size/MD5 checksum:   300674 49a6af1c59fe07065267ebc5deecc8b8
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_s390.deb
      Size/MD5 checksum:   203854 077f9492da7509958c890e598edadf14
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_s390.deb
      Size/MD5 checksum:  1386518 d99962a50a8fafc9c509a67adb3399be

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_sparc.deb
      Size/MD5 checksum:  1582634 d0a792b3c2428ac28476799e888cef98
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_sparc.deb
      Size/MD5 checksum:   317982 936008ca75fecdec66519475f8466525
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_sparc.deb
      Size/MD5 checksum:   204626 2633099c059446cff5d41703718fb7bf
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_sparc.deb
      Size/MD5 checksum:  1388944 ede08f8bc62f1a5141a0bb2ed2ceea1d


  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/+TD0W5ql+IAeqTIRAqbDAJ94AyY1dCtH0gsTSd+lPuuNsgsYnACdGQXl
ukugrDm00ja/05LtjROk2ys=
=4uYr
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

--- End Message ---