Ubuntu
wireshark package

lp:ubuntu/gutsy-security/wireshark

  1. Gutsy (7.10)
  2. gutsy-security
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/gutsy-security/wireshark
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

18. By Stefan Lesicnik

* SECURITY UPDATE: The dissect_btacl function in packet-bthci_acl.c in the
  Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote
  attackers to cause a denial of service (application crash or abort) via
  a packet with an invalid length, related to an erroneous tvb_memcpy call.
  (LP #290716)
  - debian/patches/33_CVE-2008-4683.dpatch - buffer check to prevent
    overflow - Jeff Morris.
  - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk
  - Revision: 25195
  - Included patch not listed by CVE to prevent memory overflow in
    bluetooth dissector - Jeff Morris.
  - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk
  - Revision: 25196
  - CVE-2008-4683
* SECURITY UPDATE: packet-frame in Wireshark 0.99.2 through 1.0.3 does not
  properly handle exceptions thrown by post dissectors, which allows
  remote attackers to cause a denial of service (application crash) via
  a certain series of packets, as demonstrated by enabling the (1) PRP
  or (2) MATE post dissector. (LP #290716)
  - debian/patches/34_CVE-2008-4684.dpatch - Catch errors given
    post dissectors - Jeff Morris, wmeier
  - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk
  - Revision: 25339, 25342, 25344
  - CVE-2008-4684
* SECURITY UPDATE: Use-after-free vulnerability in the dissect_q931_cause_ie
  function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3
  through 1.0.3 allows remote attackers to cause a denial of service (application
  crash or abort) via certain packets that trigger an exception. (LP #290716)
  - debian/patches/35_CVE-2008-4685.dpatch - Wrap dissect_q931_cause_ie() in
    which clears the have_valid_q931_pi semaphore - Jaap Keuter.
  - Cherrypicked from http://anonsvn.wireshark.org/wireshark/trunk
  - Included as was detected as vulnerable even although CVE says otherwise.
  - Revision: 26190
  - CVE-2008-4685

17. By Emanuele Gentili

* SECURITY UPDATE: (LP: #172283)
 + CVE-2007-6438
  - Vulnerability in the SMB dissector in Wireshark 0.99.6 allows remote
    attackers to cause a denial of service via unknown vectors.
 + CVE-2007-6539
  - Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause
    a denial of service (infinite or large loop) via the (1) IPv6 or (2)
    USB dissector, which can trigger resource consumption or a crash.
 + CVE-2007-6441
  - The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows
    remote attackers to cause a denial of service (crash) via unknown
    vectors related to "unaligned access on some platforms."
 + CVE-2007-6450
  - The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6
    allows remote attackers to cause a denial of service (infinite loop)
    via unknown vectors.
 + CVE-2007-6451
  - vulnerability in the CIP dissector in Wireshark (formerly Ethereal)
    0.9.14 to 0.99.6 allows remote attackers to cause a denial of service
    (crash) via unknown vectors that trigger allocation of large amounts
    of memory.
 + CVE-2008-1070
  - The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through
    0.99.7 allows remote attackers to cause a denial of service (crash)
    via a malformed packet.
 + CVE-2008-1071
  - The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through
    0.99.7 allows remote attackers to cause a denial of service (crash)
    via a malformed packet. (not vulnerable in Gutsy)
 + CVE-2008-1072
  - The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through
    0.99.7, when running on Ubuntu 7.10, allows remote attackers to caus
    e a denial of service (crash or memory consumption) via a malformed
    packet, possibly related to a Cairo library bug.

 + debian/patches/13_CVE-2007-6438.dpatch
  - Applied patch by upstream
  - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
    dissectors/packet-smb.c?r1=23412&r2=23593&pathrev=23593
 + debian/patches/13_CVE-2007-6439.dpatch
  - Applied patch by upstream
  - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
    dissectors/packet-ipv6.c?r1=23412&r2=23593&pathrev=23593
  - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
    dissectors/packet-usb.c?r1=23412&r2=23593&pathrev=23593
 + debian/patches/13_CVE-2007-6441.dpatch
  - Applied patch by upstream
  - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/plugins/
    wimax/wimax_bits.h?r1=23412&r2=23787&pathrev=23555
 + debian/patches/13_CVE-2007-6450.dpatch
  - Applied patch by upstream
  - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
    dissectors/packet-rpl.c?r1=23412&r2=23687&pathrev=23687
 + debian/patches/13_CVE-2007-6451.dpatch
  - Applied patch by upstream
  - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
    dissectors/packet-cip.c?r1=23412&r2=12070&pathrev=12070
 + debian/patches/14_CVE-2008-1070.dpatch
  - Applied patch by upastream
  - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
    dissectors/packet-sctp.c?r1=24295&r2=24471&pathrev=24563
 + debian/patches/14_CVE-2008-1072.dpatch
  - Applied patch by upstream
  - http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/epan/
    dissectors/packet-tftp.c?r1=23412&r2=23962&pathrev=23962

* References
 + http://www.wireshark.org/security/wnpa-sec-2007-03.html
  - CVE-2007-6438
  - CVE-2007-6439
  - CVE-2007-6441
  - CVE-2007-6450
  - CVE-2007-6451
 + http://www.wireshark.org/security/wnpa-sec-2008-01.html
  - CVE-2008-1070
  - CVE-2008-1071 (not vulnerable in gutsy and not patched.)
  - CVE-2008-1072

16. By Stephan RĂ¼gamer

* SECURITY UPDATE: (LP: #164501)
  + CVE-2007-6121: Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows
    remote attackers to cause a denial of service (crash) via a malformed RPC
    Portmap packet.
  + CVE-2007-6120: The Bluetooth SDP dissector Wireshark (formerly Ethereal)
    0.99.2 to 0.99.6 allows remote attackers to cause a denial of service
    (infinite loop) via unknown vectors.
  + CVE-2007-6117: Unspecified vulnerability in the HTTP dissector for
    Wireshark (formerly Ethereal) 0.10.14 to 0.99.6 has unknown impact and remote
    attack vectors related to chunked messages.
  + CVE-2007-6114: Multiple buffer overflows in Wireshark (formerly
    Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of
    service (crash) and possibly execute arbitrary code via (1) the SSL dissector
    or (2) the iSeries (OS/400) Communication trace file parser.
  + CVE-2007-6113: Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows
    remote attackers to cause a denial of service (long loop) via a malformed DNP
    packet.
  + CVE-2007-6119: The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6
    allows remote attackers to cause a denial of service (long loop and
    resource consumption) via unknown vectors.
  + CVE-2007-6118: The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to
    0.99.6 allows remote attackers to cause a denial of service (long loop and
    resource consumption) via unknown vectors.
  + CVE-2007-6116: The Firebird/Interbase dissector in Wireshark (formerly Ethereal)
    0.99.6 allows remote attackers to cause a denial of service (infinite loop
    or crash) via unknown vectors.
  + CVE-2007-6115: Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal)
    0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause
    a denial of service and possibly execute arbitrary code via unknown vectors.
  + CVE-2007-6112: Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6
    allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary
    code via unknown vectors.
  + CVE-2007-6111: Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow
    remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or
    (2) unspecified vectors to the NCP dissector.
* debian/patches/13_CVE-2007-6121.dpatch:
  - Applied patch by upstream
  - Link: http://bugs.wireshark.org/bugzilla/attachment.cgi?id=1132
* debian/patches/13_CVE-2007-6120.dpatch:
  - Applied patch by upstream
  - Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-btsdp.c?r1=21431&r2=23496&view=patch
* debian/patches/13_CVE-2007-6117.dpatch:
  - Applied patch by upstream
  - Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-http.c?r1=22515&r2=23415&view=patch
* debian/patches/13_CVE-2007-6114.dpatch:
  - Applied patch by upstream
  - Link 1: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-ssl-utils.h?r1=21445&r2=22883&view=patch
  - Link 2: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-ssl.c?r1=22625&r2=22883&view=patch
  - Link 3: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/wiretap/iseries.c?r1=23000&r2=23232&view=patch
* debian/patches/13_CVE-2007-6113.dpatch:
  - Applied patch by upstream
  - Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-dnp.c?r1=22764&r2=22811&view=patch
* debian/patches/13_CVE-2007-6119.dpatch:
  - Applied patch by upstream
  - Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-dcp-etsi.c?r1=22542&r2=23463&view=patch
* debian/patches/13_CVE-2007-6118.dpatch:
  - Applied patch by upstream
  - Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-megaco.c?r1=23150&r2=23449&view=patch
* debian/patches/13_CVE-2007-6116.dpatch:
  - Applied patch by upstream
  - Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-gdsdb.c?r1=23211&r2=23251&view=patch
* debian/patches/13_CVE-2007-6115.dpatch:
  - Applied patch by upstream
  - Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-ansi_map.c?r1=22866&r2=22892&view=patch
* debian/patches/13_CVE-2007-6112.dpatch:
  - Applied patch by upstream
  - Link: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-ppp.c?r1=23252&r2=23475&view=patch
* debian/patches/13_CVE-2007-6111.dpatch:
  - Applied patch by upstream
  - Link 1: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/wiretap/mpeg.c?r1=21489&r2=22261
  - Link 2: http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-ncp.c?r1=21167&r2=23252&view=patch
* debian/control:
  - Updated Maintainer field following Ubuntu Maintainer Policy
* References:
  CVE-2007-6121
  CVE-2007-6120
  CVE-2007-6117
  CVE-2007-6114
  CVE-2007-6113
  CVE-2007-6119
  CVE-2007-6118
  CVE-2007-6116
  CVE-2007-6115
  CVE-2007-6112
  CVE-2007-6111
  http://www.wireshark.org/security/wnpa-sec-2007-03.html

15. By Frederic Peters <email address hidden>

debian/rules: added check for wireshark-dev headers (closes: #436247 )

14. By Frederic Peters <email address hidden>

* New upstream pre-release, with security fixes:
  * could crash when dissecting an HTTP chunked response
  * could crash while reading iSeries capture files
  * could exhaust system memory while reading a malformed DCP ETSI packet
  * could loop excessively while reading a malformed SSL packet
  * DHCP/BOOTP dissector was susceptible to an off-by-one error
  * could loop excessively while reading a malformed MMS packet
* debian/control: added libkrb5-dev to build-deps so Kerberos support is
  built.
* debian/control: replaced {Source-Version} with appropriate {binary:Version}
* debian/wireshark-dev.header-files: use wildcards to get all headers
  (closes: #423000)
* debian/patches/14_disable-cmip.dpatch: disable CMIP dissector which
  doesn't build at the moment.
* debian/rules: don't ignore all errors on make distclean

13. By Frederic Peters <email address hidden>

* New upstream release.
* debian/patches/09_idl2wrs.dpatch: updated to patch idl2wrs.sh.in.

12. By Frederic Peters <email address hidden>

debian/patches/10_wireshark_gen.dpatch: removed as it is no longer
necessary. (closes: #412963)

11. By Frederic Peters <email address hidden>

debian/patches/00list: really include backported security fixes, stupid me.

10. By Frederic Peters <email address hidden>

* Backported security fixes from 0.99.5pre1
  * The TCP dissector could hang or crash while reassembling HTTP packets.
  * The HTTP dissector could crash.
  * On some systems, the IEEE 802.11 dissector could crash.
  * On some systems, the LLT dissector could crash.

9. By Michael Bienia

* Merge from Debian unstable. Remaining changes:
  - Python 2.4 transition.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/karmic/wireshark
This branch contains Public information 
Everyone can see this information.

Subscribers