Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > December 2005 > Two Debian Security Advisories: 1. DSA 919-1 - curl 2. DSA 920-1 - ethereal

December 2005

Two Debian Security Advisories: 1. DSA 919-1 - curl 2. DSA 920-1 - ethereal

ID: 01093
Ref: 1025/2005
Date: 14 December 2005:13:40:14
Version: 1
Title: Two Debian Security Advisories: 1. DSA 919-1 - curl 2. DSA 920-1 - ethereal
Abstract:
Vendors affected: Debian
Operating systems affected: Debian
Applications affected: Debian
Title
=====

Two Debian Security Advisories:

1. DSA 919-1 - curl

2. DSA 920-1 - ethereal

Detail
======

1. Several problems were discovered in libcurl, a multi-protocol file
transfer library.

2. A buffer overflow has been discovered in ethereal, a commonly used
network traffic analyser that causes a denial of service and may
potentially allow the execution of arbitrary code.



1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 919-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
December 12th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : curl
Vulnerability : buffer overflow
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2005-4077 CVE-2005-3185
BugTraq ID : 15756 15102 15647
Debian Bug : 342339 342696

Several problems were discovered in libcurl, a multi-protocol file
transfer library. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2005-3185

A vulnerability has been discovered a buffer overflow in libcurl
that could allow the execution of arbitrary code.

CVE-2005-4077

Stefan Esser discovered several off-by-one errors that allows
local users to trigger a buffer overflow and cause a denial of
service or bypass PHP security restrictions via certain URLs.

For the old stable distribution (woody) these problems have been fixed in
version 7.9.5-1woody1.

For the stable distribution (sarge) these problems have been fixed in
version 7.13.2-2sarge4. This update also includes a bugfix against
data corruption.

For the unstable distribution (sid) these problems have been fixed in
version 7.15.1-1.

We recommend that you upgrade your libcurl packages.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody1.dsc
Size/MD5 checksum: 603 c7980d3b9589f2ef20390a70e0b4de74
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody1.diff.gz
Size/MD5 checksum: 16631 e35ec4ff7161fa158c04c8cbf716d159
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5.orig.tar.gz
Size/MD5 checksum: 682397 a4df6bb5aa8962c204e73c8f98077928

Alpha architecture:

http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody1_alpha.deb
Size/MD5 checksum: 118498 584184fdc57b0b302b1c16b293222492
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody1_alpha.deb
Size/MD5 checksum: 195922 6a58bcdea99e866fdfbad573b3d6ef8d
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody1_alpha.deb
Size/MD5 checksum: 116574 799b6ccd5c223cd8580c8e4fc610fef8

ARM architecture:

http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody1_arm.deb
Size/MD5 checksum: 114452 028489639e478d66a6223c7a2175cac9
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody1_arm.deb
Size/MD5 checksum: 172978 ad531498826aaa48ec0e2eb5c2df7207
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody1_arm.deb
Size/MD5 checksum: 101852 c7df9a970ef2f5a1ac11f6aae2c539be

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody1_i386.deb
Size/MD5 checksum: 112954 55c016b60375a465dd139b25a9860e3b
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody1_i386.deb
Size/MD5 checksum: 163696 c88d95d412ef529c8eebc9d21a5d6006
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody1_i386.deb
Size/MD5 checksum: 100482 ca2e1ea6b2508888814e75101a9936bf

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody1_ia64.deb
Size/MD5 checksum: 122062 7476d36d7530caab9aa08c8c24bc7b17
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody1_ia64.deb
Size/MD5 checksum: 210310 5ef9167039cdf11ba26f5380265e9f0e
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody1_ia64.deb
Size/MD5 checksum: 139432 6c924348404f96a9d534485d231da013

HP Precision architecture:

http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody1_hppa.deb
Size/MD5 checksum: 116424 a94545e972184368284431251dc81bc0
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody1_hppa.deb
Size/MD5 checksum: 186366 a9ef087b21652930a452f9aa61e17040
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody1_hppa.deb
Size/MD5 checksum: 112976 9f67b8e55d8578f97913aef8135251cc

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody1_m68k.deb
Size/MD5 checksum: 112776 246260a28117b2c1fc01d9754e4dc4fe
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody1_m68k.deb
Size/MD5 checksum: 159130 3e9ce9d21bbdce3688ddbaf4f260ac2f
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody1_m68k.deb
Size/MD5 checksum: 97160 01ce2ddf9d7a91373bc02086a0718225

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody1_mips.deb
Size/MD5 checksum: 115468 6e64a1534418bb425a1ad1dc2be0e1f9
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody1_mips.deb
Size/MD5 checksum: 183938 5978db39fe8acd2a4042c6f184129211
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody1_mips.deb
Size/MD5 checksum: 105234 2e48fba8ba1392918aa0c0ad95b0d237

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody1_mipsel.deb
Size/MD5 checksum: 115494 0c3bdfc2517c81dda03e999505711af5
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody1_mipsel.deb
Size/MD5 checksum: 183856 aef61efcb299d750e575eb1e8cc0a500
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody1_mipsel.deb
Size/MD5 checksum: 105328 830278f24a115bf4dfa2a57517507faa

PowerPC architecture:

http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody1_powerpc.deb
Size/MD5 checksum: 115064 36a580ccb525717018023223252a2dad
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody1_powerpc.deb
Size/MD5 checksum: 181490 7af33b2711cea9edd18a1e0bf76b7908
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody1_powerpc.deb
Size/MD5 checksum: 106400 362227268352e1b6345d665e46cad9f4

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody1_s390.deb
Size/MD5 checksum: 114380 e67536f6369452d7eb9c68a526b50acc
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody1_s390.deb
Size/MD5 checksum: 167516 6a47b2681d358a72dd2da46cd282cde3
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody1_s390.deb
Size/MD5 checksum: 104362 f48b9e5257fb2d933676f1bdedf65700

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody1_sparc.deb
Size/MD5 checksum: 114212 dcc862dfac0b145a85dd41ee26b8f68a
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody1_sparc.deb
Size/MD5 checksum: 173280 9d4005552173802f517f84c7b7ff6e7c
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody1_sparc.deb
Size/MD5 checksum: 107954 1bcfdf01ff3c281aca72220de9c36285


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge4.dsc
Size/MD5 checksum: 810 da7861471f869f9a9ec5134d5fd38d19
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge4.diff.gz
Size/MD5 checksum: 171255 d385dd607b786b7f850a9f24babcc65a
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2.orig.tar.gz
Size/MD5 checksum: 2201086 b3bd4a303f35f9a2a3ed3671cedf8329

Alpha architecture:

http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge4_alpha.deb
Size/MD5 checksum: 150884 bd55a60b515ee8c2465fd17f7de29d50
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge4_alpha.deb
Size/MD5 checksum: 251276 2f8cc5197eb54c78b18f25f63207d286
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge4_alpha.deb
Size/MD5 checksum: 1010862 797c1b435ae57f09704840682615fed9
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge4_alpha.deb
Size/MD5 checksum: 1279412 1d9b9bcaeb4f55b4e1029ab24b74cb7f
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge4_alpha.deb
Size/MD5 checksum: 132164 b81c4278c3cbdf9c78266ca451110745

AMD64 architecture:

http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge4_amd64.deb
Size/MD5 checksum: 148002 b56233f49b100362e368b03e66218720
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge4_amd64.deb
Size/MD5 checksum: 239260 d13d8eaecec3d63810e1ed73a6268ee2
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge4_amd64.deb
Size/MD5 checksum: 1004100 712cffdd8bb0678bbd5372f8038bf743
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge4_amd64.deb
Size/MD5 checksum: 1237918 5b7ab2089d6c421223ab1d5bca45ccc8
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge4_amd64.deb
Size/MD5 checksum: 119332 a29338d6eebb002f76b64eb8db25669d

ARM architecture:

http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge4_arm.deb
Size/MD5 checksum: 147036 4d7dd6a1e18101e9f82ca47bd71adee6
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge4_arm.deb
Size/MD5 checksum: 232254 7e7aa0f0d63d809380c5cf16a7bd9998
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge4_arm.deb
Size/MD5 checksum: 1006512 1b6bba8334374b9a0973834db013deec
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge4_arm.deb
Size/MD5 checksum: 1236324 d6e759826948dfc0b85100aa0721acbd
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge4_arm.deb
Size/MD5 checksum: 112850 6a4bb805155911126e0da34c9a69caba

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge4_i386.deb
Size/MD5 checksum: 146622 b5c28b5df70be2f14ccc38ba76445184
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge4_i386.deb
Size/MD5 checksum: 237394 deeefb82e0e50917d334cd58e941c703
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge4_i386.deb
Size/MD5 checksum: 1003560 5a072f044f577601edf276a80eee1a16
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge4_i386.deb
Size/MD5 checksum: 1223642 101c390bd001489d4338f18b64c7564f
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge4_i386.deb
Size/MD5 checksum: 118476 0b34194348da0cf2e73833791321f8be

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge4_ia64.deb
Size/MD5 checksum: 156700 c40c8b873384b31606d0f86f62f87d62
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge4_ia64.deb
Size/MD5 checksum: 279198 15bb908f6a841d8ffab2051484691d6d
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge4_ia64.deb
Size/MD5 checksum: 1014686 c515f26ae840693a7af303b939e533de
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge4_ia64.deb
Size/MD5 checksum: 1293752 a96384202ca09ebb218eb7ab0872da4d
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge4_ia64.deb
Size/MD5 checksum: 160754 e197fcb10908f1201b12105d6a4fe988

HP Precision architecture:

http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge4_hppa.deb
Size/MD5 checksum: 150516 e80d05b29994e4a4aa921a060f1aaa4a
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge4_hppa.deb
Size/MD5 checksum: 251178 95c1f4a011dd7509e631326175c6f4ac
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge4_hppa.deb
Size/MD5 checksum: 1002034 069328e53c666557d876adc4c7df762a
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge4_hppa.deb
Size/MD5 checksum: 1253588 66b90d2a50a329df1a6d2deb5db11caf
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge4_hppa.deb
Size/MD5 checksum: 132258 345e3389c3d58356d4324b6cb09b4ce1

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge4_m68k.deb
Size/MD5 checksum: 144622 dcd9d447dc466637937f1390df4efe8c
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge4_m68k.deb
Size/MD5 checksum: 227834 d354dcd599d04d9c592b8fdbbe833775
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge4_m68k.deb
Size/MD5 checksum: 998522 83c7e2d7474f2bc623d3fa19db556c94
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge4_m68k.deb
Size/MD5 checksum: 1211958 a3e925c82c058b01971a781462d56fe9
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge4_m68k.deb
Size/MD5 checksum: 108658 c59d11114a8209e7fec2b5fd608e3864

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge4_mips.deb
Size/MD5 checksum: 149912 722a66107541a6d2ae823f46b1459743
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge4_mips.deb
Size/MD5 checksum: 237422 08c3c48899e33babbc9bc8f3d8b8d97d
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge4_mips.deb
Size/MD5 checksum: 1007542 26b4bee9ab3ece84e1a2ef5bc0cfa815
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge4_mips.deb
Size/MD5 checksum: 1246952 ab4a46b14f124baad25a1c15e5f84f5d
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge4_mips.deb
Size/MD5 checksum: 118446 76a1ed48d045c6eec4ac3a9246adf369

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge4_mipsel.deb
Size/MD5 checksum: 150000 68e58cb1e4a76411d44f0cc28bed3dac
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge4_mipsel.deb
Size/MD5 checksum: 237988 53b75c49f88e29ea3b0615a33d1d179f
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge4_mipsel.deb
Size/MD5 checksum: 1010926 a31f246e13a31e422d6abd4637e7d79f
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge4_mipsel.deb
Size/MD5 checksum: 1247194 ae4a7ceb8e33c0f6d6e0ea017c1fd5a7
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge4_mipsel.deb
Size/MD5 checksum: 118908 499638c1e407f837d438eb3ee25b71c5

PowerPC architecture:

http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge4_powerpc.deb
Size/MD5 checksum: 150630 9d498e220cf3f1ea0bed9eba37895994
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge4_powerpc.deb
Size/MD5 checksum: 243434 e115acf14a63f9c2a19d42b1963ca7a0
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge4_powerpc.deb
Size/MD5 checksum: 1640952 fa15696dc540f1615672417c997761b3
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge4_powerpc.deb
Size/MD5 checksum: 1245276 db89abb638e975cdbcc0381b4123ea10
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge4_powerpc.deb
Size/MD5 checksum: 124126 78380f53d3d3656f87ea7d407e0ecd37

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge4_s390.deb
Size/MD5 checksum: 148600 4660101e4a8bd44eb68ef9ea80d95502
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge4_s390.deb
Size/MD5 checksum: 246602 de14f2625c352dc0f96981759b7ae94d
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge4_s390.deb
Size/MD5 checksum: 1025394 ea2821337cbbefffa7833cc8f2f73aae
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge4_s390.deb
Size/MD5 checksum: 1240726 1942bd69e7d06c8fa4f0aefda94a2b54
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge4_s390.deb
Size/MD5 checksum: 127424 a7412a250bd42c0cfe74d054a76e4352

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge4_sparc.deb
Size/MD5 checksum: 147624 92c2113d31613a17dad62bf4585bb96d
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge4_sparc.deb
Size/MD5 checksum: 236962 defcd15ad18e2110105685aa592c36cb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge4_sparc.deb
Size/MD5 checksum: 996594 515599851d6c7bc75edd4bd2a85e1b22
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge4_sparc.deb
Size/MD5 checksum: 1232322 4680ad497ca64e90d3a8cfc10f134ca7
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge4_sparc.deb
Size/MD5 checksum: 117968 8b50fcf2af77f3f5b075797c3f5db265


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD4DBQFDnXUzW5ql+IAeqTIRAmxbAJji1JPfzDpUQi+smmNU5/TsirpDAJ40kBPm
yi4IyEbiGOj4PQSTFUBrog==
=w5uH
- -----END PGP SIGNATURE-----


2.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 920-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
December 13th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : ethereal
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2005-3651
BugTraq ID : 15794
Debian Bug : 342911

A buffer overflow has been discovered in ethereal, a commonly used
network traffic analyser that causes a denial of service and may
potentially allow the execution of arbitrary code.

For the old stable distribution (woody) this problem has been fixed in
version 0.9.4-1woody14.

For the stable distribution (sarge) this problem has been fixed in
version 0.10.10-2sarge3.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your ethereal packages.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14.dsc
Size/MD5 checksum: 681 fd2549fde25a12ea89ff76f16f476a1b
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14.diff.gz
Size/MD5 checksum: 46176 b28a169806ac6c7357bc59cb684ce067
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
Size/MD5 checksum: 3278908 42e999daa659820ee93aaaa39ea1e9ea

Alpha architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_alpha.deb
Size/MD5 checksum: 1941098 7ea04145418237e513e15021dc7f7b95
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_alpha.deb
Size/MD5 checksum: 334948 cef7bebe414cbf9d7ba06dded593e087
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_alpha.deb
Size/MD5 checksum: 223218 648d49081514871e244690c8d5f33691
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_alpha.deb
Size/MD5 checksum: 1708326 42b0e3d2014feb624df9b899ff620a0b

ARM architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_arm.deb
Size/MD5 checksum: 1635960 b04119f7705cf79e7172f1d18948fa8d
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_arm.deb
Size/MD5 checksum: 298554 3fd358c7da7eb738eb6873ef7af66d7f
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_arm.deb
Size/MD5 checksum: 207122 45c7b2fd84a7eb3e36e8d69ea9b6dcdf
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_arm.deb
Size/MD5 checksum: 1440018 9e3b3a723071fbd018ad3ac73183da68

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_i386.deb
Size/MD5 checksum: 1513538 b953ab41e1961c68629b925bbc56dd83
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_i386.deb
Size/MD5 checksum: 287406 5ef238518e168e5a46319493c15c4e19
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_i386.deb
Size/MD5 checksum: 199112 56c7fb6de85158b326b90488a0752cb1
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_i386.deb
Size/MD5 checksum: 1327200 3efaf5307fd7d6f34814e155caa33a7a

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_ia64.deb
Size/MD5 checksum: 2150464 14f206f1245e654828dc70458d7b6ec6
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_ia64.deb
Size/MD5 checksum: 373888 3e18fd820eaef70e178e1e54f35b163b
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_ia64.deb
Size/MD5 checksum: 234768 0e01b34d747883840309fbe0a82b9d90
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_ia64.deb
Size/MD5 checksum: 1862118 759d0b8533a34f25e2cd44e77b22b4c8

HP Precision architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_hppa.deb
Size/MD5 checksum: 1805078 e84cbe1d3502ddaf4d34e3a969a14736
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_hppa.deb
Size/MD5 checksum: 323354 37c86ac01668a204d7808a9fdcbb81be
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_hppa.deb
Size/MD5 checksum: 217748 a9a0acb50c691d7bc451cfae45c9d51e
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_hppa.deb
Size/MD5 checksum: 1576466 8c1be59eac51ed8a610285a15a058e22

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_m68k.deb
Size/MD5 checksum: 1425116 544e1f11c2d772762396cf4d50cc93b8
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_m68k.deb
Size/MD5 checksum: 283738 77f3c1a0ee662058b9e55cafe1d1ae7c
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_m68k.deb
Size/MD5 checksum: 196008 b0dfb3b8d3d1e37c6a077930ea3dbf3b
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_m68k.deb
Size/MD5 checksum: 1249126 60a2d75460899934f40c2ea649c7bf7d

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_mips.deb
Size/MD5 checksum: 1617300 8538bf50fd13015ec371a625f8eaeae7
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_mips.deb
Size/MD5 checksum: 306118 7efffa6fb386ddda82d2669ffc575db4
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_mips.deb
Size/MD5 checksum: 214658 189f2f3621ebde6a7455bc2be6e09c3e
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_mips.deb
Size/MD5 checksum: 1422282 9b066162a09a3c53d82f5c9463fe239b

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_mipsel.deb
Size/MD5 checksum: 1598586 6ed002e3b9d37f57b3cb782270ae26cb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_mipsel.deb
Size/MD5 checksum: 305606 557d7ecf335f4f60f57e6e2483a81888
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_mipsel.deb
Size/MD5 checksum: 214304 cd62dba02317002a5d78472b18c9603b
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_mipsel.deb
Size/MD5 checksum: 1406756 b106a0b8c8ab20d663c342367a556a5e

PowerPC architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_powerpc.deb
Size/MD5 checksum: 1618532 c41f2a97a6853433772f5f2a0c8e32de
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_powerpc.deb
Size/MD5 checksum: 302842 245c32c2385672854ea654206a6a0db7
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_powerpc.deb
Size/MD5 checksum: 209956 8336298c3c08e4213c617f4fb9922dcf
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_powerpc.deb
Size/MD5 checksum: 1419734 1bd2b78f8a25b9da6f70c3f05b580be3

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_s390.deb
Size/MD5 checksum: 1575174 54dc9af554d9b748a1e3ff7d9e805f1a
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_s390.deb
Size/MD5 checksum: 301632 dedef85bb14b6b45f92085f90314034d
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_s390.deb
Size/MD5 checksum: 205000 b6200c4c1f9015261a7ac43ac6c43252
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_s390.deb
Size/MD5 checksum: 1388014 45b14ef2e45ab75949227acc26878b6b

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_sparc.deb
Size/MD5 checksum: 1583708 acfac4316a7e5a71158bb25af5689293
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_sparc.deb
Size/MD5 checksum: 318896 aca734b7ec2a1d7f631159b568b8b999
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_sparc.deb
Size/MD5 checksum: 205782 2a5a107881b218d3adf4662578a1a108
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_sparc.deb
Size/MD5 checksum: 1389940 7b383ffec5230f7766935089fcff0e0e


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4.dsc
Size/MD5 checksum: 855 29cbef6699e9e51ae35c4745b978c1e4
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4.diff.gz
Size/MD5 checksum: 167246 2230337a164906c33ca978abc5b57c65
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
Size/MD5 checksum: 7411510 e6b74468412c17bb66cd459bfb61471c

Alpha architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_alpha.deb
Size/MD5 checksum: 541818 a6c44210b359d74ed16ed23fe386759d
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_alpha.deb
Size/MD5 checksum: 5474866 5924bfdf784578df4dd2df46392d2a0c
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_alpha.deb
Size/MD5 checksum: 153864 e687ab4c0c2dec8d62065d18484fadce
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_alpha.deb
Size/MD5 checksum: 105162 431908b433045153e7360c53bde3e900

AMD64 architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_amd64.deb
Size/MD5 checksum: 485392 16a454068f8ce4997d7df6808d66b64b
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_amd64.deb
Size/MD5 checksum: 5334066 79eeb45de736a575fcbfdc7e40fd0083
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_amd64.deb
Size/MD5 checksum: 153864 980cd2da44c4d1bc32ae6336acb2c79f
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_amd64.deb
Size/MD5 checksum: 98444 08817a1f964ab391ffec8da425020572

ARM architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_arm.deb
Size/MD5 checksum: 471758 37774606d0d4d050dece6b73907a9885
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_arm.deb
Size/MD5 checksum: 4685936 54446e011296caf441369bab0bd7aecd
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_arm.deb
Size/MD5 checksum: 153890 00002cca682ca3c3abf2e7c97e41e841
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_arm.deb
Size/MD5 checksum: 94388 ddf5908a309c89acadac3962dec222c3

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_i386.deb
Size/MD5 checksum: 442462 22585d584a56ade669ef45e23a460c13
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_i386.deb
Size/MD5 checksum: 4491616 db1efd0f3a3f9e5ac03f82f56d435048
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_i386.deb
Size/MD5 checksum: 153658 f754988305495aa0babd2ffc6c05dfb7
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_i386.deb
Size/MD5 checksum: 89874 7f9b4b8731d3b7cc770d1e81fdf9edff

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_ia64.deb
Size/MD5 checksum: 673480 2accbfffd291f3b424d0f0203bfeaf95
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_ia64.deb
Size/MD5 checksum: 6625668 951a0d38bf3f2ff63fabb3aeed861719
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_ia64.deb
Size/MD5 checksum: 153864 151d53ada1dcc87f45bd5c9eac830a8b
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_ia64.deb
Size/MD5 checksum: 128148 5b970496851ecc3c8034c4a6050d39d9

HP Precision architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_hppa.deb
Size/MD5 checksum: 488198 16e109738a8788eff83b2a94426bc90d
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_hppa.deb
Size/MD5 checksum: 5785972 915abaae95c1620129d982b4f742e998
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_hppa.deb
Size/MD5 checksum: 153880 deb9a9396bc7e6b9e4a9c98a3b0997be
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_hppa.deb
Size/MD5 checksum: 97420 4d15ca9df16e677ec167e918d1df3262

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_m68k.deb
Size/MD5 checksum: 446824 a24b34013583a4e3497a1ebf6142ff22
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_m68k.deb
Size/MD5 checksum: 5564090 ec403a6ef8f92839ec3e48c031f427be
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_m68k.deb
Size/MD5 checksum: 153992 388cce8ba0ecddede0d2a0eb7b41f976
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_m68k.deb
Size/MD5 checksum: 89958 de2aa186345897a64577ed6991de0f16

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_mips.deb
Size/MD5 checksum: 461508 944dbf1184d71f3420aa0e0f998e4951
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_mips.deb
Size/MD5 checksum: 4722696 7ecb7db0539d885c010141d2307d2309
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_mips.deb
Size/MD5 checksum: 153882 b4ffbc14b75db5a2d80ea8ab2dc098d9
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_mips.deb
Size/MD5 checksum: 93670 edfbeb906903497b741ce491d062fe8d

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_mipsel.deb
Size/MD5 checksum: 456796 61db19e60b59ca08539139f133161ecd
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_mipsel.deb
Size/MD5 checksum: 4458954 3f85051d87e652474f35c93df894668d
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_mipsel.deb
Size/MD5 checksum: 153896 6b4fa165eb5fc6c85ea5443f9cc8627c
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_mipsel.deb
Size/MD5 checksum: 93596 f3fbc2765b9eef5589ae8b67b3fc507b

PowerPC architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_powerpc.deb
Size/MD5 checksum: 454624 ac160f2dfaf9480ec2ddb284b16969b2
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_powerpc.deb
Size/MD5 checksum: 5069322 b505bbd6c34a9fc83d3ab34161751b89
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_powerpc.deb
Size/MD5 checksum: 153888 0ac314e84694a76fd5475f8318c0bd0c
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_powerpc.deb
Size/MD5 checksum: 93460 89763605c5fc59034a6b3b4399920a51

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_s390.deb
Size/MD5 checksum: 478832 f58c4f3e2f5f185cb40818aad6bcba76
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_s390.deb
Size/MD5 checksum: 5620232 a8ad7eceaa81bbacbd70a3f4d2201edf
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_s390.deb
Size/MD5 checksum: 153878 837cf0ef9571ee6abdeb382d54412d90
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_s390.deb
Size/MD5 checksum: 98982 e5bad7bb8bf3964b47b41ec84b62e342

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_sparc.deb
Size/MD5 checksum: 464160 3e21acc4249b2032b1d7ed474486189e
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_sparc.deb
Size/MD5 checksum: 5127616 f418acff6a83220d1b3ba544856b60ed
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_sparc.deb
Size/MD5 checksum: 153870 e45257dbd6a4799b26be761fcc79e835
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_sparc.deb
Size/MD5 checksum: 92840 aa61f8545872884a69df77aa3a8e35d6


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDnrrHW5ql+IAeqTIRAuDBAJ9+6Ablhq7itE0PpFPhF7yEToauXwCdGb8B
aQX5QDtvXo6ILXx8K38wlnM=
=P8ZB
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |