Bulletin d'alerte Debian
DSA-853-1 ethereal -- Plusieurs vulnérabilités
- Date du rapport :
- 9 octobre 2005
- Paquets concernés :
- ethereal
- Vulnérabilité :
- Oui
- Références dans la base de données de sécurité :
- Dans le dictionnaire CVE du Mitre : CVE-2005-2360, CVE-2005-2361, CVE-2005-2363, CVE-2005-2364, CVE-2005-2365, CVE-2005-2366, CVE-2005-2367.
- Plus de précisions :
-
Plusieurs problèmes de sécurité ont été découverts dans ethereal, un analyseur de trafic réseau couramment utilisé. Le projet « Common Vulnerabilities and Exposures » a identifié les problèmes suivants :
- CAN-2005-2360
Des erreurs d'allocation de mémoire dans l'extracteur LDAP pouvaient provoquer un déni de service.
- CAN-2005-2361
Diverses erreurs dans les extracteurs AgentX, PER, DOCSIS, RADIUS, Telnet, IS-IS, HTTP, DCERPC, DHCP et SCTP pouvaient provoquer un déni de service.
- CAN-2005-2363
Diverses erreurs dans les extracteurs SMPP, 802.3, H1 et DHCP pouvaient provoquer un déni de service.
- CAN-2005-2364
Des déréférencements de pointeurs nuls dans les extracteurs WBXML et GIOP pouvaient provoquer un déni de service.
- CAN-2005-2365
Un dépassement de tampon et des déréférencements de pointeurs nuls dans l'extracteur SMB pouvaient provoquer un déni de service.
- CAN-2005-2366
Un mauvais calcul d'adresse dans l'extracteur BER pouvait provoquer une boucle infinie ou un abandon.
- CAN-2005-2367
Des vulnérabilités sur le format des chaînes de caractères dans plusieurs extracteurs permettaient aux attaquants distants d'ecrire dans des espaces mémoire arbitraires et ainsi de disposer de plus de droits.
Pour l'ancienne distribution stable (Woody), ces problèmes ont été corrigés dans la version 0.9.4-1woody13.
Pour l'actuelle distribution stable (Sarge), ces problèmes ont été corrigés dans la version 0.10.10-2sarge3.
Pour la distribution instable (Sid), ces problèmes ont été corrigés dans la version 0.10.12-2.
Nous vous recommandons de mettre à jour vos paquets ethereal.
- CAN-2005-2360
- Corrigé dans :
-
Debian GNU/Linux 3.0 (woody)
- Source :
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13.dsc
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13.diff.gz
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_alpha.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_alpha.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_alpha.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_alpha.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_arm.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_arm.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_arm.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_arm.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_i386.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_i386.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_i386.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_i386.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_ia64.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_ia64.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_ia64.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_ia64.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_hppa.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_hppa.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_hppa.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_hppa.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_m68k.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_m68k.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_m68k.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_m68k.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_mips.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_mips.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_mips.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_mips.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_s390.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_s390.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_s390.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_s390.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_sparc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_sparc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_sparc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_sparc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_sparc.deb
Debian GNU/Linux 3.1 (sarge)
- Source :
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3.dsc
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3.diff.gz
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_alpha.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_alpha.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_alpha.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_alpha.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_amd64.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_amd64.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_amd64.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_amd64.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_arm.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_arm.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_arm.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_arm.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_i386.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_i386.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_i386.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_i386.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_ia64.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_ia64.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_ia64.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_ia64.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_hppa.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_hppa.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_hppa.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_hppa.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_m68k.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_m68k.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_m68k.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_m68k.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_mips.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_mips.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_mips.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_mips.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_s390.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_s390.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_s390.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_s390.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_sparc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_sparc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_sparc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_sparc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_sparc.deb
Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.