Hi Frederic, On Sat, May 07, 2005 at 12:17:10PM -0400, Frederic Peters wrote: > Format: 1.7 > Date: Sat, 7 May 2005 17:52:48 +0200 > Source: ethereal > Binary: ethereal ethereal-dev tethereal ethereal-common > Architecture: source i386 > Version: 0.10.10-2sarge1 > Distribution: testing-proposed-updates > Urgency: high > Maintainer: Frederic Peters <fpeters@debian.org> > Changed-By: Frederic Peters <fpeters@debian.org> > Description: > ethereal - network traffic analyzer > ethereal-common - network traffic analyser (common files) > ethereal-dev - network traffic analyser (development tools) > tethereal - network traffic analyzer (console) > Changes: > ethereal (0.10.10-2sarge1) testing-proposed-updates; urgency=high > . > * Updated dissectors with upstream (0.10.11) security fixes: > * denial of service (abort) in DHCP and Telnet dissectors (CAN-2005-1456) > * denial of service (crash) in AIM, LDAP, FibreChannel, GSM_MAP, SRVLOC > and NTLMSSP dissectors (CAN-2005-1457) > * problems (unknown) in KINK dissector (CAN-2005-1458) > * denial of service (assert) in WSP, BER, SMB, NDPS, IAX2, RADIUS, TCAP, > MRDISC, 802.3 Slow, SMBMailslot and SMB PIPE dissectors (CAN-2005-1459) > * denial of service (assert) in misc dissectors (CAN-2005-1460) > * buffer overflows in SIP, CMIP, CMP, CMS, CRMF, ESS, OCSP, X.509, ISIS, > DISTCC, FCELS, Q.931, NCP, TCAP, ISUP, MEGACO, PKIX1Explitit, > PKIX_Qualified and Presentation dissectors (CAN-2005-1461) > * double free in ICEP dissector (CAN-2005-1462) > * format string vulnerabities in DHCP and ANSI A dissectors > (CAN-2005-1463) > * infinite loop in KINK, L2TP, MGCP, EIGRP, DLSw, MEGACO, LMP and RSVP > dissectors (CAN-2005-1464) > * long loop in NSP dissector (CAN-2005-1465) > * large memory allocation in DICOM dissector (CAN-2005-1466) > * memory exhaustion in NDPS dissector (CAN-2005-1467) > * NULL dereference in WSP, Q.931, H.245, KINK, MGCP, RPC, SMBMailslot and > SMB NETLOGON dissectors (CAN-2005-1468) > * invalid pointer in GSM dissector (CAN-2005-1469) > * segmentation fault in TZSP, MGCP, ISUP, SMB and Bittorrent dissectors > (CAN-2005-1470) The changelog claims to fix infinite loop problems with the DSLw dissector and a double-free in the ICEP dissector, but here is the entire diff for those two source files: diff -u ethereal-0.10.10/epan/dissectors/packet-dlsw.c ethereal-0.10.10/epan/dissectors/packet-dlsw.c --- ethereal-0.10.10/epan/dissectors/packet-dlsw.c +++ ethereal-0.10.10/epan/dissectors/packet-dlsw.c @@ -2,7 +2,7 @@ * Routines for DLSw packet dissection (Data Link Switching) * Copyright 2001, Paul Ionescu <paul@acorp.ro> * - * $Id: packet-dlsw.c 13019 2005-01-13 17:26:10Z guy $ + * $Id: packet-dlsw.c 14178 2005-04-24 01:15:53Z gerald $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> diff -u ethereal-0.10.10/epan/dissectors/packet-icep.c ethereal-0.10.10/epan/dissectors/packet-icep.c --- ethereal-0.10.10/epan/dissectors/packet-icep.c +++ ethereal-0.10.10/epan/dissectors/packet-icep.c @@ -3,7 +3,7 @@ * Copyright 2004 _FF_ * Francesco Fondelli <fondelli dot francesco, tiscali dot it> * - * $Id: packet-icep.c 12223 2004-10-06 17:37:47Z guy $ + * $Id: packet-icep.c 14176 2005-04-24 00:36:11Z gerald $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> Does this mean these problems were actually fixed in -2, where they are also mentioned in the changelog (without the CVE #)? Also, there are changes to packet-bacnet.c, packet-cdp.c, packet-chdlc.c, packet-dcm.c, packet-gsm_a.c, packet-gssapi.c, packet-h245.c, packet-kerberos.c, packet-q931.c, packet-slowprotocols.c, packet-spnego.c that don't seem to correspond to anything in the changelog. Can you explain? The files packet-dcerpc.c, packet-rsvp.c, packet-acse.c, and packet-mgcp.c also contain at least some changes that appear to be unrelated to the security fixes, but are instead protocol dissection enhancements. I'm really not keen on allowing such changes in via t-p-u. Thanks, -- Steve Langasek postmodern programmer
Attachment:
signature.asc
Description: Digital signature