|
Everything related to Computer Security - Security Audits, Security Vulnerabilities, Intrusion Detection, Incident Handling, Forensics and Investigation, Information Security Policies, and a whole lot more.
Tuesday, August 31, 2010
Get more in-store! Clearance event at The Shack
Ajaye Shah invites you to join Ecademy
Hi, Join Ecademy now for business networking and support > - Share Knowledge - Build your Network - Grow your Business thanks, Ajaye Shah ajayeshah@gmail.com | |
This email was sent to security.world@gmail.com To avoid receiving these emails in the future send an email from that address to invite-unsubscribe@ecademy.com or go to http://www.ecademy.com/blockinvites.php?e=security.world@gmail.com Email:support@ecademy.com The Ecademy Limited. Registered in England and Wales. Company Registration: 3651083 VAT: 718 0377 36 |
[SECURITY] [DSA 2101-1] New wireshark packages fix several vulnerabilities
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-2101-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
August 31, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : wireshark
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-2994 CVE-2010-2995
Several implementation errors in the dissector of the Wireshark network
traffic analyzer for the ASN.1 BER protocol and in the SigComp Universal
Decompressor Virtual Machine may lead to the execution of arbitrary code.
For the stable distribution (lenny), these problems have been fixed in
version 1.0.2-3+lenny10.
For the unstable distribution (sid), these problems have been fixed in
version 1.2.10-1.
We recommend that you upgrade your wireshark packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2.orig.tar.gz
Size/MD5 checksum: 16935492 1834437f7c6dbed02082e7757133047d
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10.diff.gz
Size/MD5 checksum: 119766 5a4194b36f275740420e6976a3cf4801
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10.dsc
Size/MD5 checksum: 1506 8c8b1b6eb5746bb12f3a31606279d2a4
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_alpha.deb
Size/MD5 checksum: 12098048 c6037e2144a2b606c89666a38bba255d
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_alpha.deb
Size/MD5 checksum: 127062 0ed9502cbcfafb5f40092dfb85bd1452
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_alpha.deb
Size/MD5 checksum: 731182 7d68066a76be15c23097c467591a71d7
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_alpha.deb
Size/MD5 checksum: 570002 ef363dd7b6e59f55ac352dd7f476271f
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_amd64.deb
Size/MD5 checksum: 659672 93affb6b939d97543c0a2ee094eb7bcf
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_amd64.deb
Size/MD5 checksum: 11867538 e26471505e2511c44915167d9df30b2c
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_amd64.deb
Size/MD5 checksum: 119270 3507f87aae6c6eb333f5d6675557ffea
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_amd64.deb
Size/MD5 checksum: 568816 5c2bde00638f8be32513abe1c9b861f9
arm architecture (ARM)
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_arm.deb
Size/MD5 checksum: 10214680 bc5423c9321f4790707c2be839f48029
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_arm.deb
Size/MD5 checksum: 111310 3c7a4f2daba42dec5e4e5b0cad3c8ba4
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_arm.deb
Size/MD5 checksum: 614450 ba489525ee84174cf3e9fb7a40f89d14
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_arm.deb
Size/MD5 checksum: 584538 1a02fc4e91ce9d386bb8ed1e7902c280
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_armel.deb
Size/MD5 checksum: 620126 27ace8479a33a8d685f019fa563d3afa
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_armel.deb
Size/MD5 checksum: 10219808 ef603f9abcd981feb550a6f328592eba
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_armel.deb
Size/MD5 checksum: 586342 7929f0643a92cb084568da2e32ada209
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_armel.deb
Size/MD5 checksum: 113602 e459df96b13b2321ea4ac2b7ca055a55
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_hppa.deb
Size/MD5 checksum: 121180 7cc1f3a0fe508449031c851142b5c4d3
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_hppa.deb
Size/MD5 checksum: 13271640 6bbfc0d14d3bb8c46b35a40523139c5f
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_hppa.deb
Size/MD5 checksum: 584306 c77db073cd347903377d301d656ec3b6
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_hppa.deb
Size/MD5 checksum: 694870 5c35736053a02a728cc9263cea544118
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_i386.deb
Size/MD5 checksum: 583572 3c416afdc0bed67389798748ac82dab1
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_i386.deb
Size/MD5 checksum: 619668 b279bae201515f07f50b789fe9208ee3
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_i386.deb
Size/MD5 checksum: 111708 bd19cc8a584292771ce8b37a934b6759
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_i386.deb
Size/MD5 checksum: 10109862 4a6846b885178fd578ecc6dc3b284172
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_ia64.deb
Size/MD5 checksum: 568824 dabad8c92b646ce5bdf5ac4369593b1a
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_ia64.deb
Size/MD5 checksum: 154666 185f3441d66fcf3ce9c781dc061e4961
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_ia64.deb
Size/MD5 checksum: 931572 a74e996b87300057ef62722bdccf072c
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_ia64.deb
Size/MD5 checksum: 13684804 ec46eeb74513b1c42288f0c186313505
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_mips.deb
Size/MD5 checksum: 10424544 8f76ad6d63aecdb627850b2729655b3e
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_mips.deb
Size/MD5 checksum: 636682 909599c2175d06ba483baac5fbef9715
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_mips.deb
Size/MD5 checksum: 113264 333e8a51080d13136689b9786e4d0061
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_mips.deb
Size/MD5 checksum: 585810 921806111c71ed490ff18e05ef5383c7
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_mipsel.deb
Size/MD5 checksum: 113454 9602da05aa4bc7a22432bcd720660cc0
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_mipsel.deb
Size/MD5 checksum: 570006 1e8cb3f56fa73956d52268d237c15baf
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_mipsel.deb
Size/MD5 checksum: 627162 2ef6443e548130d6d7f3e7bdf0176b6a
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_mipsel.deb
Size/MD5 checksum: 9729736 fa8030ec05b4e395f0ba3c90ee670e46
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_powerpc.deb
Size/MD5 checksum: 582794 f2e0c6a4336e42c023c4f1db3dc00dd8
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_powerpc.deb
Size/MD5 checksum: 677742 0dda6ce349cf9e844e7ba074765ab682
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_powerpc.deb
Size/MD5 checksum: 11220016 5e5f2754bef30795bdab7486c5dd8a72
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_powerpc.deb
Size/MD5 checksum: 122572 ac15689cd78a06ac3472760c10a253af
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_s390.deb
Size/MD5 checksum: 12488184 b916661193fbbdef2e6838f5e144e0c4
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_s390.deb
Size/MD5 checksum: 122150 fa1d1a623a2cd95b2d59f5d910226086
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_s390.deb
Size/MD5 checksum: 569966 9c91e4417d2860da5e9903410f92d775
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_s390.deb
Size/MD5 checksum: 671588 c2f017d2cb7bdd3a8c7c5f85aef2df6f
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_sparc.deb
Size/MD5 checksum: 11287328 d4bb52efa605646c1c207565c9c1eb77
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_sparc.deb
Size/MD5 checksum: 583744 803661967720b8f8d048844afef3a6b3
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_sparc.deb
Size/MD5 checksum: 113520 0f733a8ef1549c573cf4055ee37e1842
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_sparc.deb
Size/MD5 checksum: 629600 f7ed1aa09cb192c7d8f844cfc7fae2bc
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkx9c8QACgkQXm3vHE4uylrESACfTJUNw4OFiIQV7Iaw4pwS/fQa
S7IAn1YBxtdVgDDmJi/ufNW05qKFhQsn
=iB+3
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/20100831212844.GA3798@galadriel.inutil.org
Cisco patches bug that crashed 1 percent of Internet
Internet Speeds Vary by City -- Why? | Back-to-school tech bargains: Week 4 | ||||||||||
Network World Daily News PM | ||||||||||
Cisco patches bug that crashed 1 percent of Internet WHITE PAPER: Compuware Insights to Application Performance Management Pressure to ensure superior application performance has never been greater. This Network World guide provides insight on APM best practices with articles on meeting the needs of mobile workers, Web applications' unique demands and integrating applications residing in the cloud. . Read now In this Issue
WHITE PAPER: ArcSight Building a Successful Security Operations Center This paper outlines industry best practices for building and maturing a security operations center (SOC). For those organizations planning to build a SOC or those organizations hoping to improve their existing SOC this paper will outline the typical mission parameters, the business case, people considerations, processes and procedures, as well as, the technology involved. Building a Successful Security Operations Center Internet Speeds Vary by City -- Why? Back-to-school tech bargains: Week 4 3D, tablets galore expected at consumer electronics show Join Network World's group on LinkedIn WHITE PAPER: Red Hat Planning Guide: SAP to Red Hat Migration Lower costs and improve performance migrating SAP to Red Hat Enterprise Linux. Download this guide today and discover how you can perform a basic installation and migration in less than 1 day. Examine pre- and post-migration considerations and other upfront planning topics to help avoid potential problems. Read more Trend Micro brings encryption to the cloud RSA Security Extends Compliance to Virtualization Have we reached a tipping point for cloud-based VoIP? VMware aims to displace Windows with cloud-based desktop apps WHITE PAPER: Blue Coat Systems Delivering Faster Applications to Any User, Anywhere This guide looks at the specific issues behind application performance problems and how to resolve them within a WAN Optimization environment. Read More Google to roll out e-mail prioritizing feature in Gmail Hyper-V eating VMware's lunc -- er, snack Comcast and NBC - No Merger, No Way NASA helps two commercial spacecraft blast off | ||||||||||
Join us on LinkedIn Discuss the networking issues of the day with your colleagues, via Network World's LinkedIn group. Join today! SLIDESHOWS Are you the corporate geezer? The hottest virtualization products at VMworld MOST-READ STORIES
| ||||||||||
Do You Tweet? You are currently subscribed to networkworld_daily_news_alert as security.world@gmail.com. Unsubscribe from this newsletter | Manage your subscriptions | Privacy Policy To contact Network World, please send an e-mail to customer_service@nww.com. Copyright (C) 2010 Network World, 492 Old Connecticut Path, Framingham MA 01701 ** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. ** |
Develop an Effective Encryption Strategy
Encryption Key Recovery is a Fact of Encryption Usage. Learn more>>
Encryption Deep Dive Secure Cryptography for Enterprise Computing
Modern encryption systems are complex. This InfoWorld guide cuts through the jargon and examines:
Protecting data at rest and in transit
Proving data integrity and authentication
Encryption and decryption
Cipher keys
Weaknesses of cryptographic systems
Asymmetric public key encryption
Thank you,
InfoWorld
Storage Efficiency Innovation Without Compromise
How to store the maximum amount of data for lowest possible cost.
Read Now.
Sign up for InfoWorld Alerts, and receive customized information on topics including Security, Virtualization, Green IT, Networking, and many more!
SUBSCRIPTION SERVICES - You are currently subscribed as security.world@gmail.com. If you do not wish to receive future mailings from InfoWorld Online Resources, need to change your email or other preference, please visit: http://optouts.newsletters.infoworld.com/index.html?dept_id=2&emid=pyKllpH2BklbiwYMiAs0tyXjVZiIkK3IkTINkLYjHcM%3d
If the above URL is not enabled as a link, please copy it in to your browser window to access our Subscription Page.
View InfoWorld's online privacy policy .
Copyright 2010 | InfoWorld | 501 Second St | San Francisco CA 94107 | www.infoworld.com
firewall-wizards Digest, Vol 52, Issue 8
firewall-wizards@listserv.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com
You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. Re: In search of Firewalls KPIs (pkc_mls)
2. UPnP part of attack surface
(travis+ml-firewalls@subspacefield.org)
----------------------------------------------------------------------
Message: 1
Date: Mon, 30 Aug 2010 14:33:28 +0200
From: pkc_mls <pkc_mls@yahoo.Fr>
Subject: Re: [fw-wiz] In search of Firewalls KPIs
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <4C7BA518.1020302@yahoo.Fr>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Le 8/12/2010 11:07 PM, saumitra prabhudesai a ?crit :
> Hi All,
>
Hi,
> I am in search of the essential KPIs to be monitored for Juniper
> Netscreen Firewalls. After the identification of these KPIs, I want to
> go ahead for capacity planning & performance optimization of these
> firewalls. Any piece of advise will help!
>
> Thanks,
> Saumitra
>
>
Can you please describe a little bit more what you plan to do, which
models are involved, which scenarios, etc ?
The KPI are the same for several firewall vendors : cpu, memory, number
of sessions, throughput, etc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20100830/f19c07b4/attachment-0001.html>
------------------------------
Message: 2
Date: Wed, 25 Aug 2010 08:06:37 -0700
From: travis+ml-firewalls@subspacefield.org
Subject: [fw-wiz] UPnP part of attack surface
To: firewall-wizards@listserv.icsalabs.com
Message-ID: <20100825150637.GN30704@subspacefield.org>
Content-Type: text/plain; charset="us-ascii"
http://it.slashdot.org/it/08/01/14/1319256.shtml
One reason I'm interested in an authenticated way to do firewall
rule changes with DFD...
--
It asked me for my race, so I wrote in "human". -- The Beastie Boys
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/
If you are a spammer, please email john@subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20100825/9705916d/attachment-0001.pgp>
------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest, Vol 52, Issue 8
***********************************************
Burning Man's open source cell phone system could help save the world
The hottest virtualization products at VMworld | VMware disses bare-metal desktop hypervisors | ||||||||||
Network World Daily News AM | ||||||||||
Burning Man's open source cell phone system could help save the world RESOURCE COMPLIMENTS OF: Cisco Cisco Data Center Architecture Event Join us Sept. 14, 2010, 9-10 a.m. PT for this online event to learn how Cisco's new architectural vision for the data center helps companies evolve their data center and cloud computing needs to easily respond and adapt to the changing needs of the dynamic networked organization. Register now. In this Issue
RESOURCE COMPLIMENTS OF: DEMO Conference Winner Major advances in understanding emotions conveyed by voice DEMO Conference $1M Media Prize winner- eXaudios MagInify decodes people's emotions in realtime as they speak. Watch their DEMO Spring 2010 product launch at http://www.demo.com/dswinner Click to continue The hottest virtualization products at VMworld VMware disses bare-metal desktop hypervisors Why Cisco Wants to Purchase Skype WHITE PAPER: Xerox Cutting through complexity at Reuters Reuters, the world's largest news agency, implemented managed print services that reduced the total cost of their printer fleet by up to 19% per year while increasing user satisfaction and productivity. Read Now. Hurricane Earl may test IT teleworkers Scam preys on required TweetDeck update VMware positions Java for the cloud WHITE PAPER: F5 Networks 7 Key Challenges You Can't Ignore While virtualization infrastructure platforms provide considerable advantages, VMs also add complexity. By planning for your migration, and recognizing the challenges, you can seamlessly optimize your virtual network and storage environment. Read Now! Google disputes bug patching report Ruby on Rails 3.0 now available Microsoft to build giant data center in Virginia Forces behind electric vehicles revving their engines | ||||||||||
Join us on LinkedIn Discuss the networking issues of the day with your colleagues, via Network World's LinkedIn group. Join today! SLIDESHOWS Cloud storage lives up to the hype Wireless networks and mobility quiz MOST-READ STORIES
| ||||||||||
Do You Tweet? You are currently subscribed to networkworld_daily_news_alert as security.world@gmail.com. Unsubscribe from this newsletter | Manage your subscriptions | Privacy Policy To contact Network World, please send an e-mail to customer_service@nww.com. Copyright (C) 2010 Network World, 492 Old Connecticut Path, Framingham MA 01701 ** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. ** |