Ubuntu
ettercap package

ettercap security vulnerabilities

Bug #1695722 reported by Gianfranco Costamagna
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ettercap (Ubuntu)
Fix Released
Undecided
Emily Ratliff

Bug Description

CVE-2017-6430
CVE-2017-8366

CVE References

Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :
Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :
Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :
Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :
Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :
Emily Ratliff (emilyr)
Changed in ettercap (Ubuntu):
assignee: nobody → Emily Ratliff (emilyr)
status: New → In Progress
Revision history for this message
Emily Ratliff (emilyr) wrote :

Thanks for providing the debdiffs and helping make Ubuntu better, LocutusOfBorg! In addition to fixing the CVEs, these debdiffs enable ASAN (see buildlog [0]) which is not recommended for production use (see [1]). Would you be able to provide an updated debdiff which omits this portion of the patch?

[0] https://launchpadlibrarian.net/322651071/buildlog_ubuntu-trusty-amd64.ettercap_1%3A0.8.0-11ubuntu0.2_BUILDING.txt.gz
[1] http://www.openwall.com/lists/oss-security/2016/02/17/9

Changed in ettercap (Ubuntu):
status: In Progress → Incomplete
Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

new version

Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :
Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :
Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :
Changed in ettercap (Ubuntu):
status: Incomplete → New
Emily Ratliff (emilyr)
Changed in ettercap (Ubuntu):
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ettercap - 1:0.8.2-4ubuntu1.17.04.1

---------------
ettercap (1:0.8.2-4ubuntu1.17.04.1) zesty-security; urgency=medium

  * SECURITY UPDATE (LP: #1695722):
  * debian/patches/803.patch:
    - fix buffer overflow/underflow with bad filters (Closes: #861604).
      CVE-2017-8366 (Buffer overflow/underflow issue)
  - CVE-2017-8366

 -- Gianfranco Costamagna <email address hidden> Sun, 04 Jun 2017 12:33:30 +0200

Changed in ettercap (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ettercap - 1:0.8.2-2ubuntu1.16.10.1

---------------
ettercap (1:0.8.2-2ubuntu1.16.10.1) yakkety-security; urgency=medium

  * SECURITY UPDATE (LP: #1695722):
  * debian/patches/626dc56686f15f2dda13c48f78c2a666cb6d8506.patch:
    - upstream fix fox CVE-2017-6430 (Closes: #857035)
      (crash fix when a corrupted filter is used)
  * debian/patches/803.patch:
    - fix buffer overflow/underflow with bad filters (Closes: #861604).
      CVE-2017-8366 (Buffer overflow/underflow issue)
  - CVE-2017-6430
  - CVE-2017-8366

 -- Gianfranco Costamagna <email address hidden> Sun, 04 Jun 2017 12:33:30 +0200

Changed in ettercap (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ettercap - 1:0.8.0-11ubuntu0.3

---------------
ettercap (1:0.8.0-11ubuntu0.3) trusty-security; urgency=medium

  * SECURITY UPDATE (LP: #1695722):
  * debian/patches/626dc56686f15f2dda13c48f78c2a666cb6d8506.patch:
    - upstream fix fox CVE-2017-6430 (Closes: #857035)
      (crash fix when a corrupted filter is used)
  * debian/patches/803.patch:
    - fix buffer overflow/underflow with bad filters (Closes: #861604).
      CVE-2017-8366 (Buffer overflow/underflow issue)
  - CVE-2017-6430
  - CVE-2017-8366

 -- Gianfranco Costamagna <email address hidden> Sun, 04 Jun 2017 12:50:30 +0200

Changed in ettercap (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.