---------------------------------------------------------------------- Did you know? Our assessment and impact rating along with detailed information such as exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/ Click here to trial our solutions: http://secunia.com/advisories/try_vi/ ---------------------------------------------------------------------- TITLE: Debian update for ndiswrapper SECUNIA ADVISORY ID: SA34134 VERIFY ADVISORY: http://secunia.com/advisories/34134/ DESCRIPTION: Debian has issued an update for ndiswrapper. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. The vulnerability is caused due to a boundary error in the ndiswrapper kernel driver when processing wireless network packets. This can be exploited to cause a buffer overflow via an overly long ESSID (Extended Service Set Identifier). SOLUTION: Apply updated packages. -- Debian GNU/Linux 4.0 alias etch -- Source archives: http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper_1.28-1+etch1.diff.gz Size/MD5 checksum: 8480 5f89b53c0adefd6c3a894ea0f35f8d25 http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper_1.28.orig.tar.gz Size/MD5 checksum: 187576 c7655d7e85df7d724be4c0ae973d957e http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper_1.28-1+etch1.dsc Size/MD5 checksum: 723 b38be610377feff2433069addb88bb7b Architecture independent packages: http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper-common_1.28-1+etch1_all.deb Size/MD5 checksum: 16556 335ac5bfd0898d13d2467005a68b1a03 http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper-source_1.28-1+etch1_all.deb Size/MD5 checksum: 150532 7a09fe7069f263df9c659f519a5e5a2e amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper-utils-1.9_1.28-1+etch1_amd64.deb Size/MD5 checksum: 30402 3316cdad5626350a07a09830b29cb55a i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper-utils-1.9_1.28-1+etch1_i386.deb Size/MD5 checksum: 30414 464e12e2751d26e6e0d810d608fde8d9 -- Debian GNU/Linux unstable alias sid -- Fixed in version 1.53-2. ORIGINAL ADVISORY: DSA-1731-1: http://lists.debian.org/debian-security-announce/2009/msg00041.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------