| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 10 Mar 2014 18:09:00 +0100 From: security@...driva.com To: full-disclosure@...ts.grok.org.uk Subject: [ MDVSA-2014:050 ] wireshark -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:050 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : wireshark Date : March 10, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities was found and corrected in Wireshark: * The NFS dissector could crash. Discovered by Moshe Kaplan (CVE-2014-2281). * The RLC dissector could crash (CVE-2014-2283). * The MPEG file parser could overflow a buffer. Discovered by Wesley Neelen (CVE-2014-2299). This advisory provides the latest version of Wireshark (1.8.13) which is not vulnerable to these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2281 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2283 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2299 http://www.wireshark.org/security/wnpa-sec-2014-01.html http://www.wireshark.org/security/wnpa-sec-2014-03.html http://www.wireshark.org/security/wnpa-sec-2014-04.html _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 4f641d05af87e5a053edd599e23975c7 mes5/i586/dumpcap-1.8.13-0.1mdvmes5.2.i586.rpm b1a8a82298dd88bde7f9e41b1a73b47d mes5/i586/libwireshark2-1.8.13-0.1mdvmes5.2.i586.rpm 896c658c6ddacc562a0d70366c64aefd mes5/i586/libwireshark-devel-1.8.13-0.1mdvmes5.2.i586.rpm b3287396b309bd0ec077ec03647356ac mes5/i586/rawshark-1.8.13-0.1mdvmes5.2.i586.rpm b05f181a687aee422bcc9d2a0dbedecc mes5/i586/tshark-1.8.13-0.1mdvmes5.2.i586.rpm a3c609066ee5c522f735160b791b3d1d mes5/i586/wireshark-1.8.13-0.1mdvmes5.2.i586.rpm 8e3d5cddff1cf5b3de28e6fd6298a412 mes5/i586/wireshark-tools-1.8.13-0.1mdvmes5.2.i586.rpm 104a5965c230eba36b23945ea4d378e6 mes5/SRPMS/wireshark-1.8.13-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: bf3e734f58c22f4a7d4cb9a92c723e6b mes5/x86_64/dumpcap-1.8.13-0.1mdvmes5.2.x86_64.rpm f3f2f97f4a0dab273fe6821f9b3dcda2 mes5/x86_64/lib64wireshark2-1.8.13-0.1mdvmes5.2.x86_64.rpm d7182aa64192b2b4856ce1deb25da35d mes5/x86_64/lib64wireshark-devel-1.8.13-0.1mdvmes5.2.x86_64.rpm ce9a49108e3e37385b1ecd1aec0818b5 mes5/x86_64/rawshark-1.8.13-0.1mdvmes5.2.x86_64.rpm 345d1066d8dda18a06b0f9b0f34b12ff mes5/x86_64/tshark-1.8.13-0.1mdvmes5.2.x86_64.rpm 49cf7c4dbec20d065ff535f5bc500d3b mes5/x86_64/wireshark-1.8.13-0.1mdvmes5.2.x86_64.rpm 79c290d0a6934440a3989e696f6e3a2d mes5/x86_64/wireshark-tools-1.8.13-0.1mdvmes5.2.x86_64.rpm 104a5965c230eba36b23945ea4d378e6 mes5/SRPMS/wireshark-1.8.13-0.1mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 919616ad2d26713c2d0a4148d06cc671 mbs1/x86_64/dumpcap-1.8.13-1.mbs1.x86_64.rpm 32bc98bd5e9d2e19043d77ba944413fb mbs1/x86_64/lib64wireshark2-1.8.13-1.mbs1.x86_64.rpm e966a54884894738c89859f3768aed5c mbs1/x86_64/lib64wireshark-devel-1.8.13-1.mbs1.x86_64.rpm b96bbb6c34d1bf867e7409392b82817a mbs1/x86_64/rawshark-1.8.13-1.mbs1.x86_64.rpm a803b639bdf2ffa9d905bae772d19498 mbs1/x86_64/tshark-1.8.13-1.mbs1.x86_64.rpm ba694e53492db08cb4db43ae181b519f mbs1/x86_64/wireshark-1.8.13-1.mbs1.x86_64.rpm c24508e134fd8be7216f4a165dc3f71c mbs1/x86_64/wireshark-tools-1.8.13-1.mbs1.x86_64.rpm bc9586d2a42a3b7f52a02843905c7f59 mbs1/SRPMS/wireshark-1.8.13-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTHcXMmqjQ0CJFipgRApA3AJ9dlqu6qQiutinpvBDtprtQHoIKIQCeM396 03x4Ft2ynLHpeO4UFnID4QM= =F8Lb -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists