lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1JAD2a-0006Ry-2o@artemis.annvix.ca>
Date: Wed, 02 Jan 2008 16:30:28 -0700
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2008:1 ] - Updated wireshark packages fix multiple
 vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                           MDVSA-2008:1
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : wireshark
 Date    : January 2, 2008
 Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A number of vulnerabilities in the Wireshark program were found that
 could cause crashes, excessive looping, or arbitrary code execution.
 
 This update rovides Wireshark 0.99.7 which is not vulnerable to
 these issues.
 
 An updated version of libsmi is also being provided, not because
 of security issues, but because this version of wireshark uses it
 instead of net-snmp for SNMP support.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6111
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6112
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6113
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6114
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6115
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6116
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6117
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6118
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6119
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6120
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6121
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6438
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6439
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6441
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6450
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6451
 http://www.wireshark.org/security/wnpa-sec-2007-03.html
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 3b8e9077915d6d2b26334de8d2f845fe  2007.0/i586/libsmi-mibs-ext-0.4.5-2.2mdv2007.0.i586.rpm
 dbe6a64db1d2fccb573a3e3f67f973f8  2007.0/i586/libsmi-mibs-std-0.4.5-2.2mdv2007.0.i586.rpm
 87d655b543be31d5ae0f58a8dbf97027  2007.0/i586/libsmi2-0.4.5-2.2mdv2007.0.i586.rpm
 4ff75e902911eb3ff3fdf307220ca62d  2007.0/i586/libsmi2-devel-0.4.5-2.2mdv2007.0.i586.rpm
 49765d2627d5d361fea25034a7cffdb3  2007.0/i586/libwireshark0-0.99.7-0.1mdv2007.0.i586.rpm
 0a01841128e59b2f7d176294017c6763  2007.0/i586/smi-tools-0.4.5-2.2mdv2007.0.i586.rpm
 8aa19bb4d1e9117ca49513cc59029796  2007.0/i586/tshark-0.99.7-0.1mdv2007.0.i586.rpm
 3bc0b4bab65defa5bf6e35759031fcb7  2007.0/i586/wireshark-0.99.7-0.1mdv2007.0.i586.rpm
 c0c54d8444367c6183c62cece8cac049  2007.0/i586/wireshark-tools-0.99.7-0.1mdv2007.0.i586.rpm 
 7968c27be369f6b1f420fa24a4a515a1  2007.0/SRPMS/libsmi-0.4.5-2.2mdv2007.0.src.rpm
 93d4485e496435ada84767d57f7c1225  2007.0/SRPMS/wireshark-0.99.7-0.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 5f6ce5ab3aec1f5127103b072bd119f8  2007.0/x86_64/lib64smi2-0.4.5-2.2mdv2007.0.x86_64.rpm
 be3c430ecada008c60cf35e286825708  2007.0/x86_64/lib64smi2-devel-0.4.5-2.2mdv2007.0.x86_64.rpm
 c6fe3c1044e2dd49e6ba317ccb894584  2007.0/x86_64/lib64wireshark0-0.99.7-0.1mdv2007.0.x86_64.rpm
 9d8536864c09ad40dd4224fa3b0d574d  2007.0/x86_64/libsmi-mibs-ext-0.4.5-2.2mdv2007.0.x86_64.rpm
 6f038a40025193ca8051b0460fb7caa5  2007.0/x86_64/libsmi-mibs-std-0.4.5-2.2mdv2007.0.x86_64.rpm
 68369d61905e99fe3ccaf53f5e57bc8e  2007.0/x86_64/smi-tools-0.4.5-2.2mdv2007.0.x86_64.rpm
 c26ac8fc5775cd607c661690329ab1e1  2007.0/x86_64/tshark-0.99.7-0.1mdv2007.0.x86_64.rpm
 d459878bb96b1876b5bd6bb474e4a7ce  2007.0/x86_64/wireshark-0.99.7-0.1mdv2007.0.x86_64.rpm
 0f8cb96e05b83022fb31444bc01e08c3  2007.0/x86_64/wireshark-tools-0.99.7-0.1mdv2007.0.x86_64.rpm 
 7968c27be369f6b1f420fa24a4a515a1  2007.0/SRPMS/libsmi-0.4.5-2.2mdv2007.0.src.rpm
 93d4485e496435ada84767d57f7c1225  2007.0/SRPMS/wireshark-0.99.7-0.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 d4f8fcfde7e4a5f547282829163a6838  2007.1/i586/libsmi-mibs-ext-0.4.5-2.2mdv2007.1.i586.rpm
 be6c823a10d7dd7ea3b23da1606e30a7  2007.1/i586/libsmi-mibs-std-0.4.5-2.2mdv2007.1.i586.rpm
 ae2f88e691ebb0b376a136fa2f7a5949  2007.1/i586/libsmi2-0.4.5-2.2mdv2007.1.i586.rpm
 245b8d9a9b8f85437f8c4aebb81479c6  2007.1/i586/libsmi2-devel-0.4.5-2.2mdv2007.1.i586.rpm
 8fe776c3019f672043e5346fd4462995  2007.1/i586/libwireshark0-0.99.7-0.1mdv2007.1.i586.rpm
 42fb7f4c0baaed536c933adc1e4cb07c  2007.1/i586/smi-tools-0.4.5-2.2mdv2007.1.i586.rpm
 1fefa448daf9412b9475a1fcb908ddc4  2007.1/i586/tshark-0.99.7-0.1mdv2007.1.i586.rpm
 6df4f1564d1d20087b87ad12c2afc7d8  2007.1/i586/wireshark-0.99.7-0.1mdv2007.1.i586.rpm
 18263c6e83de541e5c241ee90e6c07d7  2007.1/i586/wireshark-tools-0.99.7-0.1mdv2007.1.i586.rpm 
 db3984a957602d0d4d92b3afb3a99d4e  2007.1/SRPMS/libsmi-0.4.5-2.2mdv2007.1.src.rpm
 ff37f6fc51d9f1fceb55e7cc993e7de5  2007.1/SRPMS/wireshark-0.99.7-0.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 33c0feb8826a285b520ec5779e94b193  2007.1/x86_64/lib64smi2-0.4.5-2.2mdv2007.1.x86_64.rpm
 27af7f9e7aa57ae63b4afc44c7cf5509  2007.1/x86_64/lib64smi2-devel-0.4.5-2.2mdv2007.1.x86_64.rpm
 49b666ff593a860f1930f66d1ce4defe  2007.1/x86_64/lib64wireshark0-0.99.7-0.1mdv2007.1.x86_64.rpm
 aee09168343a531052b148ee2b8cb612  2007.1/x86_64/libsmi-mibs-ext-0.4.5-2.2mdv2007.1.x86_64.rpm
 de9f9609eb2b1fa492179af10a4ae48b  2007.1/x86_64/libsmi-mibs-std-0.4.5-2.2mdv2007.1.x86_64.rpm
 d8e3b591abae976a1a0171824a36c906  2007.1/x86_64/smi-tools-0.4.5-2.2mdv2007.1.x86_64.rpm
 a26a60457e667e0bf28911bd17f9031f  2007.1/x86_64/tshark-0.99.7-0.1mdv2007.1.x86_64.rpm
 55a41bf37f237a77b6d700521222865a  2007.1/x86_64/wireshark-0.99.7-0.1mdv2007.1.x86_64.rpm
 1253938c2b8b83846fbcba775d1abfb6  2007.1/x86_64/wireshark-tools-0.99.7-0.1mdv2007.1.x86_64.rpm 
 db3984a957602d0d4d92b3afb3a99d4e  2007.1/SRPMS/libsmi-0.4.5-2.2mdv2007.1.src.rpm
 ff37f6fc51d9f1fceb55e7cc993e7de5  2007.1/SRPMS/wireshark-0.99.7-0.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 8ddec7918618ad0c05681c9e868d5749  2008.0/i586/libsmi-devel-0.4.5-2.1mdv2008.0.i586.rpm
 515291f1ea87bc98886232c88d8e77ac  2008.0/i586/libsmi-mibs-ext-0.4.5-2.1mdv2008.0.i586.rpm
 428ca0dd4c11b4a52e9b8b55c1226889  2008.0/i586/libsmi-mibs-std-0.4.5-2.1mdv2008.0.i586.rpm
 78d313e34cd392ad925c497d77703bd1  2008.0/i586/libsmi2-0.4.5-2.1mdv2008.0.i586.rpm
 e9d9a6560a9f35a325c45142c20d73a7  2008.0/i586/libwireshark-devel-0.99.7-0.1mdv2008.0.i586.rpm
 8cd27aef2b1d9a74125aa09a0fd67c62  2008.0/i586/libwireshark0-0.99.7-0.1mdv2008.0.i586.rpm
 03ec7ad86e36e72f5726ef3e61d0c966  2008.0/i586/smi-tools-0.4.5-2.1mdv2008.0.i586.rpm
 ddb7b8990649bc5dfb924ab138b5f166  2008.0/i586/tshark-0.99.7-0.1mdv2008.0.i586.rpm
 acd81887f0c6d376c5c27c25bd9ce573  2008.0/i586/wireshark-0.99.7-0.1mdv2008.0.i586.rpm
 42d89dc7de0b0d95de0b145348fbe434  2008.0/i586/wireshark-tools-0.99.7-0.1mdv2008.0.i586.rpm 
 1f6549a3de8de269542ed3136059de7d  2008.0/SRPMS/libsmi-0.4.5-2.1mdv2008.0.src.rpm
 7d2618f7919055f24c6a5a0a642c012c  2008.0/SRPMS/wireshark-0.99.7-0.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 422f39bcba64fdc3034d8ae4107d0c83  2008.0/x86_64/lib64smi-devel-0.4.5-2.1mdv2008.0.x86_64.rpm
 82cee9a6f246a30e3981639ad559ac99  2008.0/x86_64/lib64smi2-0.4.5-2.1mdv2008.0.x86_64.rpm
 e2750893002c9f30573bf9f13e208a24  2008.0/x86_64/lib64wireshark-devel-0.99.7-0.1mdv2008.0.x86_64.rpm
 053969419e2af559526b382f891d5b5e  2008.0/x86_64/lib64wireshark0-0.99.7-0.1mdv2008.0.x86_64.rpm
 9e52ac6e6da6ee73a9e5ee9713b93eac  2008.0/x86_64/libsmi-mibs-ext-0.4.5-2.1mdv2008.0.x86_64.rpm
 56dda40a8b674d50338c09895d5b0edb  2008.0/x86_64/libsmi-mibs-std-0.4.5-2.1mdv2008.0.x86_64.rpm
 d12810fb24e625beff6000b0eb11319f  2008.0/x86_64/smi-tools-0.4.5-2.1mdv2008.0.x86_64.rpm
 2a4d7a7174e29b939f7328b6c42b0cbe  2008.0/x86_64/tshark-0.99.7-0.1mdv2008.0.x86_64.rpm
 d9f0965ee9bd47c2a7e29d2adb7632ce  2008.0/x86_64/wireshark-0.99.7-0.1mdv2008.0.x86_64.rpm
 7045d748d1bff2cc6372efcc1fa8eee9  2008.0/x86_64/wireshark-tools-0.99.7-0.1mdv2008.0.x86_64.rpm 
 1f6549a3de8de269542ed3136059de7d  2008.0/SRPMS/libsmi-0.4.5-2.1mdv2008.0.src.rpm
 7d2618f7919055f24c6a5a0a642c012c  2008.0/SRPMS/wireshark-0.99.7-0.1mdv2008.0.src.rpm

 Corporate 4.0:
 3105c7480d1466787bab5c202a24c881  corporate/4.0/i586/libsmi-mibs-ext-0.4.5-2.2.20060mlcs4.i586.rpm
 6b1f79d9dcfede50a77833d7e27b2207  corporate/4.0/i586/libsmi-mibs-std-0.4.5-2.2.20060mlcs4.i586.rpm
 3a022e89d08142476e1dd697da40aefd  corporate/4.0/i586/libsmi2-0.4.5-2.2.20060mlcs4.i586.rpm
 ce253c3fd84efb95e9f80d91d2047ba3  corporate/4.0/i586/libsmi2-devel-0.4.5-2.2.20060mlcs4.i586.rpm
 cb1558626b02c7ac7a60f2470e22406f  corporate/4.0/i586/libwireshark0-0.99.7-0.1.20060mlcs4.i586.rpm
 ba73ddd29044d4d93cec49dcd737efae  corporate/4.0/i586/smi-tools-0.4.5-2.2.20060mlcs4.i586.rpm
 16fde2392ce2adf31a992010cbec390f  corporate/4.0/i586/tshark-0.99.7-0.1.20060mlcs4.i586.rpm
 f9eca8f2b302d3dbb8d7379d4038e910  corporate/4.0/i586/wireshark-0.99.7-0.1.20060mlcs4.i586.rpm
 71fe25c9a1bd3b9bdb0339c51aa9463c  corporate/4.0/i586/wireshark-tools-0.99.7-0.1.20060mlcs4.i586.rpm 
 a050e420402960d4ff2608487326bc31  corporate/4.0/SRPMS/libsmi-0.4.5-2.2.20060mlcs4.src.rpm
 5cce91e2cb4c0e330b7280131870640f  corporate/4.0/SRPMS/wireshark-0.99.7-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 22ae3adf154cd430b91c1883344df21d  corporate/4.0/x86_64/lib64smi2-0.4.5-2.2.20060mlcs4.x86_64.rpm
 fa4f2e5e8a8f4b055ba34ea3d6c33224  corporate/4.0/x86_64/lib64smi2-devel-0.4.5-2.2.20060mlcs4.x86_64.rpm
 1601e097303a14f2b9c36d13b6d8e785  corporate/4.0/x86_64/lib64wireshark0-0.99.7-0.1.20060mlcs4.x86_64.rpm
 c682b4bb19a9161ffe0d4520a091815e  corporate/4.0/x86_64/libsmi-mibs-ext-0.4.5-2.2.20060mlcs4.x86_64.rpm
 7605b1a4a0c911e4de3c5658e87bd2fd  corporate/4.0/x86_64/libsmi-mibs-std-0.4.5-2.2.20060mlcs4.x86_64.rpm
 1ffe2793d1ec3747e503caa0ae38faed  corporate/4.0/x86_64/smi-tools-0.4.5-2.2.20060mlcs4.x86_64.rpm
 6e405520c32127950447cf43c3399bf7  corporate/4.0/x86_64/tshark-0.99.7-0.1.20060mlcs4.x86_64.rpm
 3d5691445aabafc9b1871c0f46df4cb0  corporate/4.0/x86_64/wireshark-0.99.7-0.1.20060mlcs4.x86_64.rpm
 9509f638dbab7c4e5a89f356db1d49fc  corporate/4.0/x86_64/wireshark-tools-0.99.7-0.1.20060mlcs4.x86_64.rpm 
 a050e420402960d4ff2608487326bc31  corporate/4.0/SRPMS/libsmi-0.4.5-2.2.20060mlcs4.src.rpm
 5cce91e2cb4c0e330b7280131870640f  corporate/4.0/SRPMS/wireshark-0.99.7-0.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iEYEARECAAYFAkd784IACgkQmqjQ0CJFipj6/wCeLFypfxZdEJROyKUw9KfwAflZ
feIAoJa2hM9XvT54eiCPdYwhA9KURMIy
=4Y2q
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ