lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1NXL0X-0001Ov-2M@titan.mandriva.com>
Date: Tue, 19 Jan 2010 21:49:01 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2010:016 ] wireshark


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:016
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : January 19, 2010
 Affected: 2010.0
 _______________________________________________________________________

 Problem Description:

 This advisory updates wireshark to the latest 1.2.5 version, fixing
 several bugs and two security issues:
 - The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through
 1.2.4 allow remote attackers to cause a denial of service (crash)
 via a crafted packet (CVE-2009-4377)
 - Buffer overflow in the daintree_sna_read function in the Daintree SNA
 file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers
 to cause a denial of service (crash) and possibly execute arbitrary
 code via a crafted packet (CVE-2009-4376)
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4376
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4377
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.0:
 71fad681a10a98ad96748d56b43bd960  2010.0/i586/dumpcap-1.2.5-0.1mdv2010.0.i586.rpm
 43ffdef387c1fad7fbb160d2d889204c  2010.0/i586/libwireshark0-1.2.5-0.1mdv2010.0.i586.rpm
 5cfb711e7f8570d4c53a7e39d21493c9  2010.0/i586/libwireshark-devel-1.2.5-0.1mdv2010.0.i586.rpm
 855aaba96ae547f133accc19d28f4b2a  2010.0/i586/rawshark-1.2.5-0.1mdv2010.0.i586.rpm
 0ebac28e997e78c262a8db3697a23fde  2010.0/i586/tshark-1.2.5-0.1mdv2010.0.i586.rpm
 c2153b4b3464dd386893e6229d9c8f50  2010.0/i586/wireshark-1.2.5-0.1mdv2010.0.i586.rpm
 9f51d0e64efd305a6d467733a32aeec7  2010.0/i586/wireshark-tools-1.2.5-0.1mdv2010.0.i586.rpm 
 ee0acbe505f1858cb59910e31b7bf4c2  2010.0/SRPMS/wireshark-1.2.5-0.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 6e15d89640ea989bef2a24f0425b2a3c  2010.0/x86_64/dumpcap-1.2.5-0.1mdv2010.0.x86_64.rpm
 8e3b54a7a3d1e7d3b4adfdb70559c752  2010.0/x86_64/lib64wireshark0-1.2.5-0.1mdv2010.0.x86_64.rpm
 92d2201100d1287e6e9164c8359e7560  2010.0/x86_64/lib64wireshark-devel-1.2.5-0.1mdv2010.0.x86_64.rpm
 15700bec5593abcf433411681f550b04  2010.0/x86_64/rawshark-1.2.5-0.1mdv2010.0.x86_64.rpm
 d116da6fdb16399ed7fb2844d40a482b  2010.0/x86_64/tshark-1.2.5-0.1mdv2010.0.x86_64.rpm
 097559cc9433780f5ed4c7a59f60a48d  2010.0/x86_64/wireshark-1.2.5-0.1mdv2010.0.x86_64.rpm
 f33ba47217f3119efdd72bd45acbc2fa  2010.0/x86_64/wireshark-tools-1.2.5-0.1mdv2010.0.x86_64.rpm 
 ee0acbe505f1858cb59910e31b7bf4c2  2010.0/SRPMS/wireshark-1.2.5-0.1mdv2010.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLVfA+mqjQ0CJFipgRAty7AJ98uQATqxPiIV6XZxridVVB2EXiaQCcCT6B
XzjQPq1qfm35N5YckR5xiis=
=U+on
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ