[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1NXL0X-0001Ov-2M@titan.mandriva.com>
Date: Tue, 19 Jan 2010 21:49:01 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2010:016 ] wireshark
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:016
http://www.mandriva.com/security/
_______________________________________________________________________
Package : wireshark
Date : January 19, 2010
Affected: 2010.0
_______________________________________________________________________
Problem Description:
This advisory updates wireshark to the latest 1.2.5 version, fixing
several bugs and two security issues:
- The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through
1.2.4 allow remote attackers to cause a denial of service (crash)
via a crafted packet (CVE-2009-4377)
- Buffer overflow in the daintree_sna_read function in the Daintree SNA
file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers
to cause a denial of service (crash) and possibly execute arbitrary
code via a crafted packet (CVE-2009-4376)
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4377
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.0:
71fad681a10a98ad96748d56b43bd960 2010.0/i586/dumpcap-1.2.5-0.1mdv2010.0.i586.rpm
43ffdef387c1fad7fbb160d2d889204c 2010.0/i586/libwireshark0-1.2.5-0.1mdv2010.0.i586.rpm
5cfb711e7f8570d4c53a7e39d21493c9 2010.0/i586/libwireshark-devel-1.2.5-0.1mdv2010.0.i586.rpm
855aaba96ae547f133accc19d28f4b2a 2010.0/i586/rawshark-1.2.5-0.1mdv2010.0.i586.rpm
0ebac28e997e78c262a8db3697a23fde 2010.0/i586/tshark-1.2.5-0.1mdv2010.0.i586.rpm
c2153b4b3464dd386893e6229d9c8f50 2010.0/i586/wireshark-1.2.5-0.1mdv2010.0.i586.rpm
9f51d0e64efd305a6d467733a32aeec7 2010.0/i586/wireshark-tools-1.2.5-0.1mdv2010.0.i586.rpm
ee0acbe505f1858cb59910e31b7bf4c2 2010.0/SRPMS/wireshark-1.2.5-0.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
6e15d89640ea989bef2a24f0425b2a3c 2010.0/x86_64/dumpcap-1.2.5-0.1mdv2010.0.x86_64.rpm
8e3b54a7a3d1e7d3b4adfdb70559c752 2010.0/x86_64/lib64wireshark0-1.2.5-0.1mdv2010.0.x86_64.rpm
92d2201100d1287e6e9164c8359e7560 2010.0/x86_64/lib64wireshark-devel-1.2.5-0.1mdv2010.0.x86_64.rpm
15700bec5593abcf433411681f550b04 2010.0/x86_64/rawshark-1.2.5-0.1mdv2010.0.x86_64.rpm
d116da6fdb16399ed7fb2844d40a482b 2010.0/x86_64/tshark-1.2.5-0.1mdv2010.0.x86_64.rpm
097559cc9433780f5ed4c7a59f60a48d 2010.0/x86_64/wireshark-1.2.5-0.1mdv2010.0.x86_64.rpm
f33ba47217f3119efdd72bd45acbc2fa 2010.0/x86_64/wireshark-tools-1.2.5-0.1mdv2010.0.x86_64.rpm
ee0acbe505f1858cb59910e31b7bf4c2 2010.0/SRPMS/wireshark-1.2.5-0.1mdv2010.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLVfA+mqjQ0CJFipgRAty7AJ98uQATqxPiIV6XZxridVVB2EXiaQCcCT6B
XzjQPq1qfm35N5YckR5xiis=
=U+on
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists