[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OMiwG-0004tP-ML@titan.mandriva.com>
Date: Thu, 10 Jun 2010 16:41:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2010:113 ] wireshark
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:113
http://www.mandriva.com/security/
_______________________________________________________________________
Package : wireshark
Date : June 10, 2010
Affected: 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
This advisory updates wireshark to the latest version(s), fixing
several security issues:
* The SMB dissector could dereference a NULL pointer. (Bug 4734)
* J. Oquendo discovered that the ASN.1 BER dissector could overrun
the stack.
* The SMB PIPE dissector could dereference a NULL pointer on some
platforms.
* The SigComp Universal Decompressor Virtual Machine could go into
an infinite loop. (Bug 4826)
* The SigComp Universal Decompressor Virtual Machine could overrun
a buffer. (Bug 4837)
_______________________________________________________________________
References:
http://www.wireshark.org/security/wnpa-sec-2010-06.html
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.1:
0149a3fead677c67a65d689ca5d14003 2009.1/i586/dumpcap-1.0.14-0.1mdv2009.1.i586.rpm
11cc457d2403d1528a21ffe5b9ac7262 2009.1/i586/libwireshark0-1.0.14-0.1mdv2009.1.i586.rpm
f21953c954858ae6a42ac17c2652cfd3 2009.1/i586/libwireshark-devel-1.0.14-0.1mdv2009.1.i586.rpm
9ce458c253544e9db459e47031d0fc14 2009.1/i586/rawshark-1.0.14-0.1mdv2009.1.i586.rpm
ec86335e22ee4131f3309c9ac7f89179 2009.1/i586/tshark-1.0.14-0.1mdv2009.1.i586.rpm
51d99d113f714d520a6822e40bd404b1 2009.1/i586/wireshark-1.0.14-0.1mdv2009.1.i586.rpm
7cce0b057fe2ddba39322a6c8e921021 2009.1/i586/wireshark-tools-1.0.14-0.1mdv2009.1.i586.rpm
3e445d801ec43cec961207ed015ab18b 2009.1/SRPMS/wireshark-1.0.14-0.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
8c62a4b0639d0410f8a7ba0eb570aba9 2009.1/x86_64/dumpcap-1.0.14-0.1mdv2009.1.x86_64.rpm
4c3e4e1ac92419e056e0d7c17388c7a5 2009.1/x86_64/lib64wireshark0-1.0.14-0.1mdv2009.1.x86_64.rpm
22142ce9111218ac0a2e8e8a349c777d 2009.1/x86_64/lib64wireshark-devel-1.0.14-0.1mdv2009.1.x86_64.rpm
8ae04d4331132c1d7760191a74554097 2009.1/x86_64/rawshark-1.0.14-0.1mdv2009.1.x86_64.rpm
31ccfda4a4876616f0060d138c3bf792 2009.1/x86_64/tshark-1.0.14-0.1mdv2009.1.x86_64.rpm
2009a55c6de17a76bac77527df496805 2009.1/x86_64/wireshark-1.0.14-0.1mdv2009.1.x86_64.rpm
ed9dc6458f9a2d420c09f2ae60d94305 2009.1/x86_64/wireshark-tools-1.0.14-0.1mdv2009.1.x86_64.rpm
3e445d801ec43cec961207ed015ab18b 2009.1/SRPMS/wireshark-1.0.14-0.1mdv2009.1.src.rpm
Mandriva Linux 2010.0:
957483b67e3a59c962f68682681a9353 2010.0/i586/dumpcap-1.2.9-0.1mdv2010.0.i586.rpm
307f4c51e60f12266a6249847eb3084c 2010.0/i586/libwireshark0-1.2.9-0.1mdv2010.0.i586.rpm
783bb6328cddb6d67ca78903de21fd78 2010.0/i586/libwireshark-devel-1.2.9-0.1mdv2010.0.i586.rpm
e8263e71c5535834050e2545fda00269 2010.0/i586/rawshark-1.2.9-0.1mdv2010.0.i586.rpm
8fd5540508424a4efb961846fc6effcf 2010.0/i586/tshark-1.2.9-0.1mdv2010.0.i586.rpm
24d88246de24678efe207b514dc921c0 2010.0/i586/wireshark-1.2.9-0.1mdv2010.0.i586.rpm
eed336910fa875e328b4bae15e393c6d 2010.0/i586/wireshark-tools-1.2.9-0.1mdv2010.0.i586.rpm
ff08f1c116a92a85482d9a7add3048c2 2010.0/SRPMS/wireshark-1.2.9-0.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
e0a17c636356a9e98712844f1cbfc1d4 2010.0/x86_64/dumpcap-1.2.9-0.1mdv2010.0.x86_64.rpm
b4b393e753cb7faa7d0772e04f491635 2010.0/x86_64/lib64wireshark0-1.2.9-0.1mdv2010.0.x86_64.rpm
76a874fa3d61dc9b1f02e8bb5f8a3b37 2010.0/x86_64/lib64wireshark-devel-1.2.9-0.1mdv2010.0.x86_64.rpm
9e55b4d27b3c9ec612118f444c0d466c 2010.0/x86_64/rawshark-1.2.9-0.1mdv2010.0.x86_64.rpm
30b3f61b36ca7f5b3a3609097eb8243b 2010.0/x86_64/tshark-1.2.9-0.1mdv2010.0.x86_64.rpm
bac14f9558cd32fe67ad9e02c1d7f028 2010.0/x86_64/wireshark-1.2.9-0.1mdv2010.0.x86_64.rpm
29e8a3388febbd18408582d1c36bb461 2010.0/x86_64/wireshark-tools-1.2.9-0.1mdv2010.0.x86_64.rpm
ff08f1c116a92a85482d9a7add3048c2 2010.0/SRPMS/wireshark-1.2.9-0.1mdv2010.0.src.rpm
Corporate 4.0:
6dae354dc5bfb616c8e1b934ed7916a2 corporate/4.0/i586/dumpcap-1.0.14-0.1.20060mlcs4.i586.rpm
ebc9b7995eda40b26ba9e3b3ba961ebc corporate/4.0/i586/libwireshark0-1.0.14-0.1.20060mlcs4.i586.rpm
74f01e8e41aadfa90c2f07780d113a9d corporate/4.0/i586/libwireshark-devel-1.0.14-0.1.20060mlcs4.i586.rpm
0865efb6c3ec94de7a15f4ad1a16d16c corporate/4.0/i586/rawshark-1.0.14-0.1.20060mlcs4.i586.rpm
f48013915dbb1876ca6853d5ababc3b0 corporate/4.0/i586/tshark-1.0.14-0.1.20060mlcs4.i586.rpm
4527afe77f80cf422ff2afad2af160df corporate/4.0/i586/wireshark-1.0.14-0.1.20060mlcs4.i586.rpm
7e9363e0291f06f2b7026b1cf686e8fb corporate/4.0/i586/wireshark-tools-1.0.14-0.1.20060mlcs4.i586.rpm
0d0b4bb69b5c512396237d9c2afd5e27 corporate/4.0/SRPMS/wireshark-1.0.14-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
ec6ca062956bc7cd85ed63b3126edd75 corporate/4.0/x86_64/dumpcap-1.0.14-0.1.20060mlcs4.x86_64.rpm
b028dba7a3521d06c5e14968ab098cfe corporate/4.0/x86_64/lib64wireshark0-1.0.14-0.1.20060mlcs4.x86_64.rpm
9e2269ede036edfba058b6ab2f2fe909 corporate/4.0/x86_64/lib64wireshark-devel-1.0.14-0.1.20060mlcs4.x86_64.rpm
bc8ac5e38124410faa899547174caebe corporate/4.0/x86_64/rawshark-1.0.14-0.1.20060mlcs4.x86_64.rpm
4375ffc2e790ff1d8ac65ca1e665eb63 corporate/4.0/x86_64/tshark-1.0.14-0.1.20060mlcs4.x86_64.rpm
32e8318c947e41fced9cdeb5b593abbc corporate/4.0/x86_64/wireshark-1.0.14-0.1.20060mlcs4.x86_64.rpm
60721e6895f05f681157f3626449f978 corporate/4.0/x86_64/wireshark-tools-1.0.14-0.1.20060mlcs4.x86_64.rpm
0d0b4bb69b5c512396237d9c2afd5e27 corporate/4.0/SRPMS/wireshark-1.0.14-0.1.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
354ff88c7ea4fd41dbb9b8f35a841cbe mes5/i586/dumpcap-1.0.14-0.1mdvmes5.1.i586.rpm
19947807a4e394037b3ad41157ef9350 mes5/i586/libwireshark0-1.0.14-0.1mdvmes5.1.i586.rpm
aa0f85a08dc07104b19661d08d0016f6 mes5/i586/libwireshark-devel-1.0.14-0.1mdvmes5.1.i586.rpm
212b31fd0717217ae7490d5180e34ab7 mes5/i586/rawshark-1.0.14-0.1mdvmes5.1.i586.rpm
2bebf9603cda2d2c6e44f6f40f7bf5ae mes5/i586/tshark-1.0.14-0.1mdvmes5.1.i586.rpm
6b64f12e9746bc3c88215dfecf5eb9d1 mes5/i586/wireshark-1.0.14-0.1mdvmes5.1.i586.rpm
75aabd5c46660d4d2cd6f3fe57534dd9 mes5/i586/wireshark-tools-1.0.14-0.1mdvmes5.1.i586.rpm
81416ee15a5923e20aee9e523532b858 mes5/SRPMS/wireshark-1.0.14-0.1mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
ec16a7c441c94c2e4586debf7ff75abf mes5/x86_64/dumpcap-1.0.14-0.1mdvmes5.1.x86_64.rpm
0438953d4c51ec7305260dfe8ac0ad6f mes5/x86_64/lib64wireshark0-1.0.14-0.1mdvmes5.1.x86_64.rpm
3db1be26ffecf9ea0d3cb7f367bc98da mes5/x86_64/lib64wireshark-devel-1.0.14-0.1mdvmes5.1.x86_64.rpm
63fdc2852f2000a22616da7775fbb6b3 mes5/x86_64/rawshark-1.0.14-0.1mdvmes5.1.x86_64.rpm
379fff2c113e2a4625b4765b1f81fe82 mes5/x86_64/tshark-1.0.14-0.1mdvmes5.1.x86_64.rpm
33e8bea5e675c4ecc2f141812773048a mes5/x86_64/wireshark-1.0.14-0.1mdvmes5.1.x86_64.rpm
34cd72cad36e3fae9fcf3006cf19c22d mes5/x86_64/wireshark-tools-1.0.14-0.1mdvmes5.1.x86_64.rpm
81416ee15a5923e20aee9e523532b858 mes5/SRPMS/wireshark-1.0.14-0.1mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMEO/VmqjQ0CJFipgRAlOZAKCba74KIgu9DrU/RJ5cQcon7ZToagCg9oFU
21Eb/3qaIyEdQG3lXWrKMpg=
=4Cqr
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists