lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1QRlSq-0004oz-GV@titan.mandriva.com>
Date: Wed, 01 Jun 2011 15:28:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2011:105 ] wireshark

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:105
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : June 1, 2011
 Affected: 2010.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 This advisory updates wireshark to the latest version (1.2.17),
 fixing several security issues:
 
 * Large/infinite loop in the DICOM dissector. (Bug 5876) Versions
 affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
 
 * Huzaifa Sidhpurwala of the Red Hat Security Response Team
 discovered that a corrupted Diameter dictionary file could crash
 Wireshark. Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
 
 * Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered
 that a corrupted snoop file could crash Wireshark. (Bug 5912) Versions
 affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
 
 * David Maciejak of Fortinet&#039;s FortiGuard Labs discovered that
 malformed compressed capture data could crash Wireshark. (Bug 5908)
 Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
 
 * Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered
 that a corrupted Visual Networks file could crash Wireshark. (Bug 5934)
 Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
 _______________________________________________________________________

 References:

 http://www.wireshark.org/security/wnpa-sec-2011-07.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 bf11862659afce8761a4d58ee546d1b9  2010.1/i586/dumpcap-1.2.17-0.1mdv2010.2.i586.rpm
 0da0281f3c736de4929a053d5d92d1a7  2010.1/i586/libwireshark0-1.2.17-0.1mdv2010.2.i586.rpm
 b6e97b06fd0ac0e7384d6aab97e5cc50  2010.1/i586/libwireshark-devel-1.2.17-0.1mdv2010.2.i586.rpm
 5cd0f0029fb4431c51ed8cd9207075ee  2010.1/i586/rawshark-1.2.17-0.1mdv2010.2.i586.rpm
 43b1ee7fec3df0d6063d2f2e875a3ba1  2010.1/i586/tshark-1.2.17-0.1mdv2010.2.i586.rpm
 fa313ad7a730edd4440c7a5d61cb3aa3  2010.1/i586/wireshark-1.2.17-0.1mdv2010.2.i586.rpm
 a61c1457627b7371c3c7693dce1ebb6d  2010.1/i586/wireshark-tools-1.2.17-0.1mdv2010.2.i586.rpm 
 0dd2c106f7747527cab50ccb820e3005  2010.1/SRPMS/wireshark-1.2.17-0.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 125bf4d3c37ff2fd06ca3116d1a06448  2010.1/x86_64/dumpcap-1.2.17-0.1mdv2010.2.x86_64.rpm
 2e80800ec2d5a221bcc6a1beffa99605  2010.1/x86_64/lib64wireshark0-1.2.17-0.1mdv2010.2.x86_64.rpm
 d05b01efa7eceb47c4dc9655a4108790  2010.1/x86_64/lib64wireshark-devel-1.2.17-0.1mdv2010.2.x86_64.rpm
 13ff82aeeed568b1e58884b965d4dd2b  2010.1/x86_64/rawshark-1.2.17-0.1mdv2010.2.x86_64.rpm
 fbbbcbcdfd4f98893c6a49f03d9990f7  2010.1/x86_64/tshark-1.2.17-0.1mdv2010.2.x86_64.rpm
 d5e412a56fbbb8d8d456ab06408587a7  2010.1/x86_64/wireshark-1.2.17-0.1mdv2010.2.x86_64.rpm
 adf06e2c47c991886b674a9b300c83c6  2010.1/x86_64/wireshark-tools-1.2.17-0.1mdv2010.2.x86_64.rpm 
 0dd2c106f7747527cab50ccb820e3005  2010.1/SRPMS/wireshark-1.2.17-0.1mdv2010.2.src.rpm

 Corporate 4.0:
 642f57dfe04fbe995e2dc3764305ac48  corporate/4.0/i586/dumpcap-1.2.17-0.1.20060mlcs4.i586.rpm
 6a32aebf65252655762e4b276765435e  corporate/4.0/i586/libwireshark0-1.2.17-0.1.20060mlcs4.i586.rpm
 d3170e8152da4c8911e4a997f68434e6  corporate/4.0/i586/libwireshark-devel-1.2.17-0.1.20060mlcs4.i586.rpm
 a352fd66d6778a139e6ba01723fed2fd  corporate/4.0/i586/rawshark-1.2.17-0.1.20060mlcs4.i586.rpm
 db3c0befa16510f4cb4ecb1420a6d261  corporate/4.0/i586/tshark-1.2.17-0.1.20060mlcs4.i586.rpm
 c558f334fa91cef5b92c8de899a138f0  corporate/4.0/i586/wireshark-1.2.17-0.1.20060mlcs4.i586.rpm
 60f329a78d00c9c22cbb3b1bf7464ba4  corporate/4.0/i586/wireshark-tools-1.2.17-0.1.20060mlcs4.i586.rpm 
 45b07dac18687757472e952371f0c7a5  corporate/4.0/SRPMS/wireshark-1.2.17-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 b6c85c2f78b59e35e0a07d040fe9ab2e  corporate/4.0/x86_64/dumpcap-1.2.17-0.1.20060mlcs4.x86_64.rpm
 f7947f2f688a2989edee5202ed7edb4c  corporate/4.0/x86_64/lib64wireshark0-1.2.17-0.1.20060mlcs4.x86_64.rpm
 1d3938c349d356b719b1461340744a07  corporate/4.0/x86_64/lib64wireshark-devel-1.2.17-0.1.20060mlcs4.x86_64.rpm
 615e1104bb0cc89494cd018802c8db99  corporate/4.0/x86_64/rawshark-1.2.17-0.1.20060mlcs4.x86_64.rpm
 759e77482159d94b723f2e3cdcad3987  corporate/4.0/x86_64/tshark-1.2.17-0.1.20060mlcs4.x86_64.rpm
 20bc7d7883ec6ad04661540aac91750b  corporate/4.0/x86_64/wireshark-1.2.17-0.1.20060mlcs4.x86_64.rpm
 7552340c66ecaf4ca3c343efd2687844  corporate/4.0/x86_64/wireshark-tools-1.2.17-0.1.20060mlcs4.x86_64.rpm 
 45b07dac18687757472e952371f0c7a5  corporate/4.0/SRPMS/wireshark-1.2.17-0.1.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 aaa5c6d5fc4d2c95ac4195e47d33fafa  mes5/i586/dumpcap-1.2.17-0.1mdvmes5.2.i586.rpm
 6d58055269e6092d0a5686a4a8c42ac3  mes5/i586/libwireshark0-1.2.17-0.1mdvmes5.2.i586.rpm
 a3cb3bb89e80fe29c790f6e8b063b131  mes5/i586/libwireshark-devel-1.2.17-0.1mdvmes5.2.i586.rpm
 79fa5c8f2a5eb746b1187c65cbae4e40  mes5/i586/rawshark-1.2.17-0.1mdvmes5.2.i586.rpm
 e100f6d645ab73a1fc5a9deb84606698  mes5/i586/tshark-1.2.17-0.1mdvmes5.2.i586.rpm
 4b04325c54878e19f1f4c72311560034  mes5/i586/wireshark-1.2.17-0.1mdvmes5.2.i586.rpm
 5527a82f63a08dd5c975155e1fedd338  mes5/i586/wireshark-tools-1.2.17-0.1mdvmes5.2.i586.rpm 
 55e251303583720d3cb1017a6ee760cb  mes5/SRPMS/wireshark-1.2.17-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 cfb3fce8ca61979a2a6460ae5bb1e0fa  mes5/x86_64/dumpcap-1.2.17-0.1mdvmes5.2.x86_64.rpm
 a0143cf4fd861df6d0e48f64fde3b624  mes5/x86_64/lib64wireshark0-1.2.17-0.1mdvmes5.2.x86_64.rpm
 06d2eabbcefdc213ca49eea94861384f  mes5/x86_64/lib64wireshark-devel-1.2.17-0.1mdvmes5.2.x86_64.rpm
 e280f7279b408002816ac4a4cc5011db  mes5/x86_64/rawshark-1.2.17-0.1mdvmes5.2.x86_64.rpm
 9268040d3f61500dda520eab5ac49fd6  mes5/x86_64/tshark-1.2.17-0.1mdvmes5.2.x86_64.rpm
 9277a5ee2abdb2382e123269f7ea2688  mes5/x86_64/wireshark-1.2.17-0.1mdvmes5.2.x86_64.rpm
 e9d8581141921e54a69932192f96b817  mes5/x86_64/wireshark-tools-1.2.17-0.1mdvmes5.2.x86_64.rpm 
 55e251303583720d3cb1017a6ee760cb  mes5/SRPMS/wireshark-1.2.17-0.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFN5hCamqjQ0CJFipgRAtWMAKC7lUm7KIzYoaUyDLAldfYfMgyPAACg2atx
qx2ViMyJnyfW7cy9RohtHzE=
=IUCE
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ