lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1WN3hE-0002o2-EL@titan.mandriva.com>
Date: Mon, 10 Mar 2014 18:09:00 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2014:050 ] wireshark

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:050
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : March 10, 2014
 Affected: Business Server 1.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities was found and corrected in Wireshark:
 
 * The NFS dissector could crash. Discovered by Moshe Kaplan
 (CVE-2014-2281).
 
 * The RLC dissector could crash (CVE-2014-2283).
 
 * The MPEG file parser could overflow a buffer. Discovered by Wesley
 Neelen (CVE-2014-2299).
 
 This advisory provides the latest version of Wireshark (1.8.13)
 which is not vulnerable to these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2281
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2283
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2299
 http://www.wireshark.org/security/wnpa-sec-2014-01.html
 http://www.wireshark.org/security/wnpa-sec-2014-03.html
 http://www.wireshark.org/security/wnpa-sec-2014-04.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 4f641d05af87e5a053edd599e23975c7  mes5/i586/dumpcap-1.8.13-0.1mdvmes5.2.i586.rpm
 b1a8a82298dd88bde7f9e41b1a73b47d  mes5/i586/libwireshark2-1.8.13-0.1mdvmes5.2.i586.rpm
 896c658c6ddacc562a0d70366c64aefd  mes5/i586/libwireshark-devel-1.8.13-0.1mdvmes5.2.i586.rpm
 b3287396b309bd0ec077ec03647356ac  mes5/i586/rawshark-1.8.13-0.1mdvmes5.2.i586.rpm
 b05f181a687aee422bcc9d2a0dbedecc  mes5/i586/tshark-1.8.13-0.1mdvmes5.2.i586.rpm
 a3c609066ee5c522f735160b791b3d1d  mes5/i586/wireshark-1.8.13-0.1mdvmes5.2.i586.rpm
 8e3d5cddff1cf5b3de28e6fd6298a412  mes5/i586/wireshark-tools-1.8.13-0.1mdvmes5.2.i586.rpm 
 104a5965c230eba36b23945ea4d378e6  mes5/SRPMS/wireshark-1.8.13-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 bf3e734f58c22f4a7d4cb9a92c723e6b  mes5/x86_64/dumpcap-1.8.13-0.1mdvmes5.2.x86_64.rpm
 f3f2f97f4a0dab273fe6821f9b3dcda2  mes5/x86_64/lib64wireshark2-1.8.13-0.1mdvmes5.2.x86_64.rpm
 d7182aa64192b2b4856ce1deb25da35d  mes5/x86_64/lib64wireshark-devel-1.8.13-0.1mdvmes5.2.x86_64.rpm
 ce9a49108e3e37385b1ecd1aec0818b5  mes5/x86_64/rawshark-1.8.13-0.1mdvmes5.2.x86_64.rpm
 345d1066d8dda18a06b0f9b0f34b12ff  mes5/x86_64/tshark-1.8.13-0.1mdvmes5.2.x86_64.rpm
 49cf7c4dbec20d065ff535f5bc500d3b  mes5/x86_64/wireshark-1.8.13-0.1mdvmes5.2.x86_64.rpm
 79c290d0a6934440a3989e696f6e3a2d  mes5/x86_64/wireshark-tools-1.8.13-0.1mdvmes5.2.x86_64.rpm 
 104a5965c230eba36b23945ea4d378e6  mes5/SRPMS/wireshark-1.8.13-0.1mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 919616ad2d26713c2d0a4148d06cc671  mbs1/x86_64/dumpcap-1.8.13-1.mbs1.x86_64.rpm
 32bc98bd5e9d2e19043d77ba944413fb  mbs1/x86_64/lib64wireshark2-1.8.13-1.mbs1.x86_64.rpm
 e966a54884894738c89859f3768aed5c  mbs1/x86_64/lib64wireshark-devel-1.8.13-1.mbs1.x86_64.rpm
 b96bbb6c34d1bf867e7409392b82817a  mbs1/x86_64/rawshark-1.8.13-1.mbs1.x86_64.rpm
 a803b639bdf2ffa9d905bae772d19498  mbs1/x86_64/tshark-1.8.13-1.mbs1.x86_64.rpm
 ba694e53492db08cb4db43ae181b519f  mbs1/x86_64/wireshark-1.8.13-1.mbs1.x86_64.rpm
 c24508e134fd8be7216f4a165dc3f71c  mbs1/x86_64/wireshark-tools-1.8.13-1.mbs1.x86_64.rpm 
 bc9586d2a42a3b7f52a02843905c7f59  mbs1/SRPMS/wireshark-1.8.13-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTHcXMmqjQ0CJFipgRApA3AJ9dlqu6qQiutinpvBDtprtQHoIKIQCeM396
03x4Ft2ynLHpeO4UFnID4QM=
=F8Lb
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ