lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MxOMQ-0005NI-02@titan.mandriva.com>
Date: Mon, 12 Oct 2009 19:07:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:270 ] wireshark


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:270
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : October 12, 2009
 Affected: 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in wireshark:
 
 Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark
 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers
 to cause a denial of service (memory and CPU consumption) via malformed
 OPCUA Service CallRequest packets (CVE-2009-3241).
 
 This update fixes this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3241
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 2bde688e3de981ae3180da4f05f5e860  2009.0/i586/dumpcap-1.0.8-3.3mdv2009.0.i586.rpm
 8216fb437b04046ad2b78c6a8ddebdce  2009.0/i586/libwireshark0-1.0.8-3.3mdv2009.0.i586.rpm
 282063c02297a2a70be4fd87b69762c0  2009.0/i586/libwireshark-devel-1.0.8-3.3mdv2009.0.i586.rpm
 93b7d86a3f5e45c8bbe0ecd349c97bde  2009.0/i586/rawshark-1.0.8-3.3mdv2009.0.i586.rpm
 f4f449adb85ac8bfc32ace580857a6ea  2009.0/i586/tshark-1.0.8-3.3mdv2009.0.i586.rpm
 8716922a83cd417e9b7b2ce883ca884c  2009.0/i586/wireshark-1.0.8-3.3mdv2009.0.i586.rpm
 08268e3ffdd712e455683461c7824932  2009.0/i586/wireshark-tools-1.0.8-3.3mdv2009.0.i586.rpm 
 557f530edfefccd6c86722471a420157  2009.0/SRPMS/wireshark-1.0.8-3.3mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 351498c928631fca8b4a17e2cda0e9e4  2009.0/x86_64/dumpcap-1.0.8-3.3mdv2009.0.x86_64.rpm
 031e245b10fbceb7b0c31a6655f6e865  2009.0/x86_64/lib64wireshark0-1.0.8-3.3mdv2009.0.x86_64.rpm
 ea2868e2e3275ef8d81d1df0921c94a4  2009.0/x86_64/lib64wireshark-devel-1.0.8-3.3mdv2009.0.x86_64.rpm
 c2de9defd468a89b0253dc666c1deec5  2009.0/x86_64/rawshark-1.0.8-3.3mdv2009.0.x86_64.rpm
 b78e8891183e62b82c7e2b69c82d6b2f  2009.0/x86_64/tshark-1.0.8-3.3mdv2009.0.x86_64.rpm
 77587f7f59238df2369268343fab38df  2009.0/x86_64/wireshark-1.0.8-3.3mdv2009.0.x86_64.rpm
 7f73ef1ea62e8135449aef0081767b9a  2009.0/x86_64/wireshark-tools-1.0.8-3.3mdv2009.0.x86_64.rpm 
 557f530edfefccd6c86722471a420157  2009.0/SRPMS/wireshark-1.0.8-3.3mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 60a5e67fccdef0c1262fbd0a09c2348c  2009.1/i586/dumpcap-1.0.8-3.3mdv2009.1.i586.rpm
 5acf7dc50d50c411b95197afd57e900e  2009.1/i586/libwireshark0-1.0.8-3.3mdv2009.1.i586.rpm
 b5d518bb595eab0ae8d45076251f5310  2009.1/i586/libwireshark-devel-1.0.8-3.3mdv2009.1.i586.rpm
 9e6420089364f4328f23f69097234ef4  2009.1/i586/rawshark-1.0.8-3.3mdv2009.1.i586.rpm
 6f1185ef8f9f40bbb658f717aa3e1bc3  2009.1/i586/tshark-1.0.8-3.3mdv2009.1.i586.rpm
 abb50dcc4f9f724a9616c9312f22242d  2009.1/i586/wireshark-1.0.8-3.3mdv2009.1.i586.rpm
 9b57739a885b779ed27f8ecd1741741c  2009.1/i586/wireshark-tools-1.0.8-3.3mdv2009.1.i586.rpm 
 0de2b5f93d233d934fc60db6b878df39  2009.1/SRPMS/wireshark-1.0.8-3.3mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 bd69b75efaf76123bc6f432b497c4d48  2009.1/x86_64/dumpcap-1.0.8-3.3mdv2009.1.x86_64.rpm
 ca9e6caf06d3d04b6733c91b4fdebadf  2009.1/x86_64/lib64wireshark0-1.0.8-3.3mdv2009.1.x86_64.rpm
 080aeaac702ee188bb14117f4fb8ad78  2009.1/x86_64/lib64wireshark-devel-1.0.8-3.3mdv2009.1.x86_64.rpm
 26f7faa79b096c647a7dc28b7437a43d  2009.1/x86_64/rawshark-1.0.8-3.3mdv2009.1.x86_64.rpm
 907b493706802e0346f9b49d30c6ab8a  2009.1/x86_64/tshark-1.0.8-3.3mdv2009.1.x86_64.rpm
 e9f7324616e46f70f1121067c7e90763  2009.1/x86_64/wireshark-1.0.8-3.3mdv2009.1.x86_64.rpm
 6d8711428172217d929ddde4af90d753  2009.1/x86_64/wireshark-tools-1.0.8-3.3mdv2009.1.x86_64.rpm 
 0de2b5f93d233d934fc60db6b878df39  2009.1/SRPMS/wireshark-1.0.8-3.3mdv2009.1.src.rpm

 Corporate 4.0:
 235a73de04afa52b6c2bd4d15fc04de8  corporate/4.0/i586/dumpcap-1.0.8-0.3.20060mlcs4.i586.rpm
 527692971e6feb970b85d660ec3db6f5  corporate/4.0/i586/libwireshark0-1.0.8-0.3.20060mlcs4.i586.rpm
 54e5d379b63c1dd73dd0a6637117c80e  corporate/4.0/i586/libwireshark-devel-1.0.8-0.3.20060mlcs4.i586.rpm
 3c632ea90bef9509cb12c87ab4260bc5  corporate/4.0/i586/rawshark-1.0.8-0.3.20060mlcs4.i586.rpm
 8009af53ab8d2f2e6771c08d88f3696e  corporate/4.0/i586/tshark-1.0.8-0.3.20060mlcs4.i586.rpm
 22f786d733ceada2b2714d7a92bdbd96  corporate/4.0/i586/wireshark-1.0.8-0.3.20060mlcs4.i586.rpm
 b4c9f6f49203ddfa51e71dc63a859f63  corporate/4.0/i586/wireshark-tools-1.0.8-0.3.20060mlcs4.i586.rpm 
 c595cf7c6f131cf59cd842886f5ad4b8  corporate/4.0/SRPMS/wireshark-1.0.8-0.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 42469cfd64904936faa44d905748528c  corporate/4.0/x86_64/dumpcap-1.0.8-0.3.20060mlcs4.x86_64.rpm
 69b656cbd3318d651a3e0848eb075d25  corporate/4.0/x86_64/lib64wireshark0-1.0.8-0.3.20060mlcs4.x86_64.rpm
 b5b033f2e2dcd4f3dd7667c7ce3dcbd7  corporate/4.0/x86_64/lib64wireshark-devel-1.0.8-0.3.20060mlcs4.x86_64.rpm
 3ce35df4b75a82efe453b0029920e6b4  corporate/4.0/x86_64/rawshark-1.0.8-0.3.20060mlcs4.x86_64.rpm
 434a75fe14dcd011a41e776a14ed7350  corporate/4.0/x86_64/tshark-1.0.8-0.3.20060mlcs4.x86_64.rpm
 6ad3ecc27f403ca13b083b238b06c7e7  corporate/4.0/x86_64/wireshark-1.0.8-0.3.20060mlcs4.x86_64.rpm
 30314354841e099d96d4b027663b5015  corporate/4.0/x86_64/wireshark-tools-1.0.8-0.3.20060mlcs4.x86_64.rpm 
 c595cf7c6f131cf59cd842886f5ad4b8  corporate/4.0/SRPMS/wireshark-1.0.8-0.3.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 17f89060c77952ed112258f1abfe0abc  mes5/i586/dumpcap-1.0.8-3.3mdvmes5.i586.rpm
 abe0adc98b505d61603fe290bc7e61d1  mes5/i586/libwireshark0-1.0.8-3.3mdvmes5.i586.rpm
 49d5467f90ebb20fba8fc357accd2ba7  mes5/i586/libwireshark-devel-1.0.8-3.3mdvmes5.i586.rpm
 352b688a76410b04c541c4e203c9e7a2  mes5/i586/rawshark-1.0.8-3.3mdvmes5.i586.rpm
 b98e60094dea42ac3342bc26e215dead  mes5/i586/tshark-1.0.8-3.3mdvmes5.i586.rpm
 c6ea5e0db20a3094c3d5d88a5038a0c8  mes5/i586/wireshark-1.0.8-3.3mdvmes5.i586.rpm
 a101c193c08eeaa47f036407360981b5  mes5/i586/wireshark-tools-1.0.8-3.3mdvmes5.i586.rpm 
 8aa8055f7abf91a44be930b673a17666  mes5/SRPMS/wireshark-1.0.8-3.3mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 81435f348933151e20d407dc454b7185  mes5/x86_64/dumpcap-1.0.8-3.3mdvmes5.x86_64.rpm
 1bc631e207090e4ea14697f6402698af  mes5/x86_64/lib64wireshark0-1.0.8-3.3mdvmes5.x86_64.rpm
 96aa50d0c98a3b67186b5a6aa4fd564b  mes5/x86_64/lib64wireshark-devel-1.0.8-3.3mdvmes5.x86_64.rpm
 9017d0824e7358b941a021e9b15c05cf  mes5/x86_64/rawshark-1.0.8-3.3mdvmes5.x86_64.rpm
 9fe1cc86912952fdd1a43a27081c52db  mes5/x86_64/tshark-1.0.8-3.3mdvmes5.x86_64.rpm
 550faa2dc40cd436b5119d969da8553a  mes5/x86_64/wireshark-1.0.8-3.3mdvmes5.x86_64.rpm
 67485a40e441e2d23f14e9e227618a9b  mes5/x86_64/wireshark-tools-1.0.8-3.3mdvmes5.x86_64.rpm 
 8aa8055f7abf91a44be930b673a17666  mes5/SRPMS/wireshark-1.0.8-3.3mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFK0zSfmqjQ0CJFipgRAiBPAKDIX2oYAND45gGt0DEYZBTw1yIgGwCg6MY6
tBVWTXOfaL0RwCH4VCqeIkE=
=IXKg
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ