lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 03 Feb 2010 04:06:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:031 ] wireshark


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:031
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : February 2, 2010
 Affected: 2008.0, 2009.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 This advisory updates Wireshark to the version 1.0.11, which fixes
 the following vulnerabilities:
 
 The SMB and SMB2 dissectors could crash (CVE-2009-4377).
 The Infiniband dissector could crash on some platforms (CVE-2009-2563).
 Several buffer overflows were discovered and fixed in the LWRES
 dissector.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4377
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2563
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 19efa81835c23a398b2838a12c402cfc  2008.0/i586/dumpcap-1.0.11-0.1mdv2008.0.i586.rpm
 e2ebbdf9c799d040c484c766f7f77ce1  2008.0/i586/libwireshark0-1.0.11-0.1mdv2008.0.i586.rpm
 bbdc06654f2ca5508368a09197f68453  2008.0/i586/libwireshark-devel-1.0.11-0.1mdv2008.0.i586.rpm
 8c8f6155e041a6ba7eb0151df71c7c1a  2008.0/i586/rawshark-1.0.11-0.1mdv2008.0.i586.rpm
 416d3ee9cc690e671f5e3160189048f1  2008.0/i586/tshark-1.0.11-0.1mdv2008.0.i586.rpm
 3da636be3451aa0a2033ef0f69e7f7ed  2008.0/i586/wireshark-1.0.11-0.1mdv2008.0.i586.rpm
 2f9091cc63e15865664fd600bf8fb04d  2008.0/i586/wireshark-tools-1.0.11-0.1mdv2008.0.i586.rpm 
 b633d55d86c0bd099978f3f120d4a098  2008.0/SRPMS/wireshark-1.0.11-0.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 082c3a795622b56182e15e709c9a73b0  2008.0/x86_64/dumpcap-1.0.11-0.1mdv2008.0.x86_64.rpm
 22d769b9f4f84f50f135274c8549d8fd  2008.0/x86_64/lib64wireshark0-1.0.11-0.1mdv2008.0.x86_64.rpm
 a7d0323a5f9e6cc3e635e9b1d2a0b3bd  2008.0/x86_64/lib64wireshark-devel-1.0.11-0.1mdv2008.0.x86_64.rpm
 08fbf188d625df8afde20da0c4588709  2008.0/x86_64/rawshark-1.0.11-0.1mdv2008.0.x86_64.rpm
 e7487a6b26627d08f99919a931ad8d15  2008.0/x86_64/tshark-1.0.11-0.1mdv2008.0.x86_64.rpm
 3a2cb7625e868de9fc3b8055d8ef1de2  2008.0/x86_64/wireshark-1.0.11-0.1mdv2008.0.x86_64.rpm
 b497e520ff1893129bd5fa90d4e1cfeb  2008.0/x86_64/wireshark-tools-1.0.11-0.1mdv2008.0.x86_64.rpm 
 b633d55d86c0bd099978f3f120d4a098  2008.0/SRPMS/wireshark-1.0.11-0.1mdv2008.0.src.rpm

 Mandriva Linux 2009.1:
 c0ab12b26e58e08c3c945c081bb1ff32  2009.1/i586/dumpcap-1.0.11-0.1mdv2009.1.i586.rpm
 b9c922ad22775a300623901f4823466c  2009.1/i586/libwireshark0-1.0.11-0.1mdv2009.1.i586.rpm
 7f87ebcbf3399007994e48ecacea40e0  2009.1/i586/libwireshark-devel-1.0.11-0.1mdv2009.1.i586.rpm
 15a63f395346dfae46dc28fec4b860fc  2009.1/i586/rawshark-1.0.11-0.1mdv2009.1.i586.rpm
 939f2a2b5825a4e6090503d35210f439  2009.1/i586/tshark-1.0.11-0.1mdv2009.1.i586.rpm
 f131365d83d612034736acb8a48331f2  2009.1/i586/wireshark-1.0.11-0.1mdv2009.1.i586.rpm
 9fbafa94a8d4a4b128014e2a03d5bf5a  2009.1/i586/wireshark-tools-1.0.11-0.1mdv2009.1.i586.rpm 
 13c333434f8155ae16934f4030b0d8da  2009.1/SRPMS/wireshark-1.0.11-0.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 a174d15549b6ab6eca1702be93da98f7  2009.1/x86_64/dumpcap-1.0.11-0.1mdv2009.1.x86_64.rpm
 54d83f1b9725bc9db4237a7e9ffbda23  2009.1/x86_64/lib64wireshark0-1.0.11-0.1mdv2009.1.x86_64.rpm
 45c14304b4a90b7f635d1577d6d0cbf1  2009.1/x86_64/lib64wireshark-devel-1.0.11-0.1mdv2009.1.x86_64.rpm
 701a608316a51fc749e755c209ff954b  2009.1/x86_64/rawshark-1.0.11-0.1mdv2009.1.x86_64.rpm
 93841b7abedb7a104d02a1b1cc303c27  2009.1/x86_64/tshark-1.0.11-0.1mdv2009.1.x86_64.rpm
 bed0e094baee8d6ad80f51b5298e1513  2009.1/x86_64/wireshark-1.0.11-0.1mdv2009.1.x86_64.rpm
 54c833bb1d0e2308feccceb50a483b14  2009.1/x86_64/wireshark-tools-1.0.11-0.1mdv2009.1.x86_64.rpm 
 13c333434f8155ae16934f4030b0d8da  2009.1/SRPMS/wireshark-1.0.11-0.1mdv2009.1.src.rpm

 Corporate 4.0:
 d1eb7ec4cf71cc97aa61d904a80b5e3e  corporate/4.0/i586/dumpcap-1.0.11-0.1.20060mlcs4.i586.rpm
 a1efc9ed4560444167e1bc579e852cc6  corporate/4.0/i586/libwireshark0-1.0.11-0.1.20060mlcs4.i586.rpm
 0948fc7945d83459474fc564981011a6  corporate/4.0/i586/libwireshark-devel-1.0.11-0.1.20060mlcs4.i586.rpm
 2ad4fd1474fea1cd3a6d317d17d5ff71  corporate/4.0/i586/rawshark-1.0.11-0.1.20060mlcs4.i586.rpm
 c45d1716fde523430c0993035f762120  corporate/4.0/i586/tshark-1.0.11-0.1.20060mlcs4.i586.rpm
 d19e47fb78fd39d67cdabdffc2a85068  corporate/4.0/i586/wireshark-1.0.11-0.1.20060mlcs4.i586.rpm
 760989e2d7e418b66355bc63b3d358fa  corporate/4.0/i586/wireshark-tools-1.0.11-0.1.20060mlcs4.i586.rpm 
 9fa54f95ba1ac6139a265bbfc8d127b1  corporate/4.0/SRPMS/wireshark-1.0.11-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 c43b4f5e17905bf3e92420b572537a78  corporate/4.0/x86_64/dumpcap-1.0.11-0.1.20060mlcs4.x86_64.rpm
 90afae49acdbb872d0e2068eac663c72  corporate/4.0/x86_64/lib64wireshark0-1.0.11-0.1.20060mlcs4.x86_64.rpm
 58745ea4d1f3b484678f34c0f42ea7ec  corporate/4.0/x86_64/lib64wireshark-devel-1.0.11-0.1.20060mlcs4.x86_64.rpm
 b604127daebc516779b1709d51a6bdb5  corporate/4.0/x86_64/rawshark-1.0.11-0.1.20060mlcs4.x86_64.rpm
 06cf97ba0b2fd291fa4fff0a5e467e37  corporate/4.0/x86_64/tshark-1.0.11-0.1.20060mlcs4.x86_64.rpm
 d2903cbeedfe11f49fad3e3627550d78  corporate/4.0/x86_64/wireshark-1.0.11-0.1.20060mlcs4.x86_64.rpm
 1ca2c1af36c8ff26e15ec0cc71274a05  corporate/4.0/x86_64/wireshark-tools-1.0.11-0.1.20060mlcs4.x86_64.rpm 
 9fa54f95ba1ac6139a265bbfc8d127b1  corporate/4.0/SRPMS/wireshark-1.0.11-0.1.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 d121a5b1d6854048326174d9e6bcedd7  mes5/i586/dumpcap-1.0.11-0.1mdvmes5.i586.rpm
 b7f17c2f23b86a56505f19229d3127a4  mes5/i586/libwireshark0-1.0.11-0.1mdvmes5.i586.rpm
 347b5faa357359bc766874668baa7433  mes5/i586/libwireshark-devel-1.0.11-0.1mdvmes5.i586.rpm
 e0312c09a741831f029a87ec7b111a16  mes5/i586/rawshark-1.0.11-0.1mdvmes5.i586.rpm
 704670f3d68a4ef18998325927c675d7  mes5/i586/tshark-1.0.11-0.1mdvmes5.i586.rpm
 5c9aa7ace2318bd60b2c9b1be03de4a3  mes5/i586/wireshark-1.0.11-0.1mdvmes5.i586.rpm
 3414f1f520fa7129bca53639339d4427  mes5/i586/wireshark-tools-1.0.11-0.1mdvmes5.i586.rpm 
 33e3b36192051dcff6c1069bc415f34a  mes5/SRPMS/wireshark-1.0.11-0.1mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 32b01554823524580d7527e64b6ec1b2  mes5/x86_64/dumpcap-1.0.11-0.1mdvmes5.x86_64.rpm
 01f27d99f023bbd83ab110bd12300a9e  mes5/x86_64/lib64wireshark0-1.0.11-0.1mdvmes5.x86_64.rpm
 3f70c94125aa2297690b936936b32493  mes5/x86_64/lib64wireshark-devel-1.0.11-0.1mdvmes5.x86_64.rpm
 08624b3f91f6a8442abc802ec0f24c74  mes5/x86_64/rawshark-1.0.11-0.1mdvmes5.x86_64.rpm
 563cd28702d1572e17c6f99fc23178dd  mes5/x86_64/tshark-1.0.11-0.1mdvmes5.x86_64.rpm
 8af1a674c107ff546a8f28158ef15a9d  mes5/x86_64/wireshark-1.0.11-0.1mdvmes5.x86_64.rpm
 71f149cc307ee3b026867c2c282216f4  mes5/x86_64/wireshark-tools-1.0.11-0.1mdvmes5.x86_64.rpm 
 33e3b36192051dcff6c1069bc415f34a  mes5/SRPMS/wireshark-1.0.11-0.1mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLaLrMmqjQ0CJFipgRAsIIAKDaKxrjGJURNYZqhbab5Ci9ShD8YwCgigF/
EsdbEOhtMEyVHxbpJc883Co=
=kgK8
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ