[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1NcVZ3-0005jT-7g@titan.mandriva.com>
Date: Wed, 03 Feb 2010 04:06:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:031 ] wireshark
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:031
http://www.mandriva.com/security/
_______________________________________________________________________
Package : wireshark
Date : February 2, 2010
Affected: 2008.0, 2009.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
This advisory updates Wireshark to the version 1.0.11, which fixes
the following vulnerabilities:
The SMB and SMB2 dissectors could crash (CVE-2009-4377).
The Infiniband dissector could crash on some platforms (CVE-2009-2563).
Several buffer overflows were discovered and fixed in the LWRES
dissector.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2563
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
19efa81835c23a398b2838a12c402cfc 2008.0/i586/dumpcap-1.0.11-0.1mdv2008.0.i586.rpm
e2ebbdf9c799d040c484c766f7f77ce1 2008.0/i586/libwireshark0-1.0.11-0.1mdv2008.0.i586.rpm
bbdc06654f2ca5508368a09197f68453 2008.0/i586/libwireshark-devel-1.0.11-0.1mdv2008.0.i586.rpm
8c8f6155e041a6ba7eb0151df71c7c1a 2008.0/i586/rawshark-1.0.11-0.1mdv2008.0.i586.rpm
416d3ee9cc690e671f5e3160189048f1 2008.0/i586/tshark-1.0.11-0.1mdv2008.0.i586.rpm
3da636be3451aa0a2033ef0f69e7f7ed 2008.0/i586/wireshark-1.0.11-0.1mdv2008.0.i586.rpm
2f9091cc63e15865664fd600bf8fb04d 2008.0/i586/wireshark-tools-1.0.11-0.1mdv2008.0.i586.rpm
b633d55d86c0bd099978f3f120d4a098 2008.0/SRPMS/wireshark-1.0.11-0.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
082c3a795622b56182e15e709c9a73b0 2008.0/x86_64/dumpcap-1.0.11-0.1mdv2008.0.x86_64.rpm
22d769b9f4f84f50f135274c8549d8fd 2008.0/x86_64/lib64wireshark0-1.0.11-0.1mdv2008.0.x86_64.rpm
a7d0323a5f9e6cc3e635e9b1d2a0b3bd 2008.0/x86_64/lib64wireshark-devel-1.0.11-0.1mdv2008.0.x86_64.rpm
08fbf188d625df8afde20da0c4588709 2008.0/x86_64/rawshark-1.0.11-0.1mdv2008.0.x86_64.rpm
e7487a6b26627d08f99919a931ad8d15 2008.0/x86_64/tshark-1.0.11-0.1mdv2008.0.x86_64.rpm
3a2cb7625e868de9fc3b8055d8ef1de2 2008.0/x86_64/wireshark-1.0.11-0.1mdv2008.0.x86_64.rpm
b497e520ff1893129bd5fa90d4e1cfeb 2008.0/x86_64/wireshark-tools-1.0.11-0.1mdv2008.0.x86_64.rpm
b633d55d86c0bd099978f3f120d4a098 2008.0/SRPMS/wireshark-1.0.11-0.1mdv2008.0.src.rpm
Mandriva Linux 2009.1:
c0ab12b26e58e08c3c945c081bb1ff32 2009.1/i586/dumpcap-1.0.11-0.1mdv2009.1.i586.rpm
b9c922ad22775a300623901f4823466c 2009.1/i586/libwireshark0-1.0.11-0.1mdv2009.1.i586.rpm
7f87ebcbf3399007994e48ecacea40e0 2009.1/i586/libwireshark-devel-1.0.11-0.1mdv2009.1.i586.rpm
15a63f395346dfae46dc28fec4b860fc 2009.1/i586/rawshark-1.0.11-0.1mdv2009.1.i586.rpm
939f2a2b5825a4e6090503d35210f439 2009.1/i586/tshark-1.0.11-0.1mdv2009.1.i586.rpm
f131365d83d612034736acb8a48331f2 2009.1/i586/wireshark-1.0.11-0.1mdv2009.1.i586.rpm
9fbafa94a8d4a4b128014e2a03d5bf5a 2009.1/i586/wireshark-tools-1.0.11-0.1mdv2009.1.i586.rpm
13c333434f8155ae16934f4030b0d8da 2009.1/SRPMS/wireshark-1.0.11-0.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
a174d15549b6ab6eca1702be93da98f7 2009.1/x86_64/dumpcap-1.0.11-0.1mdv2009.1.x86_64.rpm
54d83f1b9725bc9db4237a7e9ffbda23 2009.1/x86_64/lib64wireshark0-1.0.11-0.1mdv2009.1.x86_64.rpm
45c14304b4a90b7f635d1577d6d0cbf1 2009.1/x86_64/lib64wireshark-devel-1.0.11-0.1mdv2009.1.x86_64.rpm
701a608316a51fc749e755c209ff954b 2009.1/x86_64/rawshark-1.0.11-0.1mdv2009.1.x86_64.rpm
93841b7abedb7a104d02a1b1cc303c27 2009.1/x86_64/tshark-1.0.11-0.1mdv2009.1.x86_64.rpm
bed0e094baee8d6ad80f51b5298e1513 2009.1/x86_64/wireshark-1.0.11-0.1mdv2009.1.x86_64.rpm
54c833bb1d0e2308feccceb50a483b14 2009.1/x86_64/wireshark-tools-1.0.11-0.1mdv2009.1.x86_64.rpm
13c333434f8155ae16934f4030b0d8da 2009.1/SRPMS/wireshark-1.0.11-0.1mdv2009.1.src.rpm
Corporate 4.0:
d1eb7ec4cf71cc97aa61d904a80b5e3e corporate/4.0/i586/dumpcap-1.0.11-0.1.20060mlcs4.i586.rpm
a1efc9ed4560444167e1bc579e852cc6 corporate/4.0/i586/libwireshark0-1.0.11-0.1.20060mlcs4.i586.rpm
0948fc7945d83459474fc564981011a6 corporate/4.0/i586/libwireshark-devel-1.0.11-0.1.20060mlcs4.i586.rpm
2ad4fd1474fea1cd3a6d317d17d5ff71 corporate/4.0/i586/rawshark-1.0.11-0.1.20060mlcs4.i586.rpm
c45d1716fde523430c0993035f762120 corporate/4.0/i586/tshark-1.0.11-0.1.20060mlcs4.i586.rpm
d19e47fb78fd39d67cdabdffc2a85068 corporate/4.0/i586/wireshark-1.0.11-0.1.20060mlcs4.i586.rpm
760989e2d7e418b66355bc63b3d358fa corporate/4.0/i586/wireshark-tools-1.0.11-0.1.20060mlcs4.i586.rpm
9fa54f95ba1ac6139a265bbfc8d127b1 corporate/4.0/SRPMS/wireshark-1.0.11-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
c43b4f5e17905bf3e92420b572537a78 corporate/4.0/x86_64/dumpcap-1.0.11-0.1.20060mlcs4.x86_64.rpm
90afae49acdbb872d0e2068eac663c72 corporate/4.0/x86_64/lib64wireshark0-1.0.11-0.1.20060mlcs4.x86_64.rpm
58745ea4d1f3b484678f34c0f42ea7ec corporate/4.0/x86_64/lib64wireshark-devel-1.0.11-0.1.20060mlcs4.x86_64.rpm
b604127daebc516779b1709d51a6bdb5 corporate/4.0/x86_64/rawshark-1.0.11-0.1.20060mlcs4.x86_64.rpm
06cf97ba0b2fd291fa4fff0a5e467e37 corporate/4.0/x86_64/tshark-1.0.11-0.1.20060mlcs4.x86_64.rpm
d2903cbeedfe11f49fad3e3627550d78 corporate/4.0/x86_64/wireshark-1.0.11-0.1.20060mlcs4.x86_64.rpm
1ca2c1af36c8ff26e15ec0cc71274a05 corporate/4.0/x86_64/wireshark-tools-1.0.11-0.1.20060mlcs4.x86_64.rpm
9fa54f95ba1ac6139a265bbfc8d127b1 corporate/4.0/SRPMS/wireshark-1.0.11-0.1.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
d121a5b1d6854048326174d9e6bcedd7 mes5/i586/dumpcap-1.0.11-0.1mdvmes5.i586.rpm
b7f17c2f23b86a56505f19229d3127a4 mes5/i586/libwireshark0-1.0.11-0.1mdvmes5.i586.rpm
347b5faa357359bc766874668baa7433 mes5/i586/libwireshark-devel-1.0.11-0.1mdvmes5.i586.rpm
e0312c09a741831f029a87ec7b111a16 mes5/i586/rawshark-1.0.11-0.1mdvmes5.i586.rpm
704670f3d68a4ef18998325927c675d7 mes5/i586/tshark-1.0.11-0.1mdvmes5.i586.rpm
5c9aa7ace2318bd60b2c9b1be03de4a3 mes5/i586/wireshark-1.0.11-0.1mdvmes5.i586.rpm
3414f1f520fa7129bca53639339d4427 mes5/i586/wireshark-tools-1.0.11-0.1mdvmes5.i586.rpm
33e3b36192051dcff6c1069bc415f34a mes5/SRPMS/wireshark-1.0.11-0.1mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
32b01554823524580d7527e64b6ec1b2 mes5/x86_64/dumpcap-1.0.11-0.1mdvmes5.x86_64.rpm
01f27d99f023bbd83ab110bd12300a9e mes5/x86_64/lib64wireshark0-1.0.11-0.1mdvmes5.x86_64.rpm
3f70c94125aa2297690b936936b32493 mes5/x86_64/lib64wireshark-devel-1.0.11-0.1mdvmes5.x86_64.rpm
08624b3f91f6a8442abc802ec0f24c74 mes5/x86_64/rawshark-1.0.11-0.1mdvmes5.x86_64.rpm
563cd28702d1572e17c6f99fc23178dd mes5/x86_64/tshark-1.0.11-0.1mdvmes5.x86_64.rpm
8af1a674c107ff546a8f28158ef15a9d mes5/x86_64/wireshark-1.0.11-0.1mdvmes5.x86_64.rpm
71f149cc307ee3b026867c2c282216f4 mes5/x86_64/wireshark-tools-1.0.11-0.1mdvmes5.x86_64.rpm
33e3b36192051dcff6c1069bc415f34a mes5/SRPMS/wireshark-1.0.11-0.1mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLaLrMmqjQ0CJFipgRAsIIAKDaKxrjGJURNYZqhbab5Ci9ShD8YwCgigF/
EsdbEOhtMEyVHxbpJc883Co=
=kgK8
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists