lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OES5A-0006cx-Oz@titan.mandriva.com>
Date: Tue, 18 May 2010 21:04:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:099 ] wireshark


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:099
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : May 18, 2010
 Affected: 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 This advisory updates wireshark to the latest version(s), fixing
 several bugs and one security issue:
 
 The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0
 through 1.2.7 allows user-assisted remote attackers to cause a denial
 of service (application crash) via a malformed packet trace file
 (CVE-2010-1455).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1455
 http://www.wireshark.org/security/wnpa-sec-2010-03.html
 http://www.wireshark.org/security/wnpa-sec-2010-04.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.1:
 3427658b5fa7df10dfa9171fce88f274  2009.1/i586/dumpcap-1.0.13-0.1mdv2009.1.i586.rpm
 95eaa9c7c7ac154903915192da011c30  2009.1/i586/libwireshark0-1.0.13-0.1mdv2009.1.i586.rpm
 8ff6136b164403ef8723c79ba1c4fe9c  2009.1/i586/libwireshark-devel-1.0.13-0.1mdv2009.1.i586.rpm
 a941891c51278956c8b09542fe38b316  2009.1/i586/rawshark-1.0.13-0.1mdv2009.1.i586.rpm
 e7f5402a8b5ea82a517331662d052258  2009.1/i586/tshark-1.0.13-0.1mdv2009.1.i586.rpm
 0766111a0a9343548634dabaa1d45532  2009.1/i586/wireshark-1.0.13-0.1mdv2009.1.i586.rpm
 19a17a62a92d2c5b5333fd50b084b6af  2009.1/i586/wireshark-tools-1.0.13-0.1mdv2009.1.i586.rpm 
 8ab9c2e193eac4ae22d7d511a4090781  2009.1/SRPMS/wireshark-1.0.13-0.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 8f7794755f7c0eedc2b28e8418856360  2009.1/x86_64/dumpcap-1.0.13-0.1mdv2009.1.x86_64.rpm
 e97ce630c1d3574081498ceb43a212b0  2009.1/x86_64/lib64wireshark0-1.0.13-0.1mdv2009.1.x86_64.rpm
 35cc38b16123a19a98a2861b6e6bae54  2009.1/x86_64/lib64wireshark-devel-1.0.13-0.1mdv2009.1.x86_64.rpm
 fa900f436680fcab9743efb8f0d22f51  2009.1/x86_64/rawshark-1.0.13-0.1mdv2009.1.x86_64.rpm
 47a14ff044d80421e45dedb1b7efd8fd  2009.1/x86_64/tshark-1.0.13-0.1mdv2009.1.x86_64.rpm
 a1876af79319c30d2b8566c5952588eb  2009.1/x86_64/wireshark-1.0.13-0.1mdv2009.1.x86_64.rpm
 c4f1f8b8379ce70809273245444e0274  2009.1/x86_64/wireshark-tools-1.0.13-0.1mdv2009.1.x86_64.rpm 
 8ab9c2e193eac4ae22d7d511a4090781  2009.1/SRPMS/wireshark-1.0.13-0.1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 2c5b85c0cb3e8221d600ea1c940d64c4  2010.0/i586/dumpcap-1.2.8-0.1mdv2010.0.i586.rpm
 a85db0c4912c68d69a6e413a6746f3f2  2010.0/i586/libwireshark0-1.2.8-0.1mdv2010.0.i586.rpm
 0e9fbb983c87fad49130ae895d967f18  2010.0/i586/libwireshark-devel-1.2.8-0.1mdv2010.0.i586.rpm
 8145924953fb4978e6aac7f7a3350ad4  2010.0/i586/rawshark-1.2.8-0.1mdv2010.0.i586.rpm
 91b4fe8fbd482e9c23c20cb94419b095  2010.0/i586/tshark-1.2.8-0.1mdv2010.0.i586.rpm
 e2d9d1a05bb335b46c30436cc96c451b  2010.0/i586/wireshark-1.2.8-0.1mdv2010.0.i586.rpm
 76267d68aef9aaa1eb0980313caf870e  2010.0/i586/wireshark-tools-1.2.8-0.1mdv2010.0.i586.rpm 
 06020dae672ccfa508fb2178ebebc40d  2010.0/SRPMS/wireshark-1.2.8-0.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 2586bb1431247188f3baa0defefaa56b  2010.0/x86_64/dumpcap-1.2.8-0.1mdv2010.0.x86_64.rpm
 e90b861b4536d972a0aecd8872332ed6  2010.0/x86_64/lib64wireshark0-1.2.8-0.1mdv2010.0.x86_64.rpm
 6659765951116ebf828767453770c894  2010.0/x86_64/lib64wireshark-devel-1.2.8-0.1mdv2010.0.x86_64.rpm
 d4df009441f8298a31166051b856bbb6  2010.0/x86_64/rawshark-1.2.8-0.1mdv2010.0.x86_64.rpm
 f6ca978a30455563574c7692c5761645  2010.0/x86_64/tshark-1.2.8-0.1mdv2010.0.x86_64.rpm
 3f14e37aeba9563c97565450e3cff0c4  2010.0/x86_64/wireshark-1.2.8-0.1mdv2010.0.x86_64.rpm
 ceb5d1d67c811a789f689b6c52c6b138  2010.0/x86_64/wireshark-tools-1.2.8-0.1mdv2010.0.x86_64.rpm 
 06020dae672ccfa508fb2178ebebc40d  2010.0/SRPMS/wireshark-1.2.8-0.1mdv2010.0.src.rpm

 Corporate 4.0:
 c4b2c595380a9ffecf99a9d5327d718d  corporate/4.0/i586/dumpcap-1.0.13-0.1.20060mlcs4.i586.rpm
 684237a417550abfb5cd737e4251209a  corporate/4.0/i586/libwireshark0-1.0.13-0.1.20060mlcs4.i586.rpm
 3bd58a1b9287347d442337893918134e  corporate/4.0/i586/libwireshark-devel-1.0.13-0.1.20060mlcs4.i586.rpm
 3b74b6610f9f4cbfdde3a91ecb1ad968  corporate/4.0/i586/rawshark-1.0.13-0.1.20060mlcs4.i586.rpm
 5d51ba1b7f02a343c75a12832ca35ad8  corporate/4.0/i586/tshark-1.0.13-0.1.20060mlcs4.i586.rpm
 82526ef77e651cf0b7c02a81c7a700c0  corporate/4.0/i586/wireshark-1.0.13-0.1.20060mlcs4.i586.rpm
 dc716e950488d94feed96787f67be9c9  corporate/4.0/i586/wireshark-tools-1.0.13-0.1.20060mlcs4.i586.rpm 
 b97b0f6aa0d8c5642ac07436141c855d  corporate/4.0/SRPMS/wireshark-1.0.13-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 2ec3496f75013772d6e9bdea6828c16f  corporate/4.0/x86_64/dumpcap-1.0.13-0.1.20060mlcs4.x86_64.rpm
 c0865dc441a4ec7c400ac058412cb032  corporate/4.0/x86_64/lib64wireshark0-1.0.13-0.1.20060mlcs4.x86_64.rpm
 ec3f166d445b74f6e46e0c4bac4e6c62  corporate/4.0/x86_64/lib64wireshark-devel-1.0.13-0.1.20060mlcs4.x86_64.rpm
 9d7cf63bbdd653cae0c798c208add461  corporate/4.0/x86_64/rawshark-1.0.13-0.1.20060mlcs4.x86_64.rpm
 8df217351b953556dbfee0ea8b5ddf50  corporate/4.0/x86_64/tshark-1.0.13-0.1.20060mlcs4.x86_64.rpm
 d53580174b0a15136052fd5669791667  corporate/4.0/x86_64/wireshark-1.0.13-0.1.20060mlcs4.x86_64.rpm
 24ab0d2d38836f963606cfd8f7aa6232  corporate/4.0/x86_64/wireshark-tools-1.0.13-0.1.20060mlcs4.x86_64.rpm 
 b97b0f6aa0d8c5642ac07436141c855d  corporate/4.0/SRPMS/wireshark-1.0.13-0.1.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 f865f10f62d8e5527f1f8524b9891c5e  mes5/i586/dumpcap-1.0.13-0.1mdvmes5.1.i586.rpm
 7bde53dbbc605a62b83e48e5a0bbde53  mes5/i586/libwireshark0-1.0.13-0.1mdvmes5.1.i586.rpm
 7ecca1bf236e03022150f93092dd3ef7  mes5/i586/libwireshark-devel-1.0.13-0.1mdvmes5.1.i586.rpm
 32bbd3675662dea150f915e1ee77ae17  mes5/i586/rawshark-1.0.13-0.1mdvmes5.1.i586.rpm
 c072835fc21b9b36a5eb7d0761d288c7  mes5/i586/tshark-1.0.13-0.1mdvmes5.1.i586.rpm
 b5fca6f651f1b81f0df15b5c71d9cdfb  mes5/i586/wireshark-1.0.13-0.1mdvmes5.1.i586.rpm
 d711e784319692510c6691594936d57e  mes5/i586/wireshark-tools-1.0.13-0.1mdvmes5.1.i586.rpm 
 355ce77e75e6cf4f2f86e0824aeb81a2  mes5/SRPMS/wireshark-1.0.13-0.1mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 f997085cdfb83ec7b21a5096b3f7f655  mes5/x86_64/dumpcap-1.0.13-0.1mdvmes5.1.x86_64.rpm
 586e93233e0596f188f3cf3400540db3  mes5/x86_64/lib64wireshark0-1.0.13-0.1mdvmes5.1.x86_64.rpm
 101ac339faa3cb81e855eff790fc57b2  mes5/x86_64/lib64wireshark-devel-1.0.13-0.1mdvmes5.1.x86_64.rpm
 a5bdef0bb8c7a95abc2a397acedf4c6b  mes5/x86_64/rawshark-1.0.13-0.1mdvmes5.1.x86_64.rpm
 20e38292613f404a59e1d0c7a459a7dc  mes5/x86_64/tshark-1.0.13-0.1mdvmes5.1.x86_64.rpm
 f60e210371f306a9d65032d0a9eebc74  mes5/x86_64/wireshark-1.0.13-0.1mdvmes5.1.x86_64.rpm
 45a0c1e7597283105216f4a722d32854  mes5/x86_64/wireshark-tools-1.0.13-0.1mdvmes5.1.x86_64.rpm 
 355ce77e75e6cf4f2f86e0824aeb81a2  mes5/SRPMS/wireshark-1.0.13-0.1mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFL8ratmqjQ0CJFipgRAh+GAJ9c5ildsVIRLxoBRyVh+7LWOc73VwCfZNL8
+N6HtVQiR7ONcm65k5tvU84=
=y6OA
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ