lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <E1OMiwG-0004tT-QD@titan.mandriva.com>
Date: Thu, 10 Jun 2010 16:41:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:113 ] wireshark


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:113
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : June 10, 2010
 Affected: 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 This advisory updates wireshark to the latest version(s), fixing
 several security issues:
 
 * The SMB dissector could dereference a NULL pointer. (Bug 4734)
 * J. Oquendo discovered that the ASN.1 BER dissector could overrun
 the stack.
 * The SMB PIPE dissector could dereference a NULL pointer on some
 platforms.
 * The SigComp Universal Decompressor Virtual Machine could go into
 an infinite loop. (Bug 4826)
 * The SigComp Universal Decompressor Virtual Machine could overrun
 a buffer. (Bug 4837)
 _______________________________________________________________________

 References:

 http://www.wireshark.org/security/wnpa-sec-2010-06.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.1:
 0149a3fead677c67a65d689ca5d14003  2009.1/i586/dumpcap-1.0.14-0.1mdv2009.1.i586.rpm
 11cc457d2403d1528a21ffe5b9ac7262  2009.1/i586/libwireshark0-1.0.14-0.1mdv2009.1.i586.rpm
 f21953c954858ae6a42ac17c2652cfd3  2009.1/i586/libwireshark-devel-1.0.14-0.1mdv2009.1.i586.rpm
 9ce458c253544e9db459e47031d0fc14  2009.1/i586/rawshark-1.0.14-0.1mdv2009.1.i586.rpm
 ec86335e22ee4131f3309c9ac7f89179  2009.1/i586/tshark-1.0.14-0.1mdv2009.1.i586.rpm
 51d99d113f714d520a6822e40bd404b1  2009.1/i586/wireshark-1.0.14-0.1mdv2009.1.i586.rpm
 7cce0b057fe2ddba39322a6c8e921021  2009.1/i586/wireshark-tools-1.0.14-0.1mdv2009.1.i586.rpm 
 3e445d801ec43cec961207ed015ab18b  2009.1/SRPMS/wireshark-1.0.14-0.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 8c62a4b0639d0410f8a7ba0eb570aba9  2009.1/x86_64/dumpcap-1.0.14-0.1mdv2009.1.x86_64.rpm
 4c3e4e1ac92419e056e0d7c17388c7a5  2009.1/x86_64/lib64wireshark0-1.0.14-0.1mdv2009.1.x86_64.rpm
 22142ce9111218ac0a2e8e8a349c777d  2009.1/x86_64/lib64wireshark-devel-1.0.14-0.1mdv2009.1.x86_64.rpm
 8ae04d4331132c1d7760191a74554097  2009.1/x86_64/rawshark-1.0.14-0.1mdv2009.1.x86_64.rpm
 31ccfda4a4876616f0060d138c3bf792  2009.1/x86_64/tshark-1.0.14-0.1mdv2009.1.x86_64.rpm
 2009a55c6de17a76bac77527df496805  2009.1/x86_64/wireshark-1.0.14-0.1mdv2009.1.x86_64.rpm
 ed9dc6458f9a2d420c09f2ae60d94305  2009.1/x86_64/wireshark-tools-1.0.14-0.1mdv2009.1.x86_64.rpm 
 3e445d801ec43cec961207ed015ab18b  2009.1/SRPMS/wireshark-1.0.14-0.1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 957483b67e3a59c962f68682681a9353  2010.0/i586/dumpcap-1.2.9-0.1mdv2010.0.i586.rpm
 307f4c51e60f12266a6249847eb3084c  2010.0/i586/libwireshark0-1.2.9-0.1mdv2010.0.i586.rpm
 783bb6328cddb6d67ca78903de21fd78  2010.0/i586/libwireshark-devel-1.2.9-0.1mdv2010.0.i586.rpm
 e8263e71c5535834050e2545fda00269  2010.0/i586/rawshark-1.2.9-0.1mdv2010.0.i586.rpm
 8fd5540508424a4efb961846fc6effcf  2010.0/i586/tshark-1.2.9-0.1mdv2010.0.i586.rpm
 24d88246de24678efe207b514dc921c0  2010.0/i586/wireshark-1.2.9-0.1mdv2010.0.i586.rpm
 eed336910fa875e328b4bae15e393c6d  2010.0/i586/wireshark-tools-1.2.9-0.1mdv2010.0.i586.rpm 
 ff08f1c116a92a85482d9a7add3048c2  2010.0/SRPMS/wireshark-1.2.9-0.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 e0a17c636356a9e98712844f1cbfc1d4  2010.0/x86_64/dumpcap-1.2.9-0.1mdv2010.0.x86_64.rpm
 b4b393e753cb7faa7d0772e04f491635  2010.0/x86_64/lib64wireshark0-1.2.9-0.1mdv2010.0.x86_64.rpm
 76a874fa3d61dc9b1f02e8bb5f8a3b37  2010.0/x86_64/lib64wireshark-devel-1.2.9-0.1mdv2010.0.x86_64.rpm
 9e55b4d27b3c9ec612118f444c0d466c  2010.0/x86_64/rawshark-1.2.9-0.1mdv2010.0.x86_64.rpm
 30b3f61b36ca7f5b3a3609097eb8243b  2010.0/x86_64/tshark-1.2.9-0.1mdv2010.0.x86_64.rpm
 bac14f9558cd32fe67ad9e02c1d7f028  2010.0/x86_64/wireshark-1.2.9-0.1mdv2010.0.x86_64.rpm
 29e8a3388febbd18408582d1c36bb461  2010.0/x86_64/wireshark-tools-1.2.9-0.1mdv2010.0.x86_64.rpm 
 ff08f1c116a92a85482d9a7add3048c2  2010.0/SRPMS/wireshark-1.2.9-0.1mdv2010.0.src.rpm

 Corporate 4.0:
 6dae354dc5bfb616c8e1b934ed7916a2  corporate/4.0/i586/dumpcap-1.0.14-0.1.20060mlcs4.i586.rpm
 ebc9b7995eda40b26ba9e3b3ba961ebc  corporate/4.0/i586/libwireshark0-1.0.14-0.1.20060mlcs4.i586.rpm
 74f01e8e41aadfa90c2f07780d113a9d  corporate/4.0/i586/libwireshark-devel-1.0.14-0.1.20060mlcs4.i586.rpm
 0865efb6c3ec94de7a15f4ad1a16d16c  corporate/4.0/i586/rawshark-1.0.14-0.1.20060mlcs4.i586.rpm
 f48013915dbb1876ca6853d5ababc3b0  corporate/4.0/i586/tshark-1.0.14-0.1.20060mlcs4.i586.rpm
 4527afe77f80cf422ff2afad2af160df  corporate/4.0/i586/wireshark-1.0.14-0.1.20060mlcs4.i586.rpm
 7e9363e0291f06f2b7026b1cf686e8fb  corporate/4.0/i586/wireshark-tools-1.0.14-0.1.20060mlcs4.i586.rpm 
 0d0b4bb69b5c512396237d9c2afd5e27  corporate/4.0/SRPMS/wireshark-1.0.14-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 ec6ca062956bc7cd85ed63b3126edd75  corporate/4.0/x86_64/dumpcap-1.0.14-0.1.20060mlcs4.x86_64.rpm
 b028dba7a3521d06c5e14968ab098cfe  corporate/4.0/x86_64/lib64wireshark0-1.0.14-0.1.20060mlcs4.x86_64.rpm
 9e2269ede036edfba058b6ab2f2fe909  corporate/4.0/x86_64/lib64wireshark-devel-1.0.14-0.1.20060mlcs4.x86_64.rpm
 bc8ac5e38124410faa899547174caebe  corporate/4.0/x86_64/rawshark-1.0.14-0.1.20060mlcs4.x86_64.rpm
 4375ffc2e790ff1d8ac65ca1e665eb63  corporate/4.0/x86_64/tshark-1.0.14-0.1.20060mlcs4.x86_64.rpm
 32e8318c947e41fced9cdeb5b593abbc  corporate/4.0/x86_64/wireshark-1.0.14-0.1.20060mlcs4.x86_64.rpm
 60721e6895f05f681157f3626449f978  corporate/4.0/x86_64/wireshark-tools-1.0.14-0.1.20060mlcs4.x86_64.rpm 
 0d0b4bb69b5c512396237d9c2afd5e27  corporate/4.0/SRPMS/wireshark-1.0.14-0.1.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 354ff88c7ea4fd41dbb9b8f35a841cbe  mes5/i586/dumpcap-1.0.14-0.1mdvmes5.1.i586.rpm
 19947807a4e394037b3ad41157ef9350  mes5/i586/libwireshark0-1.0.14-0.1mdvmes5.1.i586.rpm
 aa0f85a08dc07104b19661d08d0016f6  mes5/i586/libwireshark-devel-1.0.14-0.1mdvmes5.1.i586.rpm
 212b31fd0717217ae7490d5180e34ab7  mes5/i586/rawshark-1.0.14-0.1mdvmes5.1.i586.rpm
 2bebf9603cda2d2c6e44f6f40f7bf5ae  mes5/i586/tshark-1.0.14-0.1mdvmes5.1.i586.rpm
 6b64f12e9746bc3c88215dfecf5eb9d1  mes5/i586/wireshark-1.0.14-0.1mdvmes5.1.i586.rpm
 75aabd5c46660d4d2cd6f3fe57534dd9  mes5/i586/wireshark-tools-1.0.14-0.1mdvmes5.1.i586.rpm 
 81416ee15a5923e20aee9e523532b858  mes5/SRPMS/wireshark-1.0.14-0.1mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 ec16a7c441c94c2e4586debf7ff75abf  mes5/x86_64/dumpcap-1.0.14-0.1mdvmes5.1.x86_64.rpm
 0438953d4c51ec7305260dfe8ac0ad6f  mes5/x86_64/lib64wireshark0-1.0.14-0.1mdvmes5.1.x86_64.rpm
 3db1be26ffecf9ea0d3cb7f367bc98da  mes5/x86_64/lib64wireshark-devel-1.0.14-0.1mdvmes5.1.x86_64.rpm
 63fdc2852f2000a22616da7775fbb6b3  mes5/x86_64/rawshark-1.0.14-0.1mdvmes5.1.x86_64.rpm
 379fff2c113e2a4625b4765b1f81fe82  mes5/x86_64/tshark-1.0.14-0.1mdvmes5.1.x86_64.rpm
 33e8bea5e675c4ecc2f141812773048a  mes5/x86_64/wireshark-1.0.14-0.1mdvmes5.1.x86_64.rpm
 34cd72cad36e3fae9fcf3006cf19c22d  mes5/x86_64/wireshark-tools-1.0.14-0.1mdvmes5.1.x86_64.rpm 
 81416ee15a5923e20aee9e523532b858  mes5/SRPMS/wireshark-1.0.14-0.1mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMEO/VmqjQ0CJFipgRAlOZAKCba74KIgu9DrU/RJ5cQcon7ZToagCg9oFU
21Eb/3qaIyEdQG3lXWrKMpg=
=4Cqr
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ