lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Ogk2K-0004pk-Na@titan.mandriva.com>
Date: Wed, 04 Aug 2010 21:54:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:144 ] wireshark

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:144
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : August 4, 2010
 Affected: 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 This advisory updates wireshark to the latest version(s), fixing
 several security issues:
 
 Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through
 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack
 vectors (CVE-2010-2284).
 
 Buffer overflow in the SigComp Universal Decompressor Virtual Machine
 dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8
 has unknown impact and remote attack vectors (CVE-2010-2287).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2284
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2287
 http://www.wireshark.org/docs/relnotes/wireshark-1.0.15.html
 http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.1:
 649929b220accc84d3a09cec3f4d16c6  2009.1/i586/dumpcap-1.0.15-0.1mdv2009.1.i586.rpm
 fe9ac34bb04cdaf07928f48e6c504842  2009.1/i586/libwireshark0-1.0.15-0.1mdv2009.1.i586.rpm
 853c3a49e0ba23ca7c8a792a3666fb82  2009.1/i586/libwireshark-devel-1.0.15-0.1mdv2009.1.i586.rpm
 809535583954ce35bf8992d6213aeaf7  2009.1/i586/rawshark-1.0.15-0.1mdv2009.1.i586.rpm
 285be0f4b537006e9005aaf40cd384d2  2009.1/i586/tshark-1.0.15-0.1mdv2009.1.i586.rpm
 392f629afb206556394be294f789e1da  2009.1/i586/wireshark-1.0.15-0.1mdv2009.1.i586.rpm
 e6c10b3275d1fec0706f459d8fd0df80  2009.1/i586/wireshark-tools-1.0.15-0.1mdv2009.1.i586.rpm 
 6cf37803deacd414442d0c14579ecbdd  2009.1/SRPMS/wireshark-1.0.15-0.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 58e8f5a39b7be3e0869899f94ce28df7  2009.1/x86_64/dumpcap-1.0.15-0.1mdv2009.1.x86_64.rpm
 5a57f2f2921189c3c1c87ebc91fced9f  2009.1/x86_64/lib64wireshark0-1.0.15-0.1mdv2009.1.x86_64.rpm
 270aed9d53b55438c8f0652cc8d56b72  2009.1/x86_64/lib64wireshark-devel-1.0.15-0.1mdv2009.1.x86_64.rpm
 566568bc35889d4c82c3db488c4ec64e  2009.1/x86_64/rawshark-1.0.15-0.1mdv2009.1.x86_64.rpm
 064cf822bbf4974f1b7428b43c7b6709  2009.1/x86_64/tshark-1.0.15-0.1mdv2009.1.x86_64.rpm
 590c5e18004ed458158aedfb9019a535  2009.1/x86_64/wireshark-1.0.15-0.1mdv2009.1.x86_64.rpm
 28855b853115f2ca4c2b89a39d901271  2009.1/x86_64/wireshark-tools-1.0.15-0.1mdv2009.1.x86_64.rpm 
 6cf37803deacd414442d0c14579ecbdd  2009.1/SRPMS/wireshark-1.0.15-0.1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 f286bf9a609d4a4bc4b45a87d1ee3910  2010.0/i586/dumpcap-1.2.10-0.1mdv2010.0.i586.rpm
 fe875ffdd62c4bc02171c749a55b0d5e  2010.0/i586/libwireshark0-1.2.10-0.1mdv2010.0.i586.rpm
 02b337d9f05512076a7a7ae992329428  2010.0/i586/libwireshark-devel-1.2.10-0.1mdv2010.0.i586.rpm
 1ea873e0ffde43399344e4c4fd32ad51  2010.0/i586/rawshark-1.2.10-0.1mdv2010.0.i586.rpm
 33123c074f901ff4eefcab2d8a8331cd  2010.0/i586/tshark-1.2.10-0.1mdv2010.0.i586.rpm
 b6d104b10caa14e34aae52877c334631  2010.0/i586/wireshark-1.2.10-0.1mdv2010.0.i586.rpm
 a81812f5bee2ff7a5882e15e799cf143  2010.0/i586/wireshark-tools-1.2.10-0.1mdv2010.0.i586.rpm 
 bfdc0eda31ac02b624cb3e29c10a80fc  2010.0/SRPMS/wireshark-1.2.10-0.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 4648788496bbe490cc2b2f16028421e5  2010.0/x86_64/dumpcap-1.2.10-0.1mdv2010.0.x86_64.rpm
 16e5d6c2c4e0d4e65cd6f5e1bab329c9  2010.0/x86_64/lib64wireshark0-1.2.10-0.1mdv2010.0.x86_64.rpm
 94444fadfd5d95ec04e15fd0ef77d655  2010.0/x86_64/lib64wireshark-devel-1.2.10-0.1mdv2010.0.x86_64.rpm
 d48c90be3918a12615aa708f9e7c1f8e  2010.0/x86_64/rawshark-1.2.10-0.1mdv2010.0.x86_64.rpm
 91cf1c3076a776d176455a0a721f7561  2010.0/x86_64/tshark-1.2.10-0.1mdv2010.0.x86_64.rpm
 fa58a0335a911ca507bbee371cf8ce8c  2010.0/x86_64/wireshark-1.2.10-0.1mdv2010.0.x86_64.rpm
 aa5cb120bc78e48491849ac8b5ea224c  2010.0/x86_64/wireshark-tools-1.2.10-0.1mdv2010.0.x86_64.rpm 
 bfdc0eda31ac02b624cb3e29c10a80fc  2010.0/SRPMS/wireshark-1.2.10-0.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 40c7b0ba7f02da73e6904840e4861ea0  2010.1/i586/dumpcap-1.2.10-0.1mdv2010.1.i586.rpm
 26e9032812ac8f0ab0291eb690f99375  2010.1/i586/libwireshark0-1.2.10-0.1mdv2010.1.i586.rpm
 2f0989489127e31859270f49bf75b2b8  2010.1/i586/libwireshark-devel-1.2.10-0.1mdv2010.1.i586.rpm
 e261ff676225ab54a491cda5e6db6c88  2010.1/i586/rawshark-1.2.10-0.1mdv2010.1.i586.rpm
 c49509969104228248717279ad9a5f99  2010.1/i586/tshark-1.2.10-0.1mdv2010.1.i586.rpm
 a1eb4bae12bde6f1d3c4d6c7640b7b8d  2010.1/i586/wireshark-1.2.10-0.1mdv2010.1.i586.rpm
 cae58096d8cd4c5c09a776a1752a824f  2010.1/i586/wireshark-tools-1.2.10-0.1mdv2010.1.i586.rpm 
 bb0b88dadd21016dd0eb5658eb1409d1  2010.1/SRPMS/wireshark-1.2.10-0.1mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 75a844c34042e0025a7b3246b4d8afd5  2010.1/x86_64/dumpcap-1.2.10-0.1mdv2010.1.x86_64.rpm
 bbb7a7f9645e6e357b9729c7b153f286  2010.1/x86_64/lib64wireshark0-1.2.10-0.1mdv2010.1.x86_64.rpm
 206509108a6bc75f90a9d926981aa810  2010.1/x86_64/lib64wireshark-devel-1.2.10-0.1mdv2010.1.x86_64.rpm
 bd90e8eaca22e75ec4be1e9f2d6286d7  2010.1/x86_64/rawshark-1.2.10-0.1mdv2010.1.x86_64.rpm
 d097aa15ee120fdf9759933e6e6e2d42  2010.1/x86_64/tshark-1.2.10-0.1mdv2010.1.x86_64.rpm
 b33aadf34dcc47717f65b0ca05aba65e  2010.1/x86_64/wireshark-1.2.10-0.1mdv2010.1.x86_64.rpm
 b58853ddf4fd87201ca363f58f0a66a8  2010.1/x86_64/wireshark-tools-1.2.10-0.1mdv2010.1.x86_64.rpm 
 bb0b88dadd21016dd0eb5658eb1409d1  2010.1/SRPMS/wireshark-1.2.10-0.1mdv2010.1.src.rpm

 Corporate 4.0:
 2fb380c5d0e13388f08b8d3816d69d6a  corporate/4.0/i586/dumpcap-1.0.15-0.1.20060mlcs4.i586.rpm
 b09967e9b8e6fd62f43ce1594cb03b3b  corporate/4.0/i586/libwireshark0-1.0.15-0.1.20060mlcs4.i586.rpm
 c9094d5e890265b8d212ff520652a94e  corporate/4.0/i586/libwireshark-devel-1.0.15-0.1.20060mlcs4.i586.rpm
 57de461a9e939792d4d47a193db66414  corporate/4.0/i586/rawshark-1.0.15-0.1.20060mlcs4.i586.rpm
 470752a4722aa3579a021491a77f8a02  corporate/4.0/i586/tshark-1.0.15-0.1.20060mlcs4.i586.rpm
 629b138145e384e1769807442557997f  corporate/4.0/i586/wireshark-1.0.15-0.1.20060mlcs4.i586.rpm
 0543f4009f485a88228d6fbad0651006  corporate/4.0/i586/wireshark-tools-1.0.15-0.1.20060mlcs4.i586.rpm 
 c2a8777b9e91c10db49dcce4bc07ca8f  corporate/4.0/SRPMS/wireshark-1.0.15-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 4bcee5cf2b7789794b249a976ab1c090  corporate/4.0/x86_64/dumpcap-1.0.15-0.1.20060mlcs4.x86_64.rpm
 12b528fcebd6f308c9a07b7c8c2808ae  corporate/4.0/x86_64/lib64wireshark0-1.0.15-0.1.20060mlcs4.x86_64.rpm
 03d8df3825ca8ec17eee0d7c1b8f0434  corporate/4.0/x86_64/lib64wireshark-devel-1.0.15-0.1.20060mlcs4.x86_64.rpm
 3331e2e29508545cd1df845f90505e2e  corporate/4.0/x86_64/rawshark-1.0.15-0.1.20060mlcs4.x86_64.rpm
 4f3f7eea19272c34c9772750f7deabf8  corporate/4.0/x86_64/tshark-1.0.15-0.1.20060mlcs4.x86_64.rpm
 23b80b45cc197265f9de150663b92a2d  corporate/4.0/x86_64/wireshark-1.0.15-0.1.20060mlcs4.x86_64.rpm
 74099b44b693ff24f153ed3657885f75  corporate/4.0/x86_64/wireshark-tools-1.0.15-0.1.20060mlcs4.x86_64.rpm 
 c2a8777b9e91c10db49dcce4bc07ca8f  corporate/4.0/SRPMS/wireshark-1.0.15-0.1.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 dac13de131da417f6f5ee277ef29fdad  mes5/i586/dumpcap-1.0.15-0.1mdvmes5.1.i586.rpm
 0cff76874dc8a32453c83339525ab86a  mes5/i586/libwireshark0-1.0.15-0.1mdvmes5.1.i586.rpm
 26c12363682d353a4f092bbcef1c973d  mes5/i586/libwireshark-devel-1.0.15-0.1mdvmes5.1.i586.rpm
 a8ff72f2783addc89d70ac757a43e3c6  mes5/i586/rawshark-1.0.15-0.1mdvmes5.1.i586.rpm
 b6bcb8213a97f268bb8ff5399c98b90e  mes5/i586/tshark-1.0.15-0.1mdvmes5.1.i586.rpm
 b31e891b8f5e790da05c0e038c1dbda9  mes5/i586/wireshark-1.0.15-0.1mdvmes5.1.i586.rpm
 db8612a1102500e85dfba9c46b02d530  mes5/i586/wireshark-tools-1.0.15-0.1mdvmes5.1.i586.rpm 
 68633f05c02b2cc27640f3f07ae74979  mes5/SRPMS/wireshark-1.0.15-0.1mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 1ded87839c1efce910be6dd47b197a87  mes5/x86_64/dumpcap-1.0.15-0.1mdvmes5.1.x86_64.rpm
 d91facbb2261cc88e87d8d82bbba7018  mes5/x86_64/lib64wireshark0-1.0.15-0.1mdvmes5.1.x86_64.rpm
 507e512d9b34124e34b3f9f5d745e0a5  mes5/x86_64/lib64wireshark-devel-1.0.15-0.1mdvmes5.1.x86_64.rpm
 9ca6376417d980bd245f1a139e62cb34  mes5/x86_64/rawshark-1.0.15-0.1mdvmes5.1.x86_64.rpm
 e699c4729a8d0d707637e18435bc17e7  mes5/x86_64/tshark-1.0.15-0.1mdvmes5.1.x86_64.rpm
 0e3d4a033e45bf69aeba46bd0a489f4d  mes5/x86_64/wireshark-1.0.15-0.1mdvmes5.1.x86_64.rpm
 7e1adf1ecdd7b98a3354e13a7a38153f  mes5/x86_64/wireshark-tools-1.0.15-0.1mdvmes5.1.x86_64.rpm 
 68633f05c02b2cc27640f3f07ae74979  mes5/SRPMS/wireshark-1.0.15-0.1mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMWZb0mqjQ0CJFipgRArYLAKDq9FbR8zHVKVLeoNoS1v48TVS49QCffump
UUPIbAZauyz46bUJa0oUHLs=
=P0RR
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ