lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1P63iK-0001MK-SE@titan.mandriva.com>
Date: Wed, 13 Oct 2010 17:58:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:200 ] wireshark

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:200
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : October 13, 2010
 Affected: 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 It was discovered that the ASN.1 BER dissector in wireshark was
 susceptible to a stack overflow (CVE-2010-3445).
 
 For 2010.0 and 2010.1 wireshark was upgraded to v1.2.12 which is not
 vulnerable to this issue and was patched for CS4 and MES5 to resolve
 the vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=
 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5230
 http://www.wireshark.org/security/wnpa-sec-2010-11.html
 http://www.wireshark.org/security/wnpa-sec-2010-12.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.0:
 f40ac2df7d649771ca4436997815ff7d  2010.0/i586/dumpcap-1.2.12-0.1mdv2010.0.i586.rpm
 6b1ff44460cb8c2d13fe79a7727a7576  2010.0/i586/libwireshark0-1.2.12-0.1mdv2010.0.i586.rpm
 f1b70e6241c58b97fcaeb694801e939b  2010.0/i586/libwireshark-devel-1.2.12-0.1mdv2010.0.i586.rpm
 cd3df61a371dd1deccf8fd8fbca80aa7  2010.0/i586/rawshark-1.2.12-0.1mdv2010.0.i586.rpm
 960c3289f6e2185517161d9223476d97  2010.0/i586/tshark-1.2.12-0.1mdv2010.0.i586.rpm
 e46825ba00c144e3f4de545a7996c9ca  2010.0/i586/wireshark-1.2.12-0.1mdv2010.0.i586.rpm
 3c30f330037371e1d9f5abbe393e2950  2010.0/i586/wireshark-tools-1.2.12-0.1mdv2010.0.i586.rpm 
 c872e89346410766c482dbf846883e3c  2010.0/SRPMS/wireshark-1.2.12-0.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 92be514a497b7463a322d846e6b7e9f6  2010.0/x86_64/dumpcap-1.2.12-0.1mdv2010.0.x86_64.rpm
 90c09a2441ab754559cbd8ac8aff112c  2010.0/x86_64/lib64wireshark0-1.2.12-0.1mdv2010.0.x86_64.rpm
 779e8575d192294604fa65970edc5279  2010.0/x86_64/lib64wireshark-devel-1.2.12-0.1mdv2010.0.x86_64.rpm
 c7e58ccd2579d611b0cc30aeec55499f  2010.0/x86_64/rawshark-1.2.12-0.1mdv2010.0.x86_64.rpm
 5588757ab177b0992f0cef2a169fd922  2010.0/x86_64/tshark-1.2.12-0.1mdv2010.0.x86_64.rpm
 a5c953819a8ecbade91aa69a6a9ebf36  2010.0/x86_64/wireshark-1.2.12-0.1mdv2010.0.x86_64.rpm
 b2a51e06e507aab3af42db5bde28e6ea  2010.0/x86_64/wireshark-tools-1.2.12-0.1mdv2010.0.x86_64.rpm 
 c872e89346410766c482dbf846883e3c  2010.0/SRPMS/wireshark-1.2.12-0.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 5c62d199b162f3234aa1b6bcd1b762a2  2010.1/i586/dumpcap-1.2.12-0.1mdv2010.1.i586.rpm
 f471133514b535a05e3ff34f6d143249  2010.1/i586/libwireshark0-1.2.12-0.1mdv2010.1.i586.rpm
 a9a220bbe0b0f00cb3fd4346f3840e4d  2010.1/i586/libwireshark-devel-1.2.12-0.1mdv2010.1.i586.rpm
 21029c832b5e55cc7b1a560d1c94d364  2010.1/i586/rawshark-1.2.12-0.1mdv2010.1.i586.rpm
 f6669ac7083215d23bdaf60c3bff67c2  2010.1/i586/tshark-1.2.12-0.1mdv2010.1.i586.rpm
 3e81b5bcf9921fac5ac5c1faee72dd59  2010.1/i586/wireshark-1.2.12-0.1mdv2010.1.i586.rpm
 a7290eb217dd4b33b309ef6012d6495a  2010.1/i586/wireshark-tools-1.2.12-0.1mdv2010.1.i586.rpm 
 a163debb57786ad7e057be1adbc42dc6  2010.1/SRPMS/wireshark-1.2.12-0.1mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 7404e0d17a12cae4bc0eab808b4c7910  2010.1/x86_64/dumpcap-1.2.12-0.1mdv2010.1.x86_64.rpm
 4a11c3b558b22da2a4992f316e172b76  2010.1/x86_64/lib64wireshark0-1.2.12-0.1mdv2010.1.x86_64.rpm
 fd8be9700208d2de0deb68b4c52dbf29  2010.1/x86_64/lib64wireshark-devel-1.2.12-0.1mdv2010.1.x86_64.rpm
 5c55ed9782c1c621bd6fbbc26d4e5a4f  2010.1/x86_64/rawshark-1.2.12-0.1mdv2010.1.x86_64.rpm
 b03b323ea0bca097af95a375b644f0db  2010.1/x86_64/tshark-1.2.12-0.1mdv2010.1.x86_64.rpm
 ac8a98fba0778c3b6e605dc56d685137  2010.1/x86_64/wireshark-1.2.12-0.1mdv2010.1.x86_64.rpm
 0441430e34ea5dad2fe88367c2d49a4f  2010.1/x86_64/wireshark-tools-1.2.12-0.1mdv2010.1.x86_64.rpm 
 a163debb57786ad7e057be1adbc42dc6  2010.1/SRPMS/wireshark-1.2.12-0.1mdv2010.1.src.rpm

 Corporate 4.0:
 a1587f7fd3ad986b4c77b4fefc7cffe4  corporate/4.0/i586/dumpcap-1.0.15-0.2.20060mlcs4.i586.rpm
 b549bc8586bec1a9d39a52c483086a74  corporate/4.0/i586/libwireshark0-1.0.15-0.2.20060mlcs4.i586.rpm
 ad5189043e06c0ca244dadbef04713ae  corporate/4.0/i586/libwireshark-devel-1.0.15-0.2.20060mlcs4.i586.rpm
 12271d314116cbbcae2752103e2c2833  corporate/4.0/i586/rawshark-1.0.15-0.2.20060mlcs4.i586.rpm
 902578159f4ac5e1c6cb46b694abfbd6  corporate/4.0/i586/tshark-1.0.15-0.2.20060mlcs4.i586.rpm
 4ec8f9b9d98406b4b66058d187449447  corporate/4.0/i586/wireshark-1.0.15-0.2.20060mlcs4.i586.rpm
 457d599fcff364ff83f781536319bde0  corporate/4.0/i586/wireshark-tools-1.0.15-0.2.20060mlcs4.i586.rpm 
 237f35e28dde484145ea6818d3bdeb35  corporate/4.0/SRPMS/wireshark-1.0.15-0.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 d5ee916cf712de37c061b90dc428595b  corporate/4.0/x86_64/dumpcap-1.0.15-0.2.20060mlcs4.x86_64.rpm
 a78bdeb3a412fe624afbf370faa63ca2  corporate/4.0/x86_64/lib64wireshark0-1.0.15-0.2.20060mlcs4.x86_64.rpm
 439edea75eb61a18236839c051927726  corporate/4.0/x86_64/lib64wireshark-devel-1.0.15-0.2.20060mlcs4.x86_64.rpm
 933730b1bf446d96681e03bb7e8b77a9  corporate/4.0/x86_64/rawshark-1.0.15-0.2.20060mlcs4.x86_64.rpm
 cb576f13d3fe98af597c1174db94680e  corporate/4.0/x86_64/tshark-1.0.15-0.2.20060mlcs4.x86_64.rpm
 0dadd636756c86be73272a3e52eeb2b0  corporate/4.0/x86_64/wireshark-1.0.15-0.2.20060mlcs4.x86_64.rpm
 f166b39458ace00ab82b0bc3cb26d0d8  corporate/4.0/x86_64/wireshark-tools-1.0.15-0.2.20060mlcs4.x86_64.rpm 
 237f35e28dde484145ea6818d3bdeb35  corporate/4.0/SRPMS/wireshark-1.0.15-0.2.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 36fc3359d0837a4e99ddaa39c08fac14  mes5/i586/dumpcap-1.0.15-0.2mdvmes5.1.i586.rpm
 a7e80b330d95ce5a882d5b4cc3b9daa0  mes5/i586/libwireshark0-1.0.15-0.2mdvmes5.1.i586.rpm
 e91f395a7e1bf38997a5e7346129eca9  mes5/i586/libwireshark-devel-1.0.15-0.2mdvmes5.1.i586.rpm
 676221c2b1db8c1ea855adc6b6c2cdcd  mes5/i586/rawshark-1.0.15-0.2mdvmes5.1.i586.rpm
 6aa18b2c65a37449ee1b55f76b06c7b0  mes5/i586/tshark-1.0.15-0.2mdvmes5.1.i586.rpm
 e5c00d579270c2b83fdd0a4c0ab2dd41  mes5/i586/wireshark-1.0.15-0.2mdvmes5.1.i586.rpm
 26961535b9defa4cee65c2687772672d  mes5/i586/wireshark-tools-1.0.15-0.2mdvmes5.1.i586.rpm 
 15470206d4632a0ca26c1c8c4c54954b  mes5/SRPMS/wireshark-1.0.15-0.2mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 df38c30fed1ff3a5c4a53b7c27112bd5  mes5/x86_64/dumpcap-1.0.15-0.2mdvmes5.1.x86_64.rpm
 69e44cc6333a09c87a79dba552615be6  mes5/x86_64/lib64wireshark0-1.0.15-0.2mdvmes5.1.x86_64.rpm
 0f27ccfdac100c5761fb88528b3344a1  mes5/x86_64/lib64wireshark-devel-1.0.15-0.2mdvmes5.1.x86_64.rpm
 bd895bd6785072eb2773cadde01ea7ad  mes5/x86_64/rawshark-1.0.15-0.2mdvmes5.1.x86_64.rpm
 9a2438c11ba437ce0c7a4c6e919355ea  mes5/x86_64/tshark-1.0.15-0.2mdvmes5.1.x86_64.rpm
 ef30b0a1dd50d2d7c6ac7675c5188c0b  mes5/x86_64/wireshark-1.0.15-0.2mdvmes5.1.x86_64.rpm
 0c2f49379d8cc212b55612f9716507db  mes5/x86_64/wireshark-tools-1.0.15-0.2mdvmes5.1.x86_64.rpm 
 15470206d4632a0ca26c1c8c4c54954b  mes5/SRPMS/wireshark-1.0.15-0.2mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD4DBQFMtajhmqjQ0CJFipgRAvAaAJUW6eyGO4pIywGTJsg1MLRXwSMIAJ4qnAUp
m1kKVUlRRH2sOhg9V3Z/Iw==
=S/af
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ