[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1P63iK-0001MK-SE@titan.mandriva.com>
Date: Wed, 13 Oct 2010 17:58:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:200 ] wireshark
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:200
http://www.mandriva.com/security/
_______________________________________________________________________
Package : wireshark
Date : October 13, 2010
Affected: 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
It was discovered that the ASN.1 BER dissector in wireshark was
susceptible to a stack overflow (CVE-2010-3445).
For 2010.0 and 2010.1 wireshark was upgraded to v1.2.12 which is not
vulnerable to this issue and was patched for CS4 and MES5 to resolve
the vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5230
http://www.wireshark.org/security/wnpa-sec-2010-11.html
http://www.wireshark.org/security/wnpa-sec-2010-12.html
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.0:
f40ac2df7d649771ca4436997815ff7d 2010.0/i586/dumpcap-1.2.12-0.1mdv2010.0.i586.rpm
6b1ff44460cb8c2d13fe79a7727a7576 2010.0/i586/libwireshark0-1.2.12-0.1mdv2010.0.i586.rpm
f1b70e6241c58b97fcaeb694801e939b 2010.0/i586/libwireshark-devel-1.2.12-0.1mdv2010.0.i586.rpm
cd3df61a371dd1deccf8fd8fbca80aa7 2010.0/i586/rawshark-1.2.12-0.1mdv2010.0.i586.rpm
960c3289f6e2185517161d9223476d97 2010.0/i586/tshark-1.2.12-0.1mdv2010.0.i586.rpm
e46825ba00c144e3f4de545a7996c9ca 2010.0/i586/wireshark-1.2.12-0.1mdv2010.0.i586.rpm
3c30f330037371e1d9f5abbe393e2950 2010.0/i586/wireshark-tools-1.2.12-0.1mdv2010.0.i586.rpm
c872e89346410766c482dbf846883e3c 2010.0/SRPMS/wireshark-1.2.12-0.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
92be514a497b7463a322d846e6b7e9f6 2010.0/x86_64/dumpcap-1.2.12-0.1mdv2010.0.x86_64.rpm
90c09a2441ab754559cbd8ac8aff112c 2010.0/x86_64/lib64wireshark0-1.2.12-0.1mdv2010.0.x86_64.rpm
779e8575d192294604fa65970edc5279 2010.0/x86_64/lib64wireshark-devel-1.2.12-0.1mdv2010.0.x86_64.rpm
c7e58ccd2579d611b0cc30aeec55499f 2010.0/x86_64/rawshark-1.2.12-0.1mdv2010.0.x86_64.rpm
5588757ab177b0992f0cef2a169fd922 2010.0/x86_64/tshark-1.2.12-0.1mdv2010.0.x86_64.rpm
a5c953819a8ecbade91aa69a6a9ebf36 2010.0/x86_64/wireshark-1.2.12-0.1mdv2010.0.x86_64.rpm
b2a51e06e507aab3af42db5bde28e6ea 2010.0/x86_64/wireshark-tools-1.2.12-0.1mdv2010.0.x86_64.rpm
c872e89346410766c482dbf846883e3c 2010.0/SRPMS/wireshark-1.2.12-0.1mdv2010.0.src.rpm
Mandriva Linux 2010.1:
5c62d199b162f3234aa1b6bcd1b762a2 2010.1/i586/dumpcap-1.2.12-0.1mdv2010.1.i586.rpm
f471133514b535a05e3ff34f6d143249 2010.1/i586/libwireshark0-1.2.12-0.1mdv2010.1.i586.rpm
a9a220bbe0b0f00cb3fd4346f3840e4d 2010.1/i586/libwireshark-devel-1.2.12-0.1mdv2010.1.i586.rpm
21029c832b5e55cc7b1a560d1c94d364 2010.1/i586/rawshark-1.2.12-0.1mdv2010.1.i586.rpm
f6669ac7083215d23bdaf60c3bff67c2 2010.1/i586/tshark-1.2.12-0.1mdv2010.1.i586.rpm
3e81b5bcf9921fac5ac5c1faee72dd59 2010.1/i586/wireshark-1.2.12-0.1mdv2010.1.i586.rpm
a7290eb217dd4b33b309ef6012d6495a 2010.1/i586/wireshark-tools-1.2.12-0.1mdv2010.1.i586.rpm
a163debb57786ad7e057be1adbc42dc6 2010.1/SRPMS/wireshark-1.2.12-0.1mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64:
7404e0d17a12cae4bc0eab808b4c7910 2010.1/x86_64/dumpcap-1.2.12-0.1mdv2010.1.x86_64.rpm
4a11c3b558b22da2a4992f316e172b76 2010.1/x86_64/lib64wireshark0-1.2.12-0.1mdv2010.1.x86_64.rpm
fd8be9700208d2de0deb68b4c52dbf29 2010.1/x86_64/lib64wireshark-devel-1.2.12-0.1mdv2010.1.x86_64.rpm
5c55ed9782c1c621bd6fbbc26d4e5a4f 2010.1/x86_64/rawshark-1.2.12-0.1mdv2010.1.x86_64.rpm
b03b323ea0bca097af95a375b644f0db 2010.1/x86_64/tshark-1.2.12-0.1mdv2010.1.x86_64.rpm
ac8a98fba0778c3b6e605dc56d685137 2010.1/x86_64/wireshark-1.2.12-0.1mdv2010.1.x86_64.rpm
0441430e34ea5dad2fe88367c2d49a4f 2010.1/x86_64/wireshark-tools-1.2.12-0.1mdv2010.1.x86_64.rpm
a163debb57786ad7e057be1adbc42dc6 2010.1/SRPMS/wireshark-1.2.12-0.1mdv2010.1.src.rpm
Corporate 4.0:
a1587f7fd3ad986b4c77b4fefc7cffe4 corporate/4.0/i586/dumpcap-1.0.15-0.2.20060mlcs4.i586.rpm
b549bc8586bec1a9d39a52c483086a74 corporate/4.0/i586/libwireshark0-1.0.15-0.2.20060mlcs4.i586.rpm
ad5189043e06c0ca244dadbef04713ae corporate/4.0/i586/libwireshark-devel-1.0.15-0.2.20060mlcs4.i586.rpm
12271d314116cbbcae2752103e2c2833 corporate/4.0/i586/rawshark-1.0.15-0.2.20060mlcs4.i586.rpm
902578159f4ac5e1c6cb46b694abfbd6 corporate/4.0/i586/tshark-1.0.15-0.2.20060mlcs4.i586.rpm
4ec8f9b9d98406b4b66058d187449447 corporate/4.0/i586/wireshark-1.0.15-0.2.20060mlcs4.i586.rpm
457d599fcff364ff83f781536319bde0 corporate/4.0/i586/wireshark-tools-1.0.15-0.2.20060mlcs4.i586.rpm
237f35e28dde484145ea6818d3bdeb35 corporate/4.0/SRPMS/wireshark-1.0.15-0.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
d5ee916cf712de37c061b90dc428595b corporate/4.0/x86_64/dumpcap-1.0.15-0.2.20060mlcs4.x86_64.rpm
a78bdeb3a412fe624afbf370faa63ca2 corporate/4.0/x86_64/lib64wireshark0-1.0.15-0.2.20060mlcs4.x86_64.rpm
439edea75eb61a18236839c051927726 corporate/4.0/x86_64/lib64wireshark-devel-1.0.15-0.2.20060mlcs4.x86_64.rpm
933730b1bf446d96681e03bb7e8b77a9 corporate/4.0/x86_64/rawshark-1.0.15-0.2.20060mlcs4.x86_64.rpm
cb576f13d3fe98af597c1174db94680e corporate/4.0/x86_64/tshark-1.0.15-0.2.20060mlcs4.x86_64.rpm
0dadd636756c86be73272a3e52eeb2b0 corporate/4.0/x86_64/wireshark-1.0.15-0.2.20060mlcs4.x86_64.rpm
f166b39458ace00ab82b0bc3cb26d0d8 corporate/4.0/x86_64/wireshark-tools-1.0.15-0.2.20060mlcs4.x86_64.rpm
237f35e28dde484145ea6818d3bdeb35 corporate/4.0/SRPMS/wireshark-1.0.15-0.2.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
36fc3359d0837a4e99ddaa39c08fac14 mes5/i586/dumpcap-1.0.15-0.2mdvmes5.1.i586.rpm
a7e80b330d95ce5a882d5b4cc3b9daa0 mes5/i586/libwireshark0-1.0.15-0.2mdvmes5.1.i586.rpm
e91f395a7e1bf38997a5e7346129eca9 mes5/i586/libwireshark-devel-1.0.15-0.2mdvmes5.1.i586.rpm
676221c2b1db8c1ea855adc6b6c2cdcd mes5/i586/rawshark-1.0.15-0.2mdvmes5.1.i586.rpm
6aa18b2c65a37449ee1b55f76b06c7b0 mes5/i586/tshark-1.0.15-0.2mdvmes5.1.i586.rpm
e5c00d579270c2b83fdd0a4c0ab2dd41 mes5/i586/wireshark-1.0.15-0.2mdvmes5.1.i586.rpm
26961535b9defa4cee65c2687772672d mes5/i586/wireshark-tools-1.0.15-0.2mdvmes5.1.i586.rpm
15470206d4632a0ca26c1c8c4c54954b mes5/SRPMS/wireshark-1.0.15-0.2mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
df38c30fed1ff3a5c4a53b7c27112bd5 mes5/x86_64/dumpcap-1.0.15-0.2mdvmes5.1.x86_64.rpm
69e44cc6333a09c87a79dba552615be6 mes5/x86_64/lib64wireshark0-1.0.15-0.2mdvmes5.1.x86_64.rpm
0f27ccfdac100c5761fb88528b3344a1 mes5/x86_64/lib64wireshark-devel-1.0.15-0.2mdvmes5.1.x86_64.rpm
bd895bd6785072eb2773cadde01ea7ad mes5/x86_64/rawshark-1.0.15-0.2mdvmes5.1.x86_64.rpm
9a2438c11ba437ce0c7a4c6e919355ea mes5/x86_64/tshark-1.0.15-0.2mdvmes5.1.x86_64.rpm
ef30b0a1dd50d2d7c6ac7675c5188c0b mes5/x86_64/wireshark-1.0.15-0.2mdvmes5.1.x86_64.rpm
0c2f49379d8cc212b55612f9716507db mes5/x86_64/wireshark-tools-1.0.15-0.2mdvmes5.1.x86_64.rpm
15470206d4632a0ca26c1c8c4c54954b mes5/SRPMS/wireshark-1.0.15-0.2mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD4DBQFMtajhmqjQ0CJFipgRAvAaAJUW6eyGO4pIywGTJsg1MLRXwSMIAJ4qnAUp
m1kKVUlRRH2sOhg9V3Z/Iw==
=S/af
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists