[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PbxqC-0002Ba-N3@titan.mandriva.com>
Date: Sun, 09 Jan 2011 17:10:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:002 ] wireshark
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:002
http://www.mandriva.com/security/
_______________________________________________________________________
Package : wireshark
Date : January 9, 2011
Affected: 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in wireshark:
Buffer overflow in epan/dissectors/packet-enttec.c in Wireshark 1.4.2
allows remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a crafted ENTTEC DMX
packet with Run Length Encoding (RLE) compression (CVE-2010-4538).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4538
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.0:
bc733c08820aaeb869510853a936e81d 2010.0/i586/dumpcap-1.2.13-0.2mdv2010.0.i586.rpm
543b842a25a76844958dc6b5822ab9b3 2010.0/i586/libwireshark0-1.2.13-0.2mdv2010.0.i586.rpm
25e6ff6cb7d93ca52944ab784fe51adb 2010.0/i586/libwireshark-devel-1.2.13-0.2mdv2010.0.i586.rpm
e8c5adc49461e7b476dcd15aa44279d2 2010.0/i586/rawshark-1.2.13-0.2mdv2010.0.i586.rpm
7902aa25976038ed531c9bcf1086d80e 2010.0/i586/tshark-1.2.13-0.2mdv2010.0.i586.rpm
6bddcddb514176b40bba076e3a87ecc5 2010.0/i586/wireshark-1.2.13-0.2mdv2010.0.i586.rpm
f1da516d547368c4eb67267fcad9f13c 2010.0/i586/wireshark-tools-1.2.13-0.2mdv2010.0.i586.rpm
d48996cd65bf829feac3b1be9437b9b2 2010.0/SRPMS/wireshark-1.2.13-0.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
fd74949f67e63a6541aab106f1da36a2 2010.0/x86_64/dumpcap-1.2.13-0.2mdv2010.0.x86_64.rpm
d2c293bfb7a7e684421d223a93fd0a2a 2010.0/x86_64/lib64wireshark0-1.2.13-0.2mdv2010.0.x86_64.rpm
fed557a7f9e380a34aa27e2c3866107e 2010.0/x86_64/lib64wireshark-devel-1.2.13-0.2mdv2010.0.x86_64.rpm
f4e013762264086f2977d80a029e622c 2010.0/x86_64/rawshark-1.2.13-0.2mdv2010.0.x86_64.rpm
574d2ae0ea7cc03acb1ef6fdf128a9c8 2010.0/x86_64/tshark-1.2.13-0.2mdv2010.0.x86_64.rpm
0094e85af23bca41f9197883a3749c11 2010.0/x86_64/wireshark-1.2.13-0.2mdv2010.0.x86_64.rpm
fdb2ce454bca05a9c011a4a346c7990e 2010.0/x86_64/wireshark-tools-1.2.13-0.2mdv2010.0.x86_64.rpm
d48996cd65bf829feac3b1be9437b9b2 2010.0/SRPMS/wireshark-1.2.13-0.2mdv2010.0.src.rpm
Mandriva Linux 2010.1:
4f783c8013eb197511fa44656892c360 2010.1/i586/dumpcap-1.2.13-0.2mdv2010.2.i586.rpm
b595251355981467e57eaac04705e10f 2010.1/i586/libwireshark0-1.2.13-0.2mdv2010.2.i586.rpm
0c126e731081d74be5da085039335b41 2010.1/i586/libwireshark-devel-1.2.13-0.2mdv2010.2.i586.rpm
45d3877083d9ba4a8a31a46502b19a11 2010.1/i586/rawshark-1.2.13-0.2mdv2010.2.i586.rpm
9af903c5c52f6ee2e5a7b49f46d38d36 2010.1/i586/tshark-1.2.13-0.2mdv2010.2.i586.rpm
0af932c596158318e76356a8a64a60f5 2010.1/i586/wireshark-1.2.13-0.2mdv2010.2.i586.rpm
20e3fa7c0053d16d4dded7175072aff7 2010.1/i586/wireshark-tools-1.2.13-0.2mdv2010.2.i586.rpm
fa7daaebdc834c6533b629869089360e 2010.1/SRPMS/wireshark-1.2.13-0.2mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
9a4befad02a67bbc57600ec789449b93 2010.1/x86_64/dumpcap-1.2.13-0.2mdv2010.2.x86_64.rpm
66b07a62a38dceba28c5f88be7d76a4f 2010.1/x86_64/lib64wireshark0-1.2.13-0.2mdv2010.2.x86_64.rpm
33b1458860858b102f92ae7a9645b71b 2010.1/x86_64/lib64wireshark-devel-1.2.13-0.2mdv2010.2.x86_64.rpm
7dc782b29b48eb4954454faa51b304b8 2010.1/x86_64/rawshark-1.2.13-0.2mdv2010.2.x86_64.rpm
80b0ba9340e85b7c6cd3ffb44235fc2a 2010.1/x86_64/tshark-1.2.13-0.2mdv2010.2.x86_64.rpm
b79ac38efc78fff5b4b216b0082cb024 2010.1/x86_64/wireshark-1.2.13-0.2mdv2010.2.x86_64.rpm
fa577a69f960dc1adee521b5b0d2edc6 2010.1/x86_64/wireshark-tools-1.2.13-0.2mdv2010.2.x86_64.rpm
fa7daaebdc834c6533b629869089360e 2010.1/SRPMS/wireshark-1.2.13-0.2mdv2010.2.src.rpm
Corporate 4.0:
cf1b0c56540fc63be852b7b9e81b8248 corporate/4.0/i586/dumpcap-1.0.15-0.3.20060mlcs4.i586.rpm
b37f8b1d82a325de0eee152f575d91e5 corporate/4.0/i586/libwireshark0-1.0.15-0.3.20060mlcs4.i586.rpm
04c10931d30614fd79b8b729d6eddf8a corporate/4.0/i586/libwireshark-devel-1.0.15-0.3.20060mlcs4.i586.rpm
eb947b7787649e06fece4ddd2ce46f46 corporate/4.0/i586/rawshark-1.0.15-0.3.20060mlcs4.i586.rpm
2ae0cda63c643b39a94bb39d24c4eae9 corporate/4.0/i586/tshark-1.0.15-0.3.20060mlcs4.i586.rpm
e5f6df03fd7b73a10c247fd7d4a2469d corporate/4.0/i586/wireshark-1.0.15-0.3.20060mlcs4.i586.rpm
9bbeab7bf3131c4a92773967dfe2f79d corporate/4.0/i586/wireshark-tools-1.0.15-0.3.20060mlcs4.i586.rpm
ab6808d1bd5805c5827203eeb1f59cb7 corporate/4.0/SRPMS/wireshark-1.0.15-0.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
7026144a75428a773a1a5ba5ee8c9c77 corporate/4.0/x86_64/dumpcap-1.0.15-0.3.20060mlcs4.x86_64.rpm
b9bff7450139f13d4edfd7abec34a5d5 corporate/4.0/x86_64/lib64wireshark0-1.0.15-0.3.20060mlcs4.x86_64.rpm
81637e330c64e3278cc3b3b08e98c51f corporate/4.0/x86_64/lib64wireshark-devel-1.0.15-0.3.20060mlcs4.x86_64.rpm
c49228f3107c7b1754ce67e3183bce6e corporate/4.0/x86_64/rawshark-1.0.15-0.3.20060mlcs4.x86_64.rpm
417fdae547f7dc97f219c29e47668690 corporate/4.0/x86_64/tshark-1.0.15-0.3.20060mlcs4.x86_64.rpm
e6894c9c8eb0efd2716ce1b3bf819cd5 corporate/4.0/x86_64/wireshark-1.0.15-0.3.20060mlcs4.x86_64.rpm
2211a4bafe98474c3e9b4cc5aa3723fa corporate/4.0/x86_64/wireshark-tools-1.0.15-0.3.20060mlcs4.x86_64.rpm
ab6808d1bd5805c5827203eeb1f59cb7 corporate/4.0/SRPMS/wireshark-1.0.15-0.3.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
04a3d0056a82dbf60e2747fe92647362 mes5/i586/dumpcap-1.0.15-0.3mdvmes5.1.i586.rpm
73cfae8f517c3b1052b7c29805fbfca2 mes5/i586/libwireshark0-1.0.15-0.3mdvmes5.1.i586.rpm
7eb488244e7fb087381a19c23cbc805a mes5/i586/libwireshark-devel-1.0.15-0.3mdvmes5.1.i586.rpm
4e0dd1386498c875554478cd28055d67 mes5/i586/rawshark-1.0.15-0.3mdvmes5.1.i586.rpm
3aa9c6a7cafaebc2fc82a9bfdacb1d77 mes5/i586/tshark-1.0.15-0.3mdvmes5.1.i586.rpm
4af09e5e080a803568c8ebecce9625e4 mes5/i586/wireshark-1.0.15-0.3mdvmes5.1.i586.rpm
8a48d8b50db85c6f1d7ac70b0c9735b0 mes5/i586/wireshark-tools-1.0.15-0.3mdvmes5.1.i586.rpm
27c89a4787c3d44cdf33411baf316a2d mes5/SRPMS/wireshark-1.0.15-0.3mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
e49bb9b67a68687f09b632950a9b5622 mes5/x86_64/dumpcap-1.0.15-0.3mdvmes5.1.x86_64.rpm
f1050a9a9bd95b3f751aedaf78e613f4 mes5/x86_64/lib64wireshark0-1.0.15-0.3mdvmes5.1.x86_64.rpm
f98e3ba015b1268296d86442939b0539 mes5/x86_64/lib64wireshark-devel-1.0.15-0.3mdvmes5.1.x86_64.rpm
3a48f9623b86a873be763fe2fe17bf4c mes5/x86_64/rawshark-1.0.15-0.3mdvmes5.1.x86_64.rpm
62173e976799c3d64673e1225f966fae mes5/x86_64/tshark-1.0.15-0.3mdvmes5.1.x86_64.rpm
4a4d588321dc793d02e28f04b2585bc6 mes5/x86_64/wireshark-1.0.15-0.3mdvmes5.1.x86_64.rpm
030dbec9dbecc8223e046c588c29b65c mes5/x86_64/wireshark-tools-1.0.15-0.3mdvmes5.1.x86_64.rpm
27c89a4787c3d44cdf33411baf316a2d mes5/SRPMS/wireshark-1.0.15-0.3mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNKa8/mqjQ0CJFipgRAriMAJ94nGyssh4RG2rrRU8L+gjEeBwKtQCg6F/L
8pq9ULLdvxbSY9FvCRdaJos=
=fLsc
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists