lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PbxqC-0002Ba-N3@titan.mandriva.com>
Date: Sun, 09 Jan 2011 17:10:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:002 ] wireshark

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:002
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : January 9, 2011
 Affected: 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in wireshark:
 
 Buffer overflow in epan/dissectors/packet-enttec.c in Wireshark 1.4.2
 allows remote attackers to cause a denial of service (application
 crash) or possibly execute arbitrary code via a crafted ENTTEC DMX
 packet with Run Length Encoding (RLE) compression (CVE-2010-4538).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4538
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.0:
 bc733c08820aaeb869510853a936e81d  2010.0/i586/dumpcap-1.2.13-0.2mdv2010.0.i586.rpm
 543b842a25a76844958dc6b5822ab9b3  2010.0/i586/libwireshark0-1.2.13-0.2mdv2010.0.i586.rpm
 25e6ff6cb7d93ca52944ab784fe51adb  2010.0/i586/libwireshark-devel-1.2.13-0.2mdv2010.0.i586.rpm
 e8c5adc49461e7b476dcd15aa44279d2  2010.0/i586/rawshark-1.2.13-0.2mdv2010.0.i586.rpm
 7902aa25976038ed531c9bcf1086d80e  2010.0/i586/tshark-1.2.13-0.2mdv2010.0.i586.rpm
 6bddcddb514176b40bba076e3a87ecc5  2010.0/i586/wireshark-1.2.13-0.2mdv2010.0.i586.rpm
 f1da516d547368c4eb67267fcad9f13c  2010.0/i586/wireshark-tools-1.2.13-0.2mdv2010.0.i586.rpm 
 d48996cd65bf829feac3b1be9437b9b2  2010.0/SRPMS/wireshark-1.2.13-0.2mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 fd74949f67e63a6541aab106f1da36a2  2010.0/x86_64/dumpcap-1.2.13-0.2mdv2010.0.x86_64.rpm
 d2c293bfb7a7e684421d223a93fd0a2a  2010.0/x86_64/lib64wireshark0-1.2.13-0.2mdv2010.0.x86_64.rpm
 fed557a7f9e380a34aa27e2c3866107e  2010.0/x86_64/lib64wireshark-devel-1.2.13-0.2mdv2010.0.x86_64.rpm
 f4e013762264086f2977d80a029e622c  2010.0/x86_64/rawshark-1.2.13-0.2mdv2010.0.x86_64.rpm
 574d2ae0ea7cc03acb1ef6fdf128a9c8  2010.0/x86_64/tshark-1.2.13-0.2mdv2010.0.x86_64.rpm
 0094e85af23bca41f9197883a3749c11  2010.0/x86_64/wireshark-1.2.13-0.2mdv2010.0.x86_64.rpm
 fdb2ce454bca05a9c011a4a346c7990e  2010.0/x86_64/wireshark-tools-1.2.13-0.2mdv2010.0.x86_64.rpm 
 d48996cd65bf829feac3b1be9437b9b2  2010.0/SRPMS/wireshark-1.2.13-0.2mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 4f783c8013eb197511fa44656892c360  2010.1/i586/dumpcap-1.2.13-0.2mdv2010.2.i586.rpm
 b595251355981467e57eaac04705e10f  2010.1/i586/libwireshark0-1.2.13-0.2mdv2010.2.i586.rpm
 0c126e731081d74be5da085039335b41  2010.1/i586/libwireshark-devel-1.2.13-0.2mdv2010.2.i586.rpm
 45d3877083d9ba4a8a31a46502b19a11  2010.1/i586/rawshark-1.2.13-0.2mdv2010.2.i586.rpm
 9af903c5c52f6ee2e5a7b49f46d38d36  2010.1/i586/tshark-1.2.13-0.2mdv2010.2.i586.rpm
 0af932c596158318e76356a8a64a60f5  2010.1/i586/wireshark-1.2.13-0.2mdv2010.2.i586.rpm
 20e3fa7c0053d16d4dded7175072aff7  2010.1/i586/wireshark-tools-1.2.13-0.2mdv2010.2.i586.rpm 
 fa7daaebdc834c6533b629869089360e  2010.1/SRPMS/wireshark-1.2.13-0.2mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 9a4befad02a67bbc57600ec789449b93  2010.1/x86_64/dumpcap-1.2.13-0.2mdv2010.2.x86_64.rpm
 66b07a62a38dceba28c5f88be7d76a4f  2010.1/x86_64/lib64wireshark0-1.2.13-0.2mdv2010.2.x86_64.rpm
 33b1458860858b102f92ae7a9645b71b  2010.1/x86_64/lib64wireshark-devel-1.2.13-0.2mdv2010.2.x86_64.rpm
 7dc782b29b48eb4954454faa51b304b8  2010.1/x86_64/rawshark-1.2.13-0.2mdv2010.2.x86_64.rpm
 80b0ba9340e85b7c6cd3ffb44235fc2a  2010.1/x86_64/tshark-1.2.13-0.2mdv2010.2.x86_64.rpm
 b79ac38efc78fff5b4b216b0082cb024  2010.1/x86_64/wireshark-1.2.13-0.2mdv2010.2.x86_64.rpm
 fa577a69f960dc1adee521b5b0d2edc6  2010.1/x86_64/wireshark-tools-1.2.13-0.2mdv2010.2.x86_64.rpm 
 fa7daaebdc834c6533b629869089360e  2010.1/SRPMS/wireshark-1.2.13-0.2mdv2010.2.src.rpm

 Corporate 4.0:
 cf1b0c56540fc63be852b7b9e81b8248  corporate/4.0/i586/dumpcap-1.0.15-0.3.20060mlcs4.i586.rpm
 b37f8b1d82a325de0eee152f575d91e5  corporate/4.0/i586/libwireshark0-1.0.15-0.3.20060mlcs4.i586.rpm
 04c10931d30614fd79b8b729d6eddf8a  corporate/4.0/i586/libwireshark-devel-1.0.15-0.3.20060mlcs4.i586.rpm
 eb947b7787649e06fece4ddd2ce46f46  corporate/4.0/i586/rawshark-1.0.15-0.3.20060mlcs4.i586.rpm
 2ae0cda63c643b39a94bb39d24c4eae9  corporate/4.0/i586/tshark-1.0.15-0.3.20060mlcs4.i586.rpm
 e5f6df03fd7b73a10c247fd7d4a2469d  corporate/4.0/i586/wireshark-1.0.15-0.3.20060mlcs4.i586.rpm
 9bbeab7bf3131c4a92773967dfe2f79d  corporate/4.0/i586/wireshark-tools-1.0.15-0.3.20060mlcs4.i586.rpm 
 ab6808d1bd5805c5827203eeb1f59cb7  corporate/4.0/SRPMS/wireshark-1.0.15-0.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 7026144a75428a773a1a5ba5ee8c9c77  corporate/4.0/x86_64/dumpcap-1.0.15-0.3.20060mlcs4.x86_64.rpm
 b9bff7450139f13d4edfd7abec34a5d5  corporate/4.0/x86_64/lib64wireshark0-1.0.15-0.3.20060mlcs4.x86_64.rpm
 81637e330c64e3278cc3b3b08e98c51f  corporate/4.0/x86_64/lib64wireshark-devel-1.0.15-0.3.20060mlcs4.x86_64.rpm
 c49228f3107c7b1754ce67e3183bce6e  corporate/4.0/x86_64/rawshark-1.0.15-0.3.20060mlcs4.x86_64.rpm
 417fdae547f7dc97f219c29e47668690  corporate/4.0/x86_64/tshark-1.0.15-0.3.20060mlcs4.x86_64.rpm
 e6894c9c8eb0efd2716ce1b3bf819cd5  corporate/4.0/x86_64/wireshark-1.0.15-0.3.20060mlcs4.x86_64.rpm
 2211a4bafe98474c3e9b4cc5aa3723fa  corporate/4.0/x86_64/wireshark-tools-1.0.15-0.3.20060mlcs4.x86_64.rpm 
 ab6808d1bd5805c5827203eeb1f59cb7  corporate/4.0/SRPMS/wireshark-1.0.15-0.3.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 04a3d0056a82dbf60e2747fe92647362  mes5/i586/dumpcap-1.0.15-0.3mdvmes5.1.i586.rpm
 73cfae8f517c3b1052b7c29805fbfca2  mes5/i586/libwireshark0-1.0.15-0.3mdvmes5.1.i586.rpm
 7eb488244e7fb087381a19c23cbc805a  mes5/i586/libwireshark-devel-1.0.15-0.3mdvmes5.1.i586.rpm
 4e0dd1386498c875554478cd28055d67  mes5/i586/rawshark-1.0.15-0.3mdvmes5.1.i586.rpm
 3aa9c6a7cafaebc2fc82a9bfdacb1d77  mes5/i586/tshark-1.0.15-0.3mdvmes5.1.i586.rpm
 4af09e5e080a803568c8ebecce9625e4  mes5/i586/wireshark-1.0.15-0.3mdvmes5.1.i586.rpm
 8a48d8b50db85c6f1d7ac70b0c9735b0  mes5/i586/wireshark-tools-1.0.15-0.3mdvmes5.1.i586.rpm 
 27c89a4787c3d44cdf33411baf316a2d  mes5/SRPMS/wireshark-1.0.15-0.3mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 e49bb9b67a68687f09b632950a9b5622  mes5/x86_64/dumpcap-1.0.15-0.3mdvmes5.1.x86_64.rpm
 f1050a9a9bd95b3f751aedaf78e613f4  mes5/x86_64/lib64wireshark0-1.0.15-0.3mdvmes5.1.x86_64.rpm
 f98e3ba015b1268296d86442939b0539  mes5/x86_64/lib64wireshark-devel-1.0.15-0.3mdvmes5.1.x86_64.rpm
 3a48f9623b86a873be763fe2fe17bf4c  mes5/x86_64/rawshark-1.0.15-0.3mdvmes5.1.x86_64.rpm
 62173e976799c3d64673e1225f966fae  mes5/x86_64/tshark-1.0.15-0.3mdvmes5.1.x86_64.rpm
 4a4d588321dc793d02e28f04b2585bc6  mes5/x86_64/wireshark-1.0.15-0.3mdvmes5.1.x86_64.rpm
 030dbec9dbecc8223e046c588c29b65c  mes5/x86_64/wireshark-tools-1.0.15-0.3mdvmes5.1.x86_64.rpm 
 27c89a4787c3d44cdf33411baf316a2d  mes5/SRPMS/wireshark-1.0.15-0.3mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNKa8/mqjQ0CJFipgRAriMAJ94nGyssh4RG2rrRU8L+gjEeBwKtQCg6F/L
8pq9ULLdvxbSY9FvCRdaJos=
=fLsc
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ