lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Pdlua-0007vA-Gd@titan.mandriva.com>
Date: Fri, 14 Jan 2011 16:50:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:007 ] wireshark

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:007
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : January 14, 2011
 Affected: 2010.0, 2010.1
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in wireshark:
 
 Buffer overflow in the MAC-LTE dissector
 (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13
 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial
 of service (crash) and possibly execute arbitrary code via a large
 number of RARs (CVE-2011-0444).
 
 The updated packages have been upgraded to the latest version (1.2.14)
 which is not affected by this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0444
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.0:
 3a2f0ae73575edebf59af5cd0a990d5e  2010.0/i586/dumpcap-1.2.14-0.1mdv2010.0.i586.rpm
 5a1cac2e193ac88f79bcf2ed17325f49  2010.0/i586/libwireshark0-1.2.14-0.1mdv2010.0.i586.rpm
 08fd6b3b4bbad72921a242e94ecd0763  2010.0/i586/libwireshark-devel-1.2.14-0.1mdv2010.0.i586.rpm
 704293ddee33f12d3e2780d9c5f70eaa  2010.0/i586/rawshark-1.2.14-0.1mdv2010.0.i586.rpm
 9b4bb13cf3adfe6c6b9b4ec5a71bb747  2010.0/i586/tshark-1.2.14-0.1mdv2010.0.i586.rpm
 4304f98c8600d4a75b46557191c59d5c  2010.0/i586/wireshark-1.2.14-0.1mdv2010.0.i586.rpm
 b8be2c40e9b35ca5687be8bdf5cbc92e  2010.0/i586/wireshark-tools-1.2.14-0.1mdv2010.0.i586.rpm 
 0d6a391360c69ad056e53611b40cd791  2010.0/SRPMS/wireshark-1.2.14-0.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 2a81db424d352797b438b4501bc5b141  2010.0/x86_64/dumpcap-1.2.14-0.1mdv2010.0.x86_64.rpm
 cca932a82dc554d0534f0f02b2ccf8e3  2010.0/x86_64/lib64wireshark0-1.2.14-0.1mdv2010.0.x86_64.rpm
 ccdf660e37dcbed9256bf0be74495781  2010.0/x86_64/lib64wireshark-devel-1.2.14-0.1mdv2010.0.x86_64.rpm
 ccf5ba5f67ab88c7fe8c6db8ae43526a  2010.0/x86_64/rawshark-1.2.14-0.1mdv2010.0.x86_64.rpm
 0798e4c09151a21a7a33146cf146306e  2010.0/x86_64/tshark-1.2.14-0.1mdv2010.0.x86_64.rpm
 eb40a51beb7e55f81dd8ad0ee21bd5ef  2010.0/x86_64/wireshark-1.2.14-0.1mdv2010.0.x86_64.rpm
 0d770ab861c52d43a7ae422a65ac53ef  2010.0/x86_64/wireshark-tools-1.2.14-0.1mdv2010.0.x86_64.rpm 
 0d6a391360c69ad056e53611b40cd791  2010.0/SRPMS/wireshark-1.2.14-0.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 7de8db5688b998288ab369481eca35c0  2010.1/i586/dumpcap-1.2.14-0.1mdv2010.2.i586.rpm
 22a29bec1152910d35e35637fabb0f5c  2010.1/i586/libwireshark0-1.2.14-0.1mdv2010.2.i586.rpm
 06fa495e77df6be1e21371c1d4a315d2  2010.1/i586/libwireshark-devel-1.2.14-0.1mdv2010.2.i586.rpm
 53b3e0c48b0ab71dfc79984dce5bb358  2010.1/i586/rawshark-1.2.14-0.1mdv2010.2.i586.rpm
 90efaca0d453f9a78b1afe3e95ef98c1  2010.1/i586/tshark-1.2.14-0.1mdv2010.2.i586.rpm
 c44df29a8b5b47ad02bd3ff673686e86  2010.1/i586/wireshark-1.2.14-0.1mdv2010.2.i586.rpm
 de8b12c12a02924da1297d4c79de9309  2010.1/i586/wireshark-tools-1.2.14-0.1mdv2010.2.i586.rpm 
 31b07947f65c4e3c2bfbb8bcb415d6b5  2010.1/SRPMS/wireshark-1.2.14-0.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 ea65c3b7951494a52747af3d8f699810  2010.1/x86_64/dumpcap-1.2.14-0.1mdv2010.2.x86_64.rpm
 fa83276f456b101e30078ff25f352148  2010.1/x86_64/lib64wireshark0-1.2.14-0.1mdv2010.2.x86_64.rpm
 51467848acf4bfd385cdd82b5d8e7f9f  2010.1/x86_64/lib64wireshark-devel-1.2.14-0.1mdv2010.2.x86_64.rpm
 e19576e3fb9e9bff0b88697bf8d66a57  2010.1/x86_64/rawshark-1.2.14-0.1mdv2010.2.x86_64.rpm
 1c7064af60034bb8574c54e8ea23bab4  2010.1/x86_64/tshark-1.2.14-0.1mdv2010.2.x86_64.rpm
 b6e97be88b31556a8ad0ce1365723a82  2010.1/x86_64/wireshark-1.2.14-0.1mdv2010.2.x86_64.rpm
 b28c4a799e75bfdd3d3fd9995cbd2150  2010.1/x86_64/wireshark-tools-1.2.14-0.1mdv2010.2.x86_64.rpm 
 31b07947f65c4e3c2bfbb8bcb415d6b5  2010.1/SRPMS/wireshark-1.2.14-0.1mdv2010.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNMEQymqjQ0CJFipgRAixrAKCRK+4bTIfUcUHICrmvBcXzu4SDFwCeOuK3
iNg1P9keaBpfxZ8hperQtUc=
=CY2n
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ