lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1T23VF-0005ng-B2@titan.mandriva.com>
Date: Thu, 16 Aug 2012 19:05:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2012:134 ] wireshark

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:134
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : August 16, 2012
 Affected: 2011.
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities was found and corrected in Wireshark:
 
 The DCP ETSI dissector could trigger a zero division (CVE-2012-4285).
 
 The MongoDB dissector could go into a large loop (CVE-2012-4287).
 
 The XTP dissector could go into an infinite loop (CVE-2012-4288).
 
 The AFP dissector could go into a large loop (CVE-2012-4289).
 
 The RTPS2 dissector could overflow a buffer (CVE-2012-4296).
 
 The GSM RLC MAC dissector could overflow a buffer (CVE-2012-4297).
 
 The CIP dissector could exhaust system memory (CVE-2012-4291).
 
 The STUN dissector could crash (CVE-2012-4292).
 
 The EtherCAT Mailbox dissector could abort (CVE-2012-4293).
 
 The CTDB dissector could go into a large loop (CVE-2012-4290).
 
 This advisory provides the latest version of Wireshark (1.6.10)
 which is not vulnerable to these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4285
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4288
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4289
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4296
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4297
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4291
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4292
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4293
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4290
 http://www.wireshark.org/security/wnpa-sec-2012-13.html
 http://www.wireshark.org/security/wnpa-sec-2012-14.html
 http://www.wireshark.org/security/wnpa-sec-2012-15.html
 http://www.wireshark.org/security/wnpa-sec-2012-17.html
 http://www.wireshark.org/security/wnpa-sec-2012-18.html
 http://www.wireshark.org/security/wnpa-sec-2012-19.html
 http://www.wireshark.org/security/wnpa-sec-2012-20.html
 http://www.wireshark.org/security/wnpa-sec-2012-21.html
 http://www.wireshark.org/security/wnpa-sec-2012-22.html
 http://www.wireshark.org/security/wnpa-sec-2012-23.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 7f9b50d728f3677d600e2b3c5cf9e143  2011/i586/dumpcap-1.6.10-0.1-mdv2011.0.i586.rpm
 41abd4e3174bc66135b63c3ce413cd8b  2011/i586/libwireshark1-1.6.10-0.1-mdv2011.0.i586.rpm
 a4bf1c8d7782a041943931e03b9ec697  2011/i586/libwireshark-devel-1.6.10-0.1-mdv2011.0.i586.rpm
 4dbd471403d5fa43f773d451026927f3  2011/i586/rawshark-1.6.10-0.1-mdv2011.0.i586.rpm
 df238ceb7fce4e998831115aba7cb198  2011/i586/tshark-1.6.10-0.1-mdv2011.0.i586.rpm
 15ee012ac6dcbc61c98e1e6cf9f81f33  2011/i586/wireshark-1.6.10-0.1-mdv2011.0.i586.rpm
 3eb9c08e21a8d18c8fe2053112244260  2011/i586/wireshark-tools-1.6.10-0.1-mdv2011.0.i586.rpm 
 47f4c354b2c73e325e99d1f699d9b8c8  2011/SRPMS/wireshark-1.6.10-0.1.src.rpm

 Mandriva Linux 2011/X86_64:
 0b3d330fc5721e9fe162d458aca0eb90  2011/x86_64/dumpcap-1.6.10-0.1-mdv2011.0.x86_64.rpm
 e2e642f3864a217f26d2f07ac0dc473a  2011/x86_64/lib64wireshark1-1.6.10-0.1-mdv2011.0.x86_64.rpm
 c73e6a0704ec32b2b10b2ec1dad3fa0b  2011/x86_64/lib64wireshark-devel-1.6.10-0.1-mdv2011.0.x86_64.rpm
 bdffe67b6ecf6a09035b74ba703def73  2011/x86_64/rawshark-1.6.10-0.1-mdv2011.0.x86_64.rpm
 9bedf4907301f42a94c7c9ab9114a9c2  2011/x86_64/tshark-1.6.10-0.1-mdv2011.0.x86_64.rpm
 9ea44005e04b88cbabe97d2ed75f2ed5  2011/x86_64/wireshark-1.6.10-0.1-mdv2011.0.x86_64.rpm
 506b0f9a80fdc7482b185c543669e331  2011/x86_64/wireshark-tools-1.6.10-0.1-mdv2011.0.x86_64.rpm 
 47f4c354b2c73e325e99d1f699d9b8c8  2011/SRPMS/wireshark-1.6.10-0.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQLP0OmqjQ0CJFipgRAredAJ4n4f77/AyckPrhKd4P5Tp5AVfLBACdGkrI
e6Lg3AKXEkL5++5eEhM1Q5M=
=TjA3
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ