| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 Aug 2012 19:05:00 +0200 From: security@...driva.com To: full-disclosure@...ts.grok.org.uk Subject: [ MDVSA-2012:134 ] wireshark -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:134 http://www.mandriva.com/security/ _______________________________________________________________________ Package : wireshark Date : August 16, 2012 Affected: 2011. _______________________________________________________________________ Problem Description: Multiple vulnerabilities was found and corrected in Wireshark: The DCP ETSI dissector could trigger a zero division (CVE-2012-4285). The MongoDB dissector could go into a large loop (CVE-2012-4287). The XTP dissector could go into an infinite loop (CVE-2012-4288). The AFP dissector could go into a large loop (CVE-2012-4289). The RTPS2 dissector could overflow a buffer (CVE-2012-4296). The GSM RLC MAC dissector could overflow a buffer (CVE-2012-4297). The CIP dissector could exhaust system memory (CVE-2012-4291). The STUN dissector could crash (CVE-2012-4292). The EtherCAT Mailbox dissector could abort (CVE-2012-4293). The CTDB dissector could go into a large loop (CVE-2012-4290). This advisory provides the latest version of Wireshark (1.6.10) which is not vulnerable to these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4285 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4296 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4291 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4292 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4290 http://www.wireshark.org/security/wnpa-sec-2012-13.html http://www.wireshark.org/security/wnpa-sec-2012-14.html http://www.wireshark.org/security/wnpa-sec-2012-15.html http://www.wireshark.org/security/wnpa-sec-2012-17.html http://www.wireshark.org/security/wnpa-sec-2012-18.html http://www.wireshark.org/security/wnpa-sec-2012-19.html http://www.wireshark.org/security/wnpa-sec-2012-20.html http://www.wireshark.org/security/wnpa-sec-2012-21.html http://www.wireshark.org/security/wnpa-sec-2012-22.html http://www.wireshark.org/security/wnpa-sec-2012-23.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2011: 7f9b50d728f3677d600e2b3c5cf9e143 2011/i586/dumpcap-1.6.10-0.1-mdv2011.0.i586.rpm 41abd4e3174bc66135b63c3ce413cd8b 2011/i586/libwireshark1-1.6.10-0.1-mdv2011.0.i586.rpm a4bf1c8d7782a041943931e03b9ec697 2011/i586/libwireshark-devel-1.6.10-0.1-mdv2011.0.i586.rpm 4dbd471403d5fa43f773d451026927f3 2011/i586/rawshark-1.6.10-0.1-mdv2011.0.i586.rpm df238ceb7fce4e998831115aba7cb198 2011/i586/tshark-1.6.10-0.1-mdv2011.0.i586.rpm 15ee012ac6dcbc61c98e1e6cf9f81f33 2011/i586/wireshark-1.6.10-0.1-mdv2011.0.i586.rpm 3eb9c08e21a8d18c8fe2053112244260 2011/i586/wireshark-tools-1.6.10-0.1-mdv2011.0.i586.rpm 47f4c354b2c73e325e99d1f699d9b8c8 2011/SRPMS/wireshark-1.6.10-0.1.src.rpm Mandriva Linux 2011/X86_64: 0b3d330fc5721e9fe162d458aca0eb90 2011/x86_64/dumpcap-1.6.10-0.1-mdv2011.0.x86_64.rpm e2e642f3864a217f26d2f07ac0dc473a 2011/x86_64/lib64wireshark1-1.6.10-0.1-mdv2011.0.x86_64.rpm c73e6a0704ec32b2b10b2ec1dad3fa0b 2011/x86_64/lib64wireshark-devel-1.6.10-0.1-mdv2011.0.x86_64.rpm bdffe67b6ecf6a09035b74ba703def73 2011/x86_64/rawshark-1.6.10-0.1-mdv2011.0.x86_64.rpm 9bedf4907301f42a94c7c9ab9114a9c2 2011/x86_64/tshark-1.6.10-0.1-mdv2011.0.x86_64.rpm 9ea44005e04b88cbabe97d2ed75f2ed5 2011/x86_64/wireshark-1.6.10-0.1-mdv2011.0.x86_64.rpm 506b0f9a80fdc7482b185c543669e331 2011/x86_64/wireshark-tools-1.6.10-0.1-mdv2011.0.x86_64.rpm 47f4c354b2c73e325e99d1f699d9b8c8 2011/SRPMS/wireshark-1.6.10-0.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFQLP0OmqjQ0CJFipgRAredAJ4n4f77/AyckPrhKd4P5Tp5AVfLBACdGkrI e6Lg3AKXEkL5++5eEhM1Q5M= =TjA3 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists