[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1UmjlV-00072Q-An@titan.mandriva.com>
Date: Wed, 12 Jun 2013 14:03:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2013:172 ] wireshark
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:172
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : wireshark
Date : June 12, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in wireshark:
* The ASN.1 BER dissector could crash (CVE-2013-3557).
* The CAPWAP dissector could crash (CVE-2013-4074).
* The HTTP dissector could overrun the stack (CVE-2013-4081).
* The DCP ETSI dissector could crash (CVE-2013-4083).
This advisory provides the latest version of Wireshark (1.6.16)
which is not vulnerable to these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4083
http://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html
http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
ee7dc085336b1112178dabcf9efcbfd6 mes5/i586/dumpcap-1.6.16-0.1mdvmes5.2.i586.rpm
b3f0ee150e0cc4733bc6181784e3db0b mes5/i586/libwireshark1-1.6.16-0.1mdvmes5.2.i586.rpm
ae18d8a751ddf6d0197a7259d4958dd7 mes5/i586/libwireshark-devel-1.6.16-0.1mdvmes5.2.i586.rpm
ce85c65696abc4a9112200d73334a2a0 mes5/i586/rawshark-1.6.16-0.1mdvmes5.2.i586.rpm
9492d3e3dfccc7cc28b40558f2efc964 mes5/i586/tshark-1.6.16-0.1mdvmes5.2.i586.rpm
bfb3a5facb92c41b43ec428b71bf6292 mes5/i586/wireshark-1.6.16-0.1mdvmes5.2.i586.rpm
daefcf5e5f2e955df6bb39ce38f6adc2 mes5/i586/wireshark-tools-1.6.16-0.1mdvmes5.2.i586.rpm
13f53e174e10e8f7bf6b4896ea785067 mes5/SRPMS/wireshark-1.6.16-0.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
0e30acd436f428bf94164f2c2437ec37 mes5/x86_64/dumpcap-1.6.16-0.1mdvmes5.2.x86_64.rpm
24515452924f9b39dac572d541eb7135 mes5/x86_64/lib64wireshark1-1.6.16-0.1mdvmes5.2.x86_64.rpm
b29c2e1acb4bbdbeac5db892353c58a3 mes5/x86_64/lib64wireshark-devel-1.6.16-0.1mdvmes5.2.x86_64.rpm
b86457579d9a945a5e1859186ae40d04 mes5/x86_64/rawshark-1.6.16-0.1mdvmes5.2.x86_64.rpm
2a5971317b64668b1a0492ef05288707 mes5/x86_64/tshark-1.6.16-0.1mdvmes5.2.x86_64.rpm
d22feab79bec9cd2dcffd339482cf8c2 mes5/x86_64/wireshark-1.6.16-0.1mdvmes5.2.x86_64.rpm
9b49117a0bcc4427bd5d725cd9c5152a mes5/x86_64/wireshark-tools-1.6.16-0.1mdvmes5.2.x86_64.rpm
13f53e174e10e8f7bf6b4896ea785067 mes5/SRPMS/wireshark-1.6.16-0.1mdvmes5.2.src.rpm
Mandriva Business Server 1/X86_64:
2390468bd95bc55cf6380912c651df30 mbs1/x86_64/dumpcap-1.6.16-1.mbs1.x86_64.rpm
1640e819389b89792aeb281daaad14b4 mbs1/x86_64/lib64wireshark1-1.6.16-1.mbs1.x86_64.rpm
1c29c375c42970380dce6e30c6a59193 mbs1/x86_64/lib64wireshark-devel-1.6.16-1.mbs1.x86_64.rpm
edde8d7961d033ac5d76678604d19548 mbs1/x86_64/rawshark-1.6.16-1.mbs1.x86_64.rpm
4cbfe7fe1c7b27bb69fb6863d5db7f6b mbs1/x86_64/tshark-1.6.16-1.mbs1.x86_64.rpm
637924c40d0bff5b4149d2baa6a68f0d mbs1/x86_64/wireshark-1.6.16-1.mbs1.x86_64.rpm
5e7375e0d750820e503635794e6f2636 mbs1/x86_64/wireshark-tools-1.6.16-1.mbs1.x86_64.rpm
80a49547bf467b19038b4688a0aed2b3 mbs1/SRPMS/wireshark-1.6.16-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFRuDfAmqjQ0CJFipgRAlYAAJwIpuOTE4GKqXJ9niV1xIIynwW/jwCdEhY/
JrhSt0wlpzW0Q1pgi4L6v7g=
=wYly
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists