BugTraq
[ MDVSA-2014:159 ] wireshark Aug 08 2014 02:33PM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:159
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : wireshark
Date : August 8, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been discovered and corrected in
wireshark:

* The Catapult DCT2000 and IrDA dissectors could underrun a buffer
(CVE-2014-5161, CVE-2014-5162).

* The GTP and GSM Management dissectors could crash (CVE-2014-5163).

* The RLC dissector could crash (CVE-2014-5164).

* The ASN.1 BER dissector could crash (CVE-2014-5165).

The updated packages have been upgraded to the 1.10.9 version where
these security flaws has been fixed.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5165
https://www.wireshark.org/security/wnpa-sec-2014-08.html
https://www.wireshark.org/security/wnpa-sec-2014-09.html
https://www.wireshark.org/security/wnpa-sec-2014-10.html
https://www.wireshark.org/security/wnpa-sec-2014-11.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
24e40ed80d9445dbc612e3cef008fcb9 mbs1/x86_64/dumpcap-1.10.9-1.mbs1.x86_64.rpm
df4352153be18ce3ac44d7d881a3e8d4 mbs1/x86_64/lib64wireshark3-1.10.9-1.mbs1.x86_64.rpm
c15a267f427e2c75fe8a07daa1c3aa07 mbs1/x86_64/lib64wireshark-devel-1.10.9-1.mbs1.x86_64.rpm
bf302a093c6a0ec76981fb8bb87a38d1 mbs1/x86_64/lib64wiretap3-1.10.9-1.mbs1.x86_64.rpm
8fe8436f9a57e312b07b29af3bafe647 mbs1/x86_64/lib64wsutil3-1.10.9-1.mbs1.x86_64.rpm
60311fdcecbf510417290b4594299082 mbs1/x86_64/rawshark-1.10.9-1.mbs1.x86_64.rpm
6abddad19c35810e5df8390b47aa7046 mbs1/x86_64/tshark-1.10.9-1.mbs1.x86_64.rpm
b6eedad02d0fe68f696f8379f23b090c mbs1/x86_64/wireshark-1.10.9-1.mbs1.x86_64.rpm
fd5bbe1363461548a46652cb8b75e45c mbs1/x86_64/wireshark-tools-1.10.9-1.mbs1.x86_64.rpm
2da0d93d36fb5b30b27fc524399cf20e mbs1/SRPMS/wireshark-1.10.9-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFT5NGSmqjQ0CJFipgRAtCCAKD2BXHvASFNz/dQ2Qv9f8yr3DneUACgmJht
RqW08wYHGkDQVWZrzE4+m5o=
=zyXs
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus