BugTraq
[ MDVSA-2011:007 ] wireshark Jan 14 2011 03:50PM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2011:007
http://www.mandriva.com/security/
_______________________________________________________________________

Package : wireshark
Date : January 14, 2011
Affected: 2010.0, 2010.1
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in wireshark:

Buffer overflow in the MAC-LTE dissector
(epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13
and 1.4.0 through 1.4.2 allows remote attackers to cause a denial
of service (crash) and possibly execute arbitrary code via a large
number of RARs (CVE-2011-0444).

The updated packages have been upgraded to the latest version (1.2.14)
which is not affected by this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0444
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2010.0:
3a2f0ae73575edebf59af5cd0a990d5e 2010.0/i586/dumpcap-1.2.14-0.1mdv2010.0.i586.rpm
5a1cac2e193ac88f79bcf2ed17325f49 2010.0/i586/libwireshark0-1.2.14-0.1mdv2010.0.i586.rpm
08fd6b3b4bbad72921a242e94ecd0763 2010.0/i586/libwireshark-devel-1.2.14-0.1mdv2010.0.i586.rpm
704293ddee33f12d3e2780d9c5f70eaa 2010.0/i586/rawshark-1.2.14-0.1mdv2010.0.i586.rpm
9b4bb13cf3adfe6c6b9b4ec5a71bb747 2010.0/i586/tshark-1.2.14-0.1mdv2010.0.i586.rpm
4304f98c8600d4a75b46557191c59d5c 2010.0/i586/wireshark-1.2.14-0.1mdv2010.0.i586.rpm
b8be2c40e9b35ca5687be8bdf5cbc92e 2010.0/i586/wireshark-tools-1.2.14-0.1mdv2010.0.i586.rpm
0d6a391360c69ad056e53611b40cd791 2010.0/SRPMS/wireshark-1.2.14-0.1mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
2a81db424d352797b438b4501bc5b141 2010.0/x86_64/dumpcap-1.2.14-0.1mdv2010.0.x86_64.rpm
cca932a82dc554d0534f0f02b2ccf8e3 2010.0/x86_64/lib64wireshark0-1.2.14-0.1mdv2010.0.x86_64.rpm
ccdf660e37dcbed9256bf0be74495781 2010.0/x86_64/lib64wireshark-devel-1.2.14-0.1mdv2010.0.x86_64.rpm
ccf5ba5f67ab88c7fe8c6db8ae43526a 2010.0/x86_64/rawshark-1.2.14-0.1mdv2010.0.x86_64.rpm
0798e4c09151a21a7a33146cf146306e 2010.0/x86_64/tshark-1.2.14-0.1mdv2010.0.x86_64.rpm
eb40a51beb7e55f81dd8ad0ee21bd5ef 2010.0/x86_64/wireshark-1.2.14-0.1mdv2010.0.x86_64.rpm
0d770ab861c52d43a7ae422a65ac53ef 2010.0/x86_64/wireshark-tools-1.2.14-0.1mdv2010.0.x86_64.rpm
0d6a391360c69ad056e53611b40cd791 2010.0/SRPMS/wireshark-1.2.14-0.1mdv2010.0.src.rpm

Mandriva Linux 2010.1:
7de8db5688b998288ab369481eca35c0 2010.1/i586/dumpcap-1.2.14-0.1mdv2010.2.i586.rpm
22a29bec1152910d35e35637fabb0f5c 2010.1/i586/libwireshark0-1.2.14-0.1mdv2010.2.i586.rpm
06fa495e77df6be1e21371c1d4a315d2 2010.1/i586/libwireshark-devel-1.2.14-0.1mdv2010.2.i586.rpm
53b3e0c48b0ab71dfc79984dce5bb358 2010.1/i586/rawshark-1.2.14-0.1mdv2010.2.i586.rpm
90efaca0d453f9a78b1afe3e95ef98c1 2010.1/i586/tshark-1.2.14-0.1mdv2010.2.i586.rpm
c44df29a8b5b47ad02bd3ff673686e86 2010.1/i586/wireshark-1.2.14-0.1mdv2010.2.i586.rpm
de8b12c12a02924da1297d4c79de9309 2010.1/i586/wireshark-tools-1.2.14-0.1mdv2010.2.i586.rpm
31b07947f65c4e3c2bfbb8bcb415d6b5 2010.1/SRPMS/wireshark-1.2.14-0.1mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
ea65c3b7951494a52747af3d8f699810 2010.1/x86_64/dumpcap-1.2.14-0.1mdv2010.2.x86_64.rpm
fa83276f456b101e30078ff25f352148 2010.1/x86_64/lib64wireshark0-1.2.14-0.1mdv2010.2.x86_64.rpm
51467848acf4bfd385cdd82b5d8e7f9f 2010.1/x86_64/lib64wireshark-devel-1.2.14-0.1mdv2010.2.x86_64.rpm
e19576e3fb9e9bff0b88697bf8d66a57 2010.1/x86_64/rawshark-1.2.14-0.1mdv2010.2.x86_64.rpm
1c7064af60034bb8574c54e8ea23bab4 2010.1/x86_64/tshark-1.2.14-0.1mdv2010.2.x86_64.rpm
b6e97be88b31556a8ad0ce1365723a82 2010.1/x86_64/wireshark-1.2.14-0.1mdv2010.2.x86_64.rpm
b28c4a799e75bfdd3d3fd9995cbd2150 2010.1/x86_64/wireshark-tools-1.2.14-0.1mdv2010.2.x86_64.rpm
31b07947f65c4e3c2bfbb8bcb415d6b5 2010.1/SRPMS/wireshark-1.2.14-0.1mdv2010.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNMEQymqjQ0CJFipgRAixrAKCRK+4bTIfUcUHICrmvBcXzu4SDFwCeOuK3
iNg1P9keaBpfxZ8hperQtUc=
=CY2n
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus