BugTraq
[ MDVSA-2011:164 ] wireshark Nov 02 2011 02:31PM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2011:164
http://www.mandriva.com/security/
_______________________________________________________________________

Package : wireshark
Date : November 2, 2011
Affected: 2011.
_______________________________________________________________________

Problem Description:

This advisory updates wireshark to the latest version (1.6.3), fixing
several security issues:

An uninitialized variable in the CSN.1 dissector could cause a crash
(CVE-2011-4100).

Huzaifa Sidhpurwala of Red Hat Security Response Team discovered
that the Infiniband dissector could dereference a NULL pointer
(CVE-2011-4101).

Huzaifa Sidhpurwala of Red Hat Security Response Team discovered a
buffer overflow in the ERF file reader (CVE-2011-4102).

The updated packages have been upgraded to the latest 1.6.x version
(1.6.3) which is not vulnerable to these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4102
http://www.wireshark.org/security/wnpa-sec-2011-17.html
http://www.wireshark.org/security/wnpa-sec-2011-18.html
http://www.wireshark.org/security/wnpa-sec-2011-19.html
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2011:
0b5ac9722ad8eab01e3806d308c3e5be 2011/i586/dumpcap-1.6.3-0.1-mdv2011.0.i586.rpm
6e19c82aa19d8f3538454e791efda914 2011/i586/libwireshark1-1.6.3-0.1-mdv2011.0.i586.rpm
a65286ff617109423a548d3af675ce25 2011/i586/libwireshark-devel-1.6.3-0.1-mdv2011.0.i586.rpm
a1a8effdebd29e525f4069e22d689599 2011/i586/rawshark-1.6.3-0.1-mdv2011.0.i586.rpm
1eae86f6dc50df492f9da0098eb889ae 2011/i586/tshark-1.6.3-0.1-mdv2011.0.i586.rpm
a3a78552342edfb562c9019dbf223cca 2011/i586/wireshark-1.6.3-0.1-mdv2011.0.i586.rpm
77e7f551ef26d0bc667118091c77059e 2011/i586/wireshark-tools-1.6.3-0.1-mdv2011.0.i586.rpm
62f46aea01740a89b0cd31baf9ac82a1 2011/SRPMS/wireshark-1.6.3-0.1.src.rpm

Mandriva Linux 2011/X86_64:
200c7fce5888bbd88badb78a757692df 2011/x86_64/dumpcap-1.6.3-0.1-mdv2011.0.x86_64.rpm
2bbb9dd050ee7c7abf4022d67d886d41 2011/x86_64/lib64wireshark1-1.6.3-0.1-mdv2011.0.x86_64.rpm
0fb9974d9a755593f5ec8977c22f25ac 2011/x86_64/lib64wireshark-devel-1.6.3-0.1-mdv2011.0.x86_64.rpm
a16851c1d3f6444c6c8a2b0c56ad5570 2011/x86_64/rawshark-1.6.3-0.1-mdv2011.0.x86_64.rpm
14565aa0dbc8261a969b983f0a93aea3 2011/x86_64/tshark-1.6.3-0.1-mdv2011.0.x86_64.rpm
7257cfd3572e2fef8ee166abd3e7471f 2011/x86_64/wireshark-1.6.3-0.1-mdv2011.0.x86_64.rpm
b06e4710c4d0e21bcd367a67cc7f1fb4 2011/x86_64/wireshark-tools-1.6.3-0.1-mdv2011.0.x86_64.rpm
62f46aea01740a89b0cd31baf9ac82a1 2011/SRPMS/wireshark-1.6.3-0.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOsSnpmqjQ0CJFipgRAu0vAKDZN4pCvOqGm0kL1yqDacJXeUgbhQCfWBNx
FLThhT8zQa9eZYug6gzxREo=
=KSPx
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus