Home page logo
/

bugtraq logo Bugtraq mailing list archives

[ MDVSA-2011:164 ] wireshark
From: security () mandriva com
Date: Wed, 02 Nov 2011 15:31:00 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:164
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : November 2, 2011
 Affected: 2011.
 _______________________________________________________________________

 Problem Description:

 This advisory updates wireshark to the latest version (1.6.3), fixing
 several security issues:
 
 An uninitialized variable in the CSN.1 dissector could cause a crash
 (CVE-2011-4100).
 
 Huzaifa Sidhpurwala of Red Hat Security Response Team discovered
 that the Infiniband dissector could dereference a NULL pointer
 (CVE-2011-4101).
 
 Huzaifa Sidhpurwala of Red Hat Security Response Team discovered a
 buffer overflow in the ERF file reader (CVE-2011-4102).
 
 The updated packages have been upgraded to the latest 1.6.x version
 (1.6.3) which is not vulnerable to these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4100
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4101
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4102
 http://www.wireshark.org/security/wnpa-sec-2011-17.html
 http://www.wireshark.org/security/wnpa-sec-2011-18.html
 http://www.wireshark.org/security/wnpa-sec-2011-19.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 0b5ac9722ad8eab01e3806d308c3e5be  2011/i586/dumpcap-1.6.3-0.1-mdv2011.0.i586.rpm
 6e19c82aa19d8f3538454e791efda914  2011/i586/libwireshark1-1.6.3-0.1-mdv2011.0.i586.rpm
 a65286ff617109423a548d3af675ce25  2011/i586/libwireshark-devel-1.6.3-0.1-mdv2011.0.i586.rpm
 a1a8effdebd29e525f4069e22d689599  2011/i586/rawshark-1.6.3-0.1-mdv2011.0.i586.rpm
 1eae86f6dc50df492f9da0098eb889ae  2011/i586/tshark-1.6.3-0.1-mdv2011.0.i586.rpm
 a3a78552342edfb562c9019dbf223cca  2011/i586/wireshark-1.6.3-0.1-mdv2011.0.i586.rpm
 77e7f551ef26d0bc667118091c77059e  2011/i586/wireshark-tools-1.6.3-0.1-mdv2011.0.i586.rpm 
 62f46aea01740a89b0cd31baf9ac82a1  2011/SRPMS/wireshark-1.6.3-0.1.src.rpm

 Mandriva Linux 2011/X86_64:
 200c7fce5888bbd88badb78a757692df  2011/x86_64/dumpcap-1.6.3-0.1-mdv2011.0.x86_64.rpm
 2bbb9dd050ee7c7abf4022d67d886d41  2011/x86_64/lib64wireshark1-1.6.3-0.1-mdv2011.0.x86_64.rpm
 0fb9974d9a755593f5ec8977c22f25ac  2011/x86_64/lib64wireshark-devel-1.6.3-0.1-mdv2011.0.x86_64.rpm
 a16851c1d3f6444c6c8a2b0c56ad5570  2011/x86_64/rawshark-1.6.3-0.1-mdv2011.0.x86_64.rpm
 14565aa0dbc8261a969b983f0a93aea3  2011/x86_64/tshark-1.6.3-0.1-mdv2011.0.x86_64.rpm
 7257cfd3572e2fef8ee166abd3e7471f  2011/x86_64/wireshark-1.6.3-0.1-mdv2011.0.x86_64.rpm
 b06e4710c4d0e21bcd367a67cc7f1fb4  2011/x86_64/wireshark-tools-1.6.3-0.1-mdv2011.0.x86_64.rpm 
 62f46aea01740a89b0cd31baf9ac82a1  2011/SRPMS/wireshark-1.6.3-0.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOsSnpmqjQ0CJFipgRAu0vAKDZN4pCvOqGm0kL1yqDacJXeUgbhQCfWBNx
FLThhT8zQa9eZYug6gzxREo=
=KSPx
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • [ MDVSA-2011:164 ] wireshark security (Nov 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]