Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2013:172 ] wireshark
From: security () mandriva com
Date: Wed, 12 Jun 2013 14:03:01 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:172
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : June 12, 2013
 Affected: Business Server 1.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in wireshark:
 
 * The ASN.1 BER dissector could crash (CVE-2013-3557).
 * The CAPWAP dissector could crash (CVE-2013-4074).
 * The HTTP dissector could overrun the stack (CVE-2013-4081).
 * The DCP ETSI dissector could crash (CVE-2013-4083).
 
 This advisory provides the latest version of Wireshark (1.6.16)
 which is not vulnerable to these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3557
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4074
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4081
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4083
 http://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html
 http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 ee7dc085336b1112178dabcf9efcbfd6  mes5/i586/dumpcap-1.6.16-0.1mdvmes5.2.i586.rpm
 b3f0ee150e0cc4733bc6181784e3db0b  mes5/i586/libwireshark1-1.6.16-0.1mdvmes5.2.i586.rpm
 ae18d8a751ddf6d0197a7259d4958dd7  mes5/i586/libwireshark-devel-1.6.16-0.1mdvmes5.2.i586.rpm
 ce85c65696abc4a9112200d73334a2a0  mes5/i586/rawshark-1.6.16-0.1mdvmes5.2.i586.rpm
 9492d3e3dfccc7cc28b40558f2efc964  mes5/i586/tshark-1.6.16-0.1mdvmes5.2.i586.rpm
 bfb3a5facb92c41b43ec428b71bf6292  mes5/i586/wireshark-1.6.16-0.1mdvmes5.2.i586.rpm
 daefcf5e5f2e955df6bb39ce38f6adc2  mes5/i586/wireshark-tools-1.6.16-0.1mdvmes5.2.i586.rpm 
 13f53e174e10e8f7bf6b4896ea785067  mes5/SRPMS/wireshark-1.6.16-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 0e30acd436f428bf94164f2c2437ec37  mes5/x86_64/dumpcap-1.6.16-0.1mdvmes5.2.x86_64.rpm
 24515452924f9b39dac572d541eb7135  mes5/x86_64/lib64wireshark1-1.6.16-0.1mdvmes5.2.x86_64.rpm
 b29c2e1acb4bbdbeac5db892353c58a3  mes5/x86_64/lib64wireshark-devel-1.6.16-0.1mdvmes5.2.x86_64.rpm
 b86457579d9a945a5e1859186ae40d04  mes5/x86_64/rawshark-1.6.16-0.1mdvmes5.2.x86_64.rpm
 2a5971317b64668b1a0492ef05288707  mes5/x86_64/tshark-1.6.16-0.1mdvmes5.2.x86_64.rpm
 d22feab79bec9cd2dcffd339482cf8c2  mes5/x86_64/wireshark-1.6.16-0.1mdvmes5.2.x86_64.rpm
 9b49117a0bcc4427bd5d725cd9c5152a  mes5/x86_64/wireshark-tools-1.6.16-0.1mdvmes5.2.x86_64.rpm 
 13f53e174e10e8f7bf6b4896ea785067  mes5/SRPMS/wireshark-1.6.16-0.1mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 2390468bd95bc55cf6380912c651df30  mbs1/x86_64/dumpcap-1.6.16-1.mbs1.x86_64.rpm
 1640e819389b89792aeb281daaad14b4  mbs1/x86_64/lib64wireshark1-1.6.16-1.mbs1.x86_64.rpm
 1c29c375c42970380dce6e30c6a59193  mbs1/x86_64/lib64wireshark-devel-1.6.16-1.mbs1.x86_64.rpm
 edde8d7961d033ac5d76678604d19548  mbs1/x86_64/rawshark-1.6.16-1.mbs1.x86_64.rpm
 4cbfe7fe1c7b27bb69fb6863d5db7f6b  mbs1/x86_64/tshark-1.6.16-1.mbs1.x86_64.rpm
 637924c40d0bff5b4149d2baa6a68f0d  mbs1/x86_64/wireshark-1.6.16-1.mbs1.x86_64.rpm
 5e7375e0d750820e503635794e6f2636  mbs1/x86_64/wireshark-tools-1.6.16-1.mbs1.x86_64.rpm 
 80a49547bf467b19038b4688a0aed2b3  mbs1/SRPMS/wireshark-1.6.16-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFRuDfAmqjQ0CJFipgRAlYAAJwIpuOTE4GKqXJ9niV1xIIynwW/jwCdEhY/
JrhSt0wlpzW0Q1pgi4L6v7g=
=wYly
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2013:172 ] wireshark security (Jun 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]