Mandriva Linux Security Advisory 2010-099 - This advisory updates wireshark to the latest version(s), fixing several bugs and one security issue. The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file.
281bec84e1a008e7b3ed08894ee4615be6aadec37e4c73f640238858909478e8
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:099
http://www.mandriva.com/security/
_______________________________________________________________________
Package : wireshark
Date : May 18, 2010
Affected: 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
This advisory updates wireshark to the latest version(s), fixing
several bugs and one security issue:
The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0
through 1.2.7 allows user-assisted remote attackers to cause a denial
of service (application crash) via a malformed packet trace file
(CVE-2010-1455).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1455
http://www.wireshark.org/security/wnpa-sec-2010-03.html
http://www.wireshark.org/security/wnpa-sec-2010-04.html
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.1:
3427658b5fa7df10dfa9171fce88f274 2009.1/i586/dumpcap-1.0.13-0.1mdv2009.1.i586.rpm
95eaa9c7c7ac154903915192da011c30 2009.1/i586/libwireshark0-1.0.13-0.1mdv2009.1.i586.rpm
8ff6136b164403ef8723c79ba1c4fe9c 2009.1/i586/libwireshark-devel-1.0.13-0.1mdv2009.1.i586.rpm
a941891c51278956c8b09542fe38b316 2009.1/i586/rawshark-1.0.13-0.1mdv2009.1.i586.rpm
e7f5402a8b5ea82a517331662d052258 2009.1/i586/tshark-1.0.13-0.1mdv2009.1.i586.rpm
0766111a0a9343548634dabaa1d45532 2009.1/i586/wireshark-1.0.13-0.1mdv2009.1.i586.rpm
19a17a62a92d2c5b5333fd50b084b6af 2009.1/i586/wireshark-tools-1.0.13-0.1mdv2009.1.i586.rpm
8ab9c2e193eac4ae22d7d511a4090781 2009.1/SRPMS/wireshark-1.0.13-0.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
8f7794755f7c0eedc2b28e8418856360 2009.1/x86_64/dumpcap-1.0.13-0.1mdv2009.1.x86_64.rpm
e97ce630c1d3574081498ceb43a212b0 2009.1/x86_64/lib64wireshark0-1.0.13-0.1mdv2009.1.x86_64.rpm
35cc38b16123a19a98a2861b6e6bae54 2009.1/x86_64/lib64wireshark-devel-1.0.13-0.1mdv2009.1.x86_64.rpm
fa900f436680fcab9743efb8f0d22f51 2009.1/x86_64/rawshark-1.0.13-0.1mdv2009.1.x86_64.rpm
47a14ff044d80421e45dedb1b7efd8fd 2009.1/x86_64/tshark-1.0.13-0.1mdv2009.1.x86_64.rpm
a1876af79319c30d2b8566c5952588eb 2009.1/x86_64/wireshark-1.0.13-0.1mdv2009.1.x86_64.rpm
c4f1f8b8379ce70809273245444e0274 2009.1/x86_64/wireshark-tools-1.0.13-0.1mdv2009.1.x86_64.rpm
8ab9c2e193eac4ae22d7d511a4090781 2009.1/SRPMS/wireshark-1.0.13-0.1mdv2009.1.src.rpm
Mandriva Linux 2010.0:
2c5b85c0cb3e8221d600ea1c940d64c4 2010.0/i586/dumpcap-1.2.8-0.1mdv2010.0.i586.rpm
a85db0c4912c68d69a6e413a6746f3f2 2010.0/i586/libwireshark0-1.2.8-0.1mdv2010.0.i586.rpm
0e9fbb983c87fad49130ae895d967f18 2010.0/i586/libwireshark-devel-1.2.8-0.1mdv2010.0.i586.rpm
8145924953fb4978e6aac7f7a3350ad4 2010.0/i586/rawshark-1.2.8-0.1mdv2010.0.i586.rpm
91b4fe8fbd482e9c23c20cb94419b095 2010.0/i586/tshark-1.2.8-0.1mdv2010.0.i586.rpm
e2d9d1a05bb335b46c30436cc96c451b 2010.0/i586/wireshark-1.2.8-0.1mdv2010.0.i586.rpm
76267d68aef9aaa1eb0980313caf870e 2010.0/i586/wireshark-tools-1.2.8-0.1mdv2010.0.i586.rpm
06020dae672ccfa508fb2178ebebc40d 2010.0/SRPMS/wireshark-1.2.8-0.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
2586bb1431247188f3baa0defefaa56b 2010.0/x86_64/dumpcap-1.2.8-0.1mdv2010.0.x86_64.rpm
e90b861b4536d972a0aecd8872332ed6 2010.0/x86_64/lib64wireshark0-1.2.8-0.1mdv2010.0.x86_64.rpm
6659765951116ebf828767453770c894 2010.0/x86_64/lib64wireshark-devel-1.2.8-0.1mdv2010.0.x86_64.rpm
d4df009441f8298a31166051b856bbb6 2010.0/x86_64/rawshark-1.2.8-0.1mdv2010.0.x86_64.rpm
f6ca978a30455563574c7692c5761645 2010.0/x86_64/tshark-1.2.8-0.1mdv2010.0.x86_64.rpm
3f14e37aeba9563c97565450e3cff0c4 2010.0/x86_64/wireshark-1.2.8-0.1mdv2010.0.x86_64.rpm
ceb5d1d67c811a789f689b6c52c6b138 2010.0/x86_64/wireshark-tools-1.2.8-0.1mdv2010.0.x86_64.rpm
06020dae672ccfa508fb2178ebebc40d 2010.0/SRPMS/wireshark-1.2.8-0.1mdv2010.0.src.rpm
Corporate 4.0:
c4b2c595380a9ffecf99a9d5327d718d corporate/4.0/i586/dumpcap-1.0.13-0.1.20060mlcs4.i586.rpm
684237a417550abfb5cd737e4251209a corporate/4.0/i586/libwireshark0-1.0.13-0.1.20060mlcs4.i586.rpm
3bd58a1b9287347d442337893918134e corporate/4.0/i586/libwireshark-devel-1.0.13-0.1.20060mlcs4.i586.rpm
3b74b6610f9f4cbfdde3a91ecb1ad968 corporate/4.0/i586/rawshark-1.0.13-0.1.20060mlcs4.i586.rpm
5d51ba1b7f02a343c75a12832ca35ad8 corporate/4.0/i586/tshark-1.0.13-0.1.20060mlcs4.i586.rpm
82526ef77e651cf0b7c02a81c7a700c0 corporate/4.0/i586/wireshark-1.0.13-0.1.20060mlcs4.i586.rpm
dc716e950488d94feed96787f67be9c9 corporate/4.0/i586/wireshark-tools-1.0.13-0.1.20060mlcs4.i586.rpm
b97b0f6aa0d8c5642ac07436141c855d corporate/4.0/SRPMS/wireshark-1.0.13-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
2ec3496f75013772d6e9bdea6828c16f corporate/4.0/x86_64/dumpcap-1.0.13-0.1.20060mlcs4.x86_64.rpm
c0865dc441a4ec7c400ac058412cb032 corporate/4.0/x86_64/lib64wireshark0-1.0.13-0.1.20060mlcs4.x86_64.rpm
ec3f166d445b74f6e46e0c4bac4e6c62 corporate/4.0/x86_64/lib64wireshark-devel-1.0.13-0.1.20060mlcs4.x86_64.rpm
9d7cf63bbdd653cae0c798c208add461 corporate/4.0/x86_64/rawshark-1.0.13-0.1.20060mlcs4.x86_64.rpm
8df217351b953556dbfee0ea8b5ddf50 corporate/4.0/x86_64/tshark-1.0.13-0.1.20060mlcs4.x86_64.rpm
d53580174b0a15136052fd5669791667 corporate/4.0/x86_64/wireshark-1.0.13-0.1.20060mlcs4.x86_64.rpm
24ab0d2d38836f963606cfd8f7aa6232 corporate/4.0/x86_64/wireshark-tools-1.0.13-0.1.20060mlcs4.x86_64.rpm
b97b0f6aa0d8c5642ac07436141c855d corporate/4.0/SRPMS/wireshark-1.0.13-0.1.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
f865f10f62d8e5527f1f8524b9891c5e mes5/i586/dumpcap-1.0.13-0.1mdvmes5.1.i586.rpm
7bde53dbbc605a62b83e48e5a0bbde53 mes5/i586/libwireshark0-1.0.13-0.1mdvmes5.1.i586.rpm
7ecca1bf236e03022150f93092dd3ef7 mes5/i586/libwireshark-devel-1.0.13-0.1mdvmes5.1.i586.rpm
32bbd3675662dea150f915e1ee77ae17 mes5/i586/rawshark-1.0.13-0.1mdvmes5.1.i586.rpm
c072835fc21b9b36a5eb7d0761d288c7 mes5/i586/tshark-1.0.13-0.1mdvmes5.1.i586.rpm
b5fca6f651f1b81f0df15b5c71d9cdfb mes5/i586/wireshark-1.0.13-0.1mdvmes5.1.i586.rpm
d711e784319692510c6691594936d57e mes5/i586/wireshark-tools-1.0.13-0.1mdvmes5.1.i586.rpm
355ce77e75e6cf4f2f86e0824aeb81a2 mes5/SRPMS/wireshark-1.0.13-0.1mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
f997085cdfb83ec7b21a5096b3f7f655 mes5/x86_64/dumpcap-1.0.13-0.1mdvmes5.1.x86_64.rpm
586e93233e0596f188f3cf3400540db3 mes5/x86_64/lib64wireshark0-1.0.13-0.1mdvmes5.1.x86_64.rpm
101ac339faa3cb81e855eff790fc57b2 mes5/x86_64/lib64wireshark-devel-1.0.13-0.1mdvmes5.1.x86_64.rpm
a5bdef0bb8c7a95abc2a397acedf4c6b mes5/x86_64/rawshark-1.0.13-0.1mdvmes5.1.x86_64.rpm
20e38292613f404a59e1d0c7a459a7dc mes5/x86_64/tshark-1.0.13-0.1mdvmes5.1.x86_64.rpm
f60e210371f306a9d65032d0a9eebc74 mes5/x86_64/wireshark-1.0.13-0.1mdvmes5.1.x86_64.rpm
45a0c1e7597283105216f4a722d32854 mes5/x86_64/wireshark-tools-1.0.13-0.1mdvmes5.1.x86_64.rpm
355ce77e75e6cf4f2f86e0824aeb81a2 mes5/SRPMS/wireshark-1.0.13-0.1mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFL8ratmqjQ0CJFipgRAh+GAJ9c5ildsVIRLxoBRyVh+7LWOc73VwCfZNL8
+N6HtVQiR7ONcm65k5tvU84=
=y6OA
-----END PGP SIGNATURE-----