Mandriva Linux Security Advisory 2010-144 - This advisory updates wireshark to the latest version, fixing several security issues. Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors. Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.
e570e54e48a48cb5fe83cd878878f419ff1ee72b45742b2429ac1460653cede2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:144
http://www.mandriva.com/security/
_______________________________________________________________________
Package : wireshark
Date : August 4, 2010
Affected: 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
This advisory updates wireshark to the latest version(s), fixing
several security issues:
Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through
1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack
vectors (CVE-2010-2284).
Buffer overflow in the SigComp Universal Decompressor Virtual Machine
dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8
has unknown impact and remote attack vectors (CVE-2010-2287).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2284
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2287
http://www.wireshark.org/docs/relnotes/wireshark-1.0.15.html
http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.1:
649929b220accc84d3a09cec3f4d16c6 2009.1/i586/dumpcap-1.0.15-0.1mdv2009.1.i586.rpm
fe9ac34bb04cdaf07928f48e6c504842 2009.1/i586/libwireshark0-1.0.15-0.1mdv2009.1.i586.rpm
853c3a49e0ba23ca7c8a792a3666fb82 2009.1/i586/libwireshark-devel-1.0.15-0.1mdv2009.1.i586.rpm
809535583954ce35bf8992d6213aeaf7 2009.1/i586/rawshark-1.0.15-0.1mdv2009.1.i586.rpm
285be0f4b537006e9005aaf40cd384d2 2009.1/i586/tshark-1.0.15-0.1mdv2009.1.i586.rpm
392f629afb206556394be294f789e1da 2009.1/i586/wireshark-1.0.15-0.1mdv2009.1.i586.rpm
e6c10b3275d1fec0706f459d8fd0df80 2009.1/i586/wireshark-tools-1.0.15-0.1mdv2009.1.i586.rpm
6cf37803deacd414442d0c14579ecbdd 2009.1/SRPMS/wireshark-1.0.15-0.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
58e8f5a39b7be3e0869899f94ce28df7 2009.1/x86_64/dumpcap-1.0.15-0.1mdv2009.1.x86_64.rpm
5a57f2f2921189c3c1c87ebc91fced9f 2009.1/x86_64/lib64wireshark0-1.0.15-0.1mdv2009.1.x86_64.rpm
270aed9d53b55438c8f0652cc8d56b72 2009.1/x86_64/lib64wireshark-devel-1.0.15-0.1mdv2009.1.x86_64.rpm
566568bc35889d4c82c3db488c4ec64e 2009.1/x86_64/rawshark-1.0.15-0.1mdv2009.1.x86_64.rpm
064cf822bbf4974f1b7428b43c7b6709 2009.1/x86_64/tshark-1.0.15-0.1mdv2009.1.x86_64.rpm
590c5e18004ed458158aedfb9019a535 2009.1/x86_64/wireshark-1.0.15-0.1mdv2009.1.x86_64.rpm
28855b853115f2ca4c2b89a39d901271 2009.1/x86_64/wireshark-tools-1.0.15-0.1mdv2009.1.x86_64.rpm
6cf37803deacd414442d0c14579ecbdd 2009.1/SRPMS/wireshark-1.0.15-0.1mdv2009.1.src.rpm
Mandriva Linux 2010.0:
f286bf9a609d4a4bc4b45a87d1ee3910 2010.0/i586/dumpcap-1.2.10-0.1mdv2010.0.i586.rpm
fe875ffdd62c4bc02171c749a55b0d5e 2010.0/i586/libwireshark0-1.2.10-0.1mdv2010.0.i586.rpm
02b337d9f05512076a7a7ae992329428 2010.0/i586/libwireshark-devel-1.2.10-0.1mdv2010.0.i586.rpm
1ea873e0ffde43399344e4c4fd32ad51 2010.0/i586/rawshark-1.2.10-0.1mdv2010.0.i586.rpm
33123c074f901ff4eefcab2d8a8331cd 2010.0/i586/tshark-1.2.10-0.1mdv2010.0.i586.rpm
b6d104b10caa14e34aae52877c334631 2010.0/i586/wireshark-1.2.10-0.1mdv2010.0.i586.rpm
a81812f5bee2ff7a5882e15e799cf143 2010.0/i586/wireshark-tools-1.2.10-0.1mdv2010.0.i586.rpm
bfdc0eda31ac02b624cb3e29c10a80fc 2010.0/SRPMS/wireshark-1.2.10-0.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
4648788496bbe490cc2b2f16028421e5 2010.0/x86_64/dumpcap-1.2.10-0.1mdv2010.0.x86_64.rpm
16e5d6c2c4e0d4e65cd6f5e1bab329c9 2010.0/x86_64/lib64wireshark0-1.2.10-0.1mdv2010.0.x86_64.rpm
94444fadfd5d95ec04e15fd0ef77d655 2010.0/x86_64/lib64wireshark-devel-1.2.10-0.1mdv2010.0.x86_64.rpm
d48c90be3918a12615aa708f9e7c1f8e 2010.0/x86_64/rawshark-1.2.10-0.1mdv2010.0.x86_64.rpm
91cf1c3076a776d176455a0a721f7561 2010.0/x86_64/tshark-1.2.10-0.1mdv2010.0.x86_64.rpm
fa58a0335a911ca507bbee371cf8ce8c 2010.0/x86_64/wireshark-1.2.10-0.1mdv2010.0.x86_64.rpm
aa5cb120bc78e48491849ac8b5ea224c 2010.0/x86_64/wireshark-tools-1.2.10-0.1mdv2010.0.x86_64.rpm
bfdc0eda31ac02b624cb3e29c10a80fc 2010.0/SRPMS/wireshark-1.2.10-0.1mdv2010.0.src.rpm
Mandriva Linux 2010.1:
40c7b0ba7f02da73e6904840e4861ea0 2010.1/i586/dumpcap-1.2.10-0.1mdv2010.1.i586.rpm
26e9032812ac8f0ab0291eb690f99375 2010.1/i586/libwireshark0-1.2.10-0.1mdv2010.1.i586.rpm
2f0989489127e31859270f49bf75b2b8 2010.1/i586/libwireshark-devel-1.2.10-0.1mdv2010.1.i586.rpm
e261ff676225ab54a491cda5e6db6c88 2010.1/i586/rawshark-1.2.10-0.1mdv2010.1.i586.rpm
c49509969104228248717279ad9a5f99 2010.1/i586/tshark-1.2.10-0.1mdv2010.1.i586.rpm
a1eb4bae12bde6f1d3c4d6c7640b7b8d 2010.1/i586/wireshark-1.2.10-0.1mdv2010.1.i586.rpm
cae58096d8cd4c5c09a776a1752a824f 2010.1/i586/wireshark-tools-1.2.10-0.1mdv2010.1.i586.rpm
bb0b88dadd21016dd0eb5658eb1409d1 2010.1/SRPMS/wireshark-1.2.10-0.1mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64:
75a844c34042e0025a7b3246b4d8afd5 2010.1/x86_64/dumpcap-1.2.10-0.1mdv2010.1.x86_64.rpm
bbb7a7f9645e6e357b9729c7b153f286 2010.1/x86_64/lib64wireshark0-1.2.10-0.1mdv2010.1.x86_64.rpm
206509108a6bc75f90a9d926981aa810 2010.1/x86_64/lib64wireshark-devel-1.2.10-0.1mdv2010.1.x86_64.rpm
bd90e8eaca22e75ec4be1e9f2d6286d7 2010.1/x86_64/rawshark-1.2.10-0.1mdv2010.1.x86_64.rpm
d097aa15ee120fdf9759933e6e6e2d42 2010.1/x86_64/tshark-1.2.10-0.1mdv2010.1.x86_64.rpm
b33aadf34dcc47717f65b0ca05aba65e 2010.1/x86_64/wireshark-1.2.10-0.1mdv2010.1.x86_64.rpm
b58853ddf4fd87201ca363f58f0a66a8 2010.1/x86_64/wireshark-tools-1.2.10-0.1mdv2010.1.x86_64.rpm
bb0b88dadd21016dd0eb5658eb1409d1 2010.1/SRPMS/wireshark-1.2.10-0.1mdv2010.1.src.rpm
Corporate 4.0:
2fb380c5d0e13388f08b8d3816d69d6a corporate/4.0/i586/dumpcap-1.0.15-0.1.20060mlcs4.i586.rpm
b09967e9b8e6fd62f43ce1594cb03b3b corporate/4.0/i586/libwireshark0-1.0.15-0.1.20060mlcs4.i586.rpm
c9094d5e890265b8d212ff520652a94e corporate/4.0/i586/libwireshark-devel-1.0.15-0.1.20060mlcs4.i586.rpm
57de461a9e939792d4d47a193db66414 corporate/4.0/i586/rawshark-1.0.15-0.1.20060mlcs4.i586.rpm
470752a4722aa3579a021491a77f8a02 corporate/4.0/i586/tshark-1.0.15-0.1.20060mlcs4.i586.rpm
629b138145e384e1769807442557997f corporate/4.0/i586/wireshark-1.0.15-0.1.20060mlcs4.i586.rpm
0543f4009f485a88228d6fbad0651006 corporate/4.0/i586/wireshark-tools-1.0.15-0.1.20060mlcs4.i586.rpm
c2a8777b9e91c10db49dcce4bc07ca8f corporate/4.0/SRPMS/wireshark-1.0.15-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
4bcee5cf2b7789794b249a976ab1c090 corporate/4.0/x86_64/dumpcap-1.0.15-0.1.20060mlcs4.x86_64.rpm
12b528fcebd6f308c9a07b7c8c2808ae corporate/4.0/x86_64/lib64wireshark0-1.0.15-0.1.20060mlcs4.x86_64.rpm
03d8df3825ca8ec17eee0d7c1b8f0434 corporate/4.0/x86_64/lib64wireshark-devel-1.0.15-0.1.20060mlcs4.x86_64.rpm
3331e2e29508545cd1df845f90505e2e corporate/4.0/x86_64/rawshark-1.0.15-0.1.20060mlcs4.x86_64.rpm
4f3f7eea19272c34c9772750f7deabf8 corporate/4.0/x86_64/tshark-1.0.15-0.1.20060mlcs4.x86_64.rpm
23b80b45cc197265f9de150663b92a2d corporate/4.0/x86_64/wireshark-1.0.15-0.1.20060mlcs4.x86_64.rpm
74099b44b693ff24f153ed3657885f75 corporate/4.0/x86_64/wireshark-tools-1.0.15-0.1.20060mlcs4.x86_64.rpm
c2a8777b9e91c10db49dcce4bc07ca8f corporate/4.0/SRPMS/wireshark-1.0.15-0.1.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
dac13de131da417f6f5ee277ef29fdad mes5/i586/dumpcap-1.0.15-0.1mdvmes5.1.i586.rpm
0cff76874dc8a32453c83339525ab86a mes5/i586/libwireshark0-1.0.15-0.1mdvmes5.1.i586.rpm
26c12363682d353a4f092bbcef1c973d mes5/i586/libwireshark-devel-1.0.15-0.1mdvmes5.1.i586.rpm
a8ff72f2783addc89d70ac757a43e3c6 mes5/i586/rawshark-1.0.15-0.1mdvmes5.1.i586.rpm
b6bcb8213a97f268bb8ff5399c98b90e mes5/i586/tshark-1.0.15-0.1mdvmes5.1.i586.rpm
b31e891b8f5e790da05c0e038c1dbda9 mes5/i586/wireshark-1.0.15-0.1mdvmes5.1.i586.rpm
db8612a1102500e85dfba9c46b02d530 mes5/i586/wireshark-tools-1.0.15-0.1mdvmes5.1.i586.rpm
68633f05c02b2cc27640f3f07ae74979 mes5/SRPMS/wireshark-1.0.15-0.1mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
1ded87839c1efce910be6dd47b197a87 mes5/x86_64/dumpcap-1.0.15-0.1mdvmes5.1.x86_64.rpm
d91facbb2261cc88e87d8d82bbba7018 mes5/x86_64/lib64wireshark0-1.0.15-0.1mdvmes5.1.x86_64.rpm
507e512d9b34124e34b3f9f5d745e0a5 mes5/x86_64/lib64wireshark-devel-1.0.15-0.1mdvmes5.1.x86_64.rpm
9ca6376417d980bd245f1a139e62cb34 mes5/x86_64/rawshark-1.0.15-0.1mdvmes5.1.x86_64.rpm
e699c4729a8d0d707637e18435bc17e7 mes5/x86_64/tshark-1.0.15-0.1mdvmes5.1.x86_64.rpm
0e3d4a033e45bf69aeba46bd0a489f4d mes5/x86_64/wireshark-1.0.15-0.1mdvmes5.1.x86_64.rpm
7e1adf1ecdd7b98a3354e13a7a38153f mes5/x86_64/wireshark-tools-1.0.15-0.1mdvmes5.1.x86_64.rpm
68633f05c02b2cc27640f3f07ae74979 mes5/SRPMS/wireshark-1.0.15-0.1mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMWZb0mqjQ0CJFipgRArYLAKDq9FbR8zHVKVLeoNoS1v48TVS49QCffump
UUPIbAZauyz46bUJa0oUHLs=
=P0RR
-----END PGP SIGNATURE-----