[ MDVSA-2008:199 ] wireshark

security@xxxxxxxxxxxx · Fri, 19 Sep 2008 14:34:01 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:199
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : September 19, 2008
 Affected: 2008.0, 2008.1, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 A number of vulnerabilities were discovered in Wireshark that could
 cause it to crash while processing malicious packets (CVE-2008-3146,
 CVE-2008-3932, CVE-2008-3933, CVE-2008-3934).

 This update provides Wireshark 1.0.3, which is not vulnerable to
 these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3146
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3932
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3933
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3934
 http://www.wireshark.org/security/wnpa-sec-2008-05.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 052d8ebe59721965be4e1abc3d26aa4f  2008.0/i586/dumpcap-1.0.3-0.1mdv2008.0.i586.rpm
 6e1ff488246d3e61dd86adf22db10157  2008.0/i586/libwireshark0-1.0.3-0.1mdv2008.0.i586.rpm
 4a3380a50b95b4b47280d31051f03733  2008.0/i586/libwireshark-devel-1.0.3-0.1mdv2008.0.i586.rpm
 47e77c47f5433386e134590e902d97fa  2008.0/i586/rawshark-1.0.3-0.1mdv2008.0.i586.rpm
 f19bb7a5f07b2e14d13bbb80a063e9c2  2008.0/i586/tshark-1.0.3-0.1mdv2008.0.i586.rpm
 59bd1fe60ddc1aef03c43f1e244d310f  2008.0/i586/wireshark-1.0.3-0.1mdv2008.0.i586.rpm
 7537a0e613adbd9a33f8506eff4b79dc  2008.0/i586/wireshark-tools-1.0.3-0.1mdv2008.0.i586.rpm 
 695458967bc7120dc18c0e021c21ef98  2008.0/SRPMS/wireshark-1.0.3-0.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 4579cf82a33b706a8332fb9da25bb714  2008.0/x86_64/dumpcap-1.0.3-0.1mdv2008.0.x86_64.rpm
 e2dc5b80e269394968a732d340584c50  2008.0/x86_64/lib64wireshark0-1.0.3-0.1mdv2008.0.x86_64.rpm
 179c3d0406afacadeae37dabeb950ca9  2008.0/x86_64/lib64wireshark-devel-1.0.3-0.1mdv2008.0.x86_64.rpm
 c6460878e3237026fb2dcc31314a2e86  2008.0/x86_64/rawshark-1.0.3-0.1mdv2008.0.x86_64.rpm
 61060d1d41bee4101c58780ea9acbde3  2008.0/x86_64/tshark-1.0.3-0.1mdv2008.0.x86_64.rpm
 afcda73f3b39721f2f9131d83b51518e  2008.0/x86_64/wireshark-1.0.3-0.1mdv2008.0.x86_64.rpm
 593a07cded73079f4c744f4f774ea0da  2008.0/x86_64/wireshark-tools-1.0.3-0.1mdv2008.0.x86_64.rpm 
 695458967bc7120dc18c0e021c21ef98  2008.0/SRPMS/wireshark-1.0.3-0.1mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 325f81f7981ec1b0bb7af6ef00ea77b3  2008.1/i586/dumpcap-1.0.3-0.1mdv2008.1.i586.rpm
 b1374e0f57b9ddc67d138489a61514eb  2008.1/i586/libwireshark0-1.0.3-0.1mdv2008.1.i586.rpm
 b56d0679bc1889ce274d0331f809b4a4  2008.1/i586/libwireshark-devel-1.0.3-0.1mdv2008.1.i586.rpm
 7cab501287ca8cb9b9e6c4c19c08e890  2008.1/i586/rawshark-1.0.3-0.1mdv2008.1.i586.rpm
 7e40fab1043159337cc1108f7be86f4b  2008.1/i586/tshark-1.0.3-0.1mdv2008.1.i586.rpm
 b47879b7e4ed639ec7a2c0b721225b01  2008.1/i586/wireshark-1.0.3-0.1mdv2008.1.i586.rpm
 871afd4c2295bf2f7b743e0adac825fa  2008.1/i586/wireshark-tools-1.0.3-0.1mdv2008.1.i586.rpm 
 4959379f906f32983e1d95c38dc01f3c  2008.1/SRPMS/wireshark-1.0.3-0.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 a903d45a26f4e4c324dbdecb51729f6f  2008.1/x86_64/dumpcap-1.0.3-0.1mdv2008.1.x86_64.rpm
 a85194ad83eb2833191cf8924fd68468  2008.1/x86_64/lib64wireshark0-1.0.3-0.1mdv2008.1.x86_64.rpm
 966f0182801ae6e1d84c6736a796afca  2008.1/x86_64/lib64wireshark-devel-1.0.3-0.1mdv2008.1.x86_64.rpm
 2e5035d90d7549a0c11b25be8050081c  2008.1/x86_64/rawshark-1.0.3-0.1mdv2008.1.x86_64.rpm
 1d5e478b7149920d684a4c4e9f7e4b9f  2008.1/x86_64/tshark-1.0.3-0.1mdv2008.1.x86_64.rpm
 0b8adf3d5c2412c282da2c5273a1d502  2008.1/x86_64/wireshark-1.0.3-0.1mdv2008.1.x86_64.rpm
 ebd622e02eb614171990b9cd5194ddbb  2008.1/x86_64/wireshark-tools-1.0.3-0.1mdv2008.1.x86_64.rpm 
 4959379f906f32983e1d95c38dc01f3c  2008.1/SRPMS/wireshark-1.0.3-0.1mdv2008.1.src.rpm

 Corporate 4.0:
 9aec40405f83f4102135e4af7234dc45  corporate/4.0/i586/dumpcap-1.0.3-0.1.20060mlcs4.i586.rpm
 5846034eaf54cac8aaa5001cd05c8a23  corporate/4.0/i586/libwireshark0-1.0.3-0.1.20060mlcs4.i586.rpm
 61c8775b586e3c3ff0ef26c5453a40de  corporate/4.0/i586/libwireshark-devel-1.0.3-0.1.20060mlcs4.i586.rpm
 fb5a51694ac720ebb02fdc2006e827cc  corporate/4.0/i586/rawshark-1.0.3-0.1.20060mlcs4.i586.rpm
 04d4bcd97fc137d904bade0ff71d6d8a  corporate/4.0/i586/tshark-1.0.3-0.1.20060mlcs4.i586.rpm
 a817d8255ab4224cbe8b29fb5d9f7d6e  corporate/4.0/i586/wireshark-1.0.3-0.1.20060mlcs4.i586.rpm
 74d39fc12f1d82d6b5b944001a99c6e0  corporate/4.0/i586/wireshark-tools-1.0.3-0.1.20060mlcs4.i586.rpm 
 6a321e896cb17afea59981b2c20c6f9d  corporate/4.0/SRPMS/wireshark-1.0.3-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 327f1445af63d045abd689286a13cfb7  corporate/4.0/x86_64/dumpcap-1.0.3-0.1.20060mlcs4.x86_64.rpm
 5e57899fa206ba15425a643b0f5395ab  corporate/4.0/x86_64/lib64wireshark0-1.0.3-0.1.20060mlcs4.x86_64.rpm
 ecae0b5846ff684524d0b6fd6f082fca  corporate/4.0/x86_64/lib64wireshark-devel-1.0.3-0.1.20060mlcs4.x86_64.rpm
 f649de4fd1cb4663d51d1befd688000a  corporate/4.0/x86_64/rawshark-1.0.3-0.1.20060mlcs4.x86_64.rpm
 b41496a881a1644c6a376c89fd25aa32  corporate/4.0/x86_64/tshark-1.0.3-0.1.20060mlcs4.x86_64.rpm
 219e77ae2a975e781c45344c62e2f4b8  corporate/4.0/x86_64/wireshark-1.0.3-0.1.20060mlcs4.x86_64.rpm
 bc7397b7fce20c989668b71afbfa3ad4  corporate/4.0/x86_64/wireshark-tools-1.0.3-0.1.20060mlcs4.x86_64.rpm 
 6a321e896cb17afea59981b2c20c6f9d  corporate/4.0/SRPMS/wireshark-1.0.3-0.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFI09/QmqjQ0CJFipgRAozLAKDaaK7z4VDoXNJ345Loi4s8bkSPVQCgnm97
wN51WJRipenpVo9BIHwvAaM=
=2zXb
-----END PGP SIGNATURE-----