-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:113 http://www.mandriva.com/security/ _______________________________________________________________________ Package : wireshark Date : June 10, 2010 Affected: 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: This advisory updates wireshark to the latest version(s), fixing several security issues: * The SMB dissector could dereference a NULL pointer. (Bug 4734) * J. Oquendo discovered that the ASN.1 BER dissector could overrun the stack. * The SMB PIPE dissector could dereference a NULL pointer on some platforms. * The SigComp Universal Decompressor Virtual Machine could go into an infinite loop. (Bug 4826) * The SigComp Universal Decompressor Virtual Machine could overrun a buffer. (Bug 4837) _______________________________________________________________________ References: http://www.wireshark.org/security/wnpa-sec-2010-06.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.1: 0149a3fead677c67a65d689ca5d14003 2009.1/i586/dumpcap-1.0.14-0.1mdv2009.1.i586.rpm 11cc457d2403d1528a21ffe5b9ac7262 2009.1/i586/libwireshark0-1.0.14-0.1mdv2009.1.i586.rpm f21953c954858ae6a42ac17c2652cfd3 2009.1/i586/libwireshark-devel-1.0.14-0.1mdv2009.1.i586.rpm 9ce458c253544e9db459e47031d0fc14 2009.1/i586/rawshark-1.0.14-0.1mdv2009.1.i586.rpm ec86335e22ee4131f3309c9ac7f89179 2009.1/i586/tshark-1.0.14-0.1mdv2009.1.i586.rpm 51d99d113f714d520a6822e40bd404b1 2009.1/i586/wireshark-1.0.14-0.1mdv2009.1.i586.rpm 7cce0b057fe2ddba39322a6c8e921021 2009.1/i586/wireshark-tools-1.0.14-0.1mdv2009.1.i586.rpm 3e445d801ec43cec961207ed015ab18b 2009.1/SRPMS/wireshark-1.0.14-0.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 8c62a4b0639d0410f8a7ba0eb570aba9 2009.1/x86_64/dumpcap-1.0.14-0.1mdv2009.1.x86_64.rpm 4c3e4e1ac92419e056e0d7c17388c7a5 2009.1/x86_64/lib64wireshark0-1.0.14-0.1mdv2009.1.x86_64.rpm 22142ce9111218ac0a2e8e8a349c777d 2009.1/x86_64/lib64wireshark-devel-1.0.14-0.1mdv2009.1.x86_64.rpm 8ae04d4331132c1d7760191a74554097 2009.1/x86_64/rawshark-1.0.14-0.1mdv2009.1.x86_64.rpm 31ccfda4a4876616f0060d138c3bf792 2009.1/x86_64/tshark-1.0.14-0.1mdv2009.1.x86_64.rpm 2009a55c6de17a76bac77527df496805 2009.1/x86_64/wireshark-1.0.14-0.1mdv2009.1.x86_64.rpm ed9dc6458f9a2d420c09f2ae60d94305 2009.1/x86_64/wireshark-tools-1.0.14-0.1mdv2009.1.x86_64.rpm 3e445d801ec43cec961207ed015ab18b 2009.1/SRPMS/wireshark-1.0.14-0.1mdv2009.1.src.rpm Mandriva Linux 2010.0: 957483b67e3a59c962f68682681a9353 2010.0/i586/dumpcap-1.2.9-0.1mdv2010.0.i586.rpm 307f4c51e60f12266a6249847eb3084c 2010.0/i586/libwireshark0-1.2.9-0.1mdv2010.0.i586.rpm 783bb6328cddb6d67ca78903de21fd78 2010.0/i586/libwireshark-devel-1.2.9-0.1mdv2010.0.i586.rpm e8263e71c5535834050e2545fda00269 2010.0/i586/rawshark-1.2.9-0.1mdv2010.0.i586.rpm 8fd5540508424a4efb961846fc6effcf 2010.0/i586/tshark-1.2.9-0.1mdv2010.0.i586.rpm 24d88246de24678efe207b514dc921c0 2010.0/i586/wireshark-1.2.9-0.1mdv2010.0.i586.rpm eed336910fa875e328b4bae15e393c6d 2010.0/i586/wireshark-tools-1.2.9-0.1mdv2010.0.i586.rpm ff08f1c116a92a85482d9a7add3048c2 2010.0/SRPMS/wireshark-1.2.9-0.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: e0a17c636356a9e98712844f1cbfc1d4 2010.0/x86_64/dumpcap-1.2.9-0.1mdv2010.0.x86_64.rpm b4b393e753cb7faa7d0772e04f491635 2010.0/x86_64/lib64wireshark0-1.2.9-0.1mdv2010.0.x86_64.rpm 76a874fa3d61dc9b1f02e8bb5f8a3b37 2010.0/x86_64/lib64wireshark-devel-1.2.9-0.1mdv2010.0.x86_64.rpm 9e55b4d27b3c9ec612118f444c0d466c 2010.0/x86_64/rawshark-1.2.9-0.1mdv2010.0.x86_64.rpm 30b3f61b36ca7f5b3a3609097eb8243b 2010.0/x86_64/tshark-1.2.9-0.1mdv2010.0.x86_64.rpm bac14f9558cd32fe67ad9e02c1d7f028 2010.0/x86_64/wireshark-1.2.9-0.1mdv2010.0.x86_64.rpm 29e8a3388febbd18408582d1c36bb461 2010.0/x86_64/wireshark-tools-1.2.9-0.1mdv2010.0.x86_64.rpm ff08f1c116a92a85482d9a7add3048c2 2010.0/SRPMS/wireshark-1.2.9-0.1mdv2010.0.src.rpm Corporate 4.0: 6dae354dc5bfb616c8e1b934ed7916a2 corporate/4.0/i586/dumpcap-1.0.14-0.1.20060mlcs4.i586.rpm ebc9b7995eda40b26ba9e3b3ba961ebc corporate/4.0/i586/libwireshark0-1.0.14-0.1.20060mlcs4.i586.rpm 74f01e8e41aadfa90c2f07780d113a9d corporate/4.0/i586/libwireshark-devel-1.0.14-0.1.20060mlcs4.i586.rpm 0865efb6c3ec94de7a15f4ad1a16d16c corporate/4.0/i586/rawshark-1.0.14-0.1.20060mlcs4.i586.rpm f48013915dbb1876ca6853d5ababc3b0 corporate/4.0/i586/tshark-1.0.14-0.1.20060mlcs4.i586.rpm 4527afe77f80cf422ff2afad2af160df corporate/4.0/i586/wireshark-1.0.14-0.1.20060mlcs4.i586.rpm 7e9363e0291f06f2b7026b1cf686e8fb corporate/4.0/i586/wireshark-tools-1.0.14-0.1.20060mlcs4.i586.rpm 0d0b4bb69b5c512396237d9c2afd5e27 corporate/4.0/SRPMS/wireshark-1.0.14-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: ec6ca062956bc7cd85ed63b3126edd75 corporate/4.0/x86_64/dumpcap-1.0.14-0.1.20060mlcs4.x86_64.rpm b028dba7a3521d06c5e14968ab098cfe corporate/4.0/x86_64/lib64wireshark0-1.0.14-0.1.20060mlcs4.x86_64.rpm 9e2269ede036edfba058b6ab2f2fe909 corporate/4.0/x86_64/lib64wireshark-devel-1.0.14-0.1.20060mlcs4.x86_64.rpm bc8ac5e38124410faa899547174caebe corporate/4.0/x86_64/rawshark-1.0.14-0.1.20060mlcs4.x86_64.rpm 4375ffc2e790ff1d8ac65ca1e665eb63 corporate/4.0/x86_64/tshark-1.0.14-0.1.20060mlcs4.x86_64.rpm 32e8318c947e41fced9cdeb5b593abbc corporate/4.0/x86_64/wireshark-1.0.14-0.1.20060mlcs4.x86_64.rpm 60721e6895f05f681157f3626449f978 corporate/4.0/x86_64/wireshark-tools-1.0.14-0.1.20060mlcs4.x86_64.rpm 0d0b4bb69b5c512396237d9c2afd5e27 corporate/4.0/SRPMS/wireshark-1.0.14-0.1.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 354ff88c7ea4fd41dbb9b8f35a841cbe mes5/i586/dumpcap-1.0.14-0.1mdvmes5.1.i586.rpm 19947807a4e394037b3ad41157ef9350 mes5/i586/libwireshark0-1.0.14-0.1mdvmes5.1.i586.rpm aa0f85a08dc07104b19661d08d0016f6 mes5/i586/libwireshark-devel-1.0.14-0.1mdvmes5.1.i586.rpm 212b31fd0717217ae7490d5180e34ab7 mes5/i586/rawshark-1.0.14-0.1mdvmes5.1.i586.rpm 2bebf9603cda2d2c6e44f6f40f7bf5ae mes5/i586/tshark-1.0.14-0.1mdvmes5.1.i586.rpm 6b64f12e9746bc3c88215dfecf5eb9d1 mes5/i586/wireshark-1.0.14-0.1mdvmes5.1.i586.rpm 75aabd5c46660d4d2cd6f3fe57534dd9 mes5/i586/wireshark-tools-1.0.14-0.1mdvmes5.1.i586.rpm 81416ee15a5923e20aee9e523532b858 mes5/SRPMS/wireshark-1.0.14-0.1mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: ec16a7c441c94c2e4586debf7ff75abf mes5/x86_64/dumpcap-1.0.14-0.1mdvmes5.1.x86_64.rpm 0438953d4c51ec7305260dfe8ac0ad6f mes5/x86_64/lib64wireshark0-1.0.14-0.1mdvmes5.1.x86_64.rpm 3db1be26ffecf9ea0d3cb7f367bc98da mes5/x86_64/lib64wireshark-devel-1.0.14-0.1mdvmes5.1.x86_64.rpm 63fdc2852f2000a22616da7775fbb6b3 mes5/x86_64/rawshark-1.0.14-0.1mdvmes5.1.x86_64.rpm 379fff2c113e2a4625b4765b1f81fe82 mes5/x86_64/tshark-1.0.14-0.1mdvmes5.1.x86_64.rpm 33e8bea5e675c4ecc2f141812773048a mes5/x86_64/wireshark-1.0.14-0.1mdvmes5.1.x86_64.rpm 34cd72cad36e3fae9fcf3006cf19c22d mes5/x86_64/wireshark-tools-1.0.14-0.1mdvmes5.1.x86_64.rpm 81416ee15a5923e20aee9e523532b858 mes5/SRPMS/wireshark-1.0.14-0.1mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMEO/VmqjQ0CJFipgRAlOZAKCba74KIgu9DrU/RJ5cQcon7ZToagCg9oFU 21Eb/3qaIyEdQG3lXWrKMpg= =4Cqr -----END PGP SIGNATURE-----
