-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:144 http://www.mandriva.com/security/ _______________________________________________________________________ Package : wireshark Date : August 4, 2010 Affected: 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: This advisory updates wireshark to the latest version(s), fixing several security issues: Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors (CVE-2010-2284). Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors (CVE-2010-2287). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2284 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2287 http://www.wireshark.org/docs/relnotes/wireshark-1.0.15.html http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.1: 649929b220accc84d3a09cec3f4d16c6 2009.1/i586/dumpcap-1.0.15-0.1mdv2009.1.i586.rpm fe9ac34bb04cdaf07928f48e6c504842 2009.1/i586/libwireshark0-1.0.15-0.1mdv2009.1.i586.rpm 853c3a49e0ba23ca7c8a792a3666fb82 2009.1/i586/libwireshark-devel-1.0.15-0.1mdv2009.1.i586.rpm 809535583954ce35bf8992d6213aeaf7 2009.1/i586/rawshark-1.0.15-0.1mdv2009.1.i586.rpm 285be0f4b537006e9005aaf40cd384d2 2009.1/i586/tshark-1.0.15-0.1mdv2009.1.i586.rpm 392f629afb206556394be294f789e1da 2009.1/i586/wireshark-1.0.15-0.1mdv2009.1.i586.rpm e6c10b3275d1fec0706f459d8fd0df80 2009.1/i586/wireshark-tools-1.0.15-0.1mdv2009.1.i586.rpm 6cf37803deacd414442d0c14579ecbdd 2009.1/SRPMS/wireshark-1.0.15-0.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 58e8f5a39b7be3e0869899f94ce28df7 2009.1/x86_64/dumpcap-1.0.15-0.1mdv2009.1.x86_64.rpm 5a57f2f2921189c3c1c87ebc91fced9f 2009.1/x86_64/lib64wireshark0-1.0.15-0.1mdv2009.1.x86_64.rpm 270aed9d53b55438c8f0652cc8d56b72 2009.1/x86_64/lib64wireshark-devel-1.0.15-0.1mdv2009.1.x86_64.rpm 566568bc35889d4c82c3db488c4ec64e 2009.1/x86_64/rawshark-1.0.15-0.1mdv2009.1.x86_64.rpm 064cf822bbf4974f1b7428b43c7b6709 2009.1/x86_64/tshark-1.0.15-0.1mdv2009.1.x86_64.rpm 590c5e18004ed458158aedfb9019a535 2009.1/x86_64/wireshark-1.0.15-0.1mdv2009.1.x86_64.rpm 28855b853115f2ca4c2b89a39d901271 2009.1/x86_64/wireshark-tools-1.0.15-0.1mdv2009.1.x86_64.rpm 6cf37803deacd414442d0c14579ecbdd 2009.1/SRPMS/wireshark-1.0.15-0.1mdv2009.1.src.rpm Mandriva Linux 2010.0: f286bf9a609d4a4bc4b45a87d1ee3910 2010.0/i586/dumpcap-1.2.10-0.1mdv2010.0.i586.rpm fe875ffdd62c4bc02171c749a55b0d5e 2010.0/i586/libwireshark0-1.2.10-0.1mdv2010.0.i586.rpm 02b337d9f05512076a7a7ae992329428 2010.0/i586/libwireshark-devel-1.2.10-0.1mdv2010.0.i586.rpm 1ea873e0ffde43399344e4c4fd32ad51 2010.0/i586/rawshark-1.2.10-0.1mdv2010.0.i586.rpm 33123c074f901ff4eefcab2d8a8331cd 2010.0/i586/tshark-1.2.10-0.1mdv2010.0.i586.rpm b6d104b10caa14e34aae52877c334631 2010.0/i586/wireshark-1.2.10-0.1mdv2010.0.i586.rpm a81812f5bee2ff7a5882e15e799cf143 2010.0/i586/wireshark-tools-1.2.10-0.1mdv2010.0.i586.rpm bfdc0eda31ac02b624cb3e29c10a80fc 2010.0/SRPMS/wireshark-1.2.10-0.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 4648788496bbe490cc2b2f16028421e5 2010.0/x86_64/dumpcap-1.2.10-0.1mdv2010.0.x86_64.rpm 16e5d6c2c4e0d4e65cd6f5e1bab329c9 2010.0/x86_64/lib64wireshark0-1.2.10-0.1mdv2010.0.x86_64.rpm 94444fadfd5d95ec04e15fd0ef77d655 2010.0/x86_64/lib64wireshark-devel-1.2.10-0.1mdv2010.0.x86_64.rpm d48c90be3918a12615aa708f9e7c1f8e 2010.0/x86_64/rawshark-1.2.10-0.1mdv2010.0.x86_64.rpm 91cf1c3076a776d176455a0a721f7561 2010.0/x86_64/tshark-1.2.10-0.1mdv2010.0.x86_64.rpm fa58a0335a911ca507bbee371cf8ce8c 2010.0/x86_64/wireshark-1.2.10-0.1mdv2010.0.x86_64.rpm aa5cb120bc78e48491849ac8b5ea224c 2010.0/x86_64/wireshark-tools-1.2.10-0.1mdv2010.0.x86_64.rpm bfdc0eda31ac02b624cb3e29c10a80fc 2010.0/SRPMS/wireshark-1.2.10-0.1mdv2010.0.src.rpm Mandriva Linux 2010.1: 40c7b0ba7f02da73e6904840e4861ea0 2010.1/i586/dumpcap-1.2.10-0.1mdv2010.1.i586.rpm 26e9032812ac8f0ab0291eb690f99375 2010.1/i586/libwireshark0-1.2.10-0.1mdv2010.1.i586.rpm 2f0989489127e31859270f49bf75b2b8 2010.1/i586/libwireshark-devel-1.2.10-0.1mdv2010.1.i586.rpm e261ff676225ab54a491cda5e6db6c88 2010.1/i586/rawshark-1.2.10-0.1mdv2010.1.i586.rpm c49509969104228248717279ad9a5f99 2010.1/i586/tshark-1.2.10-0.1mdv2010.1.i586.rpm a1eb4bae12bde6f1d3c4d6c7640b7b8d 2010.1/i586/wireshark-1.2.10-0.1mdv2010.1.i586.rpm cae58096d8cd4c5c09a776a1752a824f 2010.1/i586/wireshark-tools-1.2.10-0.1mdv2010.1.i586.rpm bb0b88dadd21016dd0eb5658eb1409d1 2010.1/SRPMS/wireshark-1.2.10-0.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: 75a844c34042e0025a7b3246b4d8afd5 2010.1/x86_64/dumpcap-1.2.10-0.1mdv2010.1.x86_64.rpm bbb7a7f9645e6e357b9729c7b153f286 2010.1/x86_64/lib64wireshark0-1.2.10-0.1mdv2010.1.x86_64.rpm 206509108a6bc75f90a9d926981aa810 2010.1/x86_64/lib64wireshark-devel-1.2.10-0.1mdv2010.1.x86_64.rpm bd90e8eaca22e75ec4be1e9f2d6286d7 2010.1/x86_64/rawshark-1.2.10-0.1mdv2010.1.x86_64.rpm d097aa15ee120fdf9759933e6e6e2d42 2010.1/x86_64/tshark-1.2.10-0.1mdv2010.1.x86_64.rpm b33aadf34dcc47717f65b0ca05aba65e 2010.1/x86_64/wireshark-1.2.10-0.1mdv2010.1.x86_64.rpm b58853ddf4fd87201ca363f58f0a66a8 2010.1/x86_64/wireshark-tools-1.2.10-0.1mdv2010.1.x86_64.rpm bb0b88dadd21016dd0eb5658eb1409d1 2010.1/SRPMS/wireshark-1.2.10-0.1mdv2010.1.src.rpm Corporate 4.0: 2fb380c5d0e13388f08b8d3816d69d6a corporate/4.0/i586/dumpcap-1.0.15-0.1.20060mlcs4.i586.rpm b09967e9b8e6fd62f43ce1594cb03b3b corporate/4.0/i586/libwireshark0-1.0.15-0.1.20060mlcs4.i586.rpm c9094d5e890265b8d212ff520652a94e corporate/4.0/i586/libwireshark-devel-1.0.15-0.1.20060mlcs4.i586.rpm 57de461a9e939792d4d47a193db66414 corporate/4.0/i586/rawshark-1.0.15-0.1.20060mlcs4.i586.rpm 470752a4722aa3579a021491a77f8a02 corporate/4.0/i586/tshark-1.0.15-0.1.20060mlcs4.i586.rpm 629b138145e384e1769807442557997f corporate/4.0/i586/wireshark-1.0.15-0.1.20060mlcs4.i586.rpm 0543f4009f485a88228d6fbad0651006 corporate/4.0/i586/wireshark-tools-1.0.15-0.1.20060mlcs4.i586.rpm c2a8777b9e91c10db49dcce4bc07ca8f corporate/4.0/SRPMS/wireshark-1.0.15-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 4bcee5cf2b7789794b249a976ab1c090 corporate/4.0/x86_64/dumpcap-1.0.15-0.1.20060mlcs4.x86_64.rpm 12b528fcebd6f308c9a07b7c8c2808ae corporate/4.0/x86_64/lib64wireshark0-1.0.15-0.1.20060mlcs4.x86_64.rpm 03d8df3825ca8ec17eee0d7c1b8f0434 corporate/4.0/x86_64/lib64wireshark-devel-1.0.15-0.1.20060mlcs4.x86_64.rpm 3331e2e29508545cd1df845f90505e2e corporate/4.0/x86_64/rawshark-1.0.15-0.1.20060mlcs4.x86_64.rpm 4f3f7eea19272c34c9772750f7deabf8 corporate/4.0/x86_64/tshark-1.0.15-0.1.20060mlcs4.x86_64.rpm 23b80b45cc197265f9de150663b92a2d corporate/4.0/x86_64/wireshark-1.0.15-0.1.20060mlcs4.x86_64.rpm 74099b44b693ff24f153ed3657885f75 corporate/4.0/x86_64/wireshark-tools-1.0.15-0.1.20060mlcs4.x86_64.rpm c2a8777b9e91c10db49dcce4bc07ca8f corporate/4.0/SRPMS/wireshark-1.0.15-0.1.20060mlcs4.src.rpm Mandriva Enterprise Server 5: dac13de131da417f6f5ee277ef29fdad mes5/i586/dumpcap-1.0.15-0.1mdvmes5.1.i586.rpm 0cff76874dc8a32453c83339525ab86a mes5/i586/libwireshark0-1.0.15-0.1mdvmes5.1.i586.rpm 26c12363682d353a4f092bbcef1c973d mes5/i586/libwireshark-devel-1.0.15-0.1mdvmes5.1.i586.rpm a8ff72f2783addc89d70ac757a43e3c6 mes5/i586/rawshark-1.0.15-0.1mdvmes5.1.i586.rpm b6bcb8213a97f268bb8ff5399c98b90e mes5/i586/tshark-1.0.15-0.1mdvmes5.1.i586.rpm b31e891b8f5e790da05c0e038c1dbda9 mes5/i586/wireshark-1.0.15-0.1mdvmes5.1.i586.rpm db8612a1102500e85dfba9c46b02d530 mes5/i586/wireshark-tools-1.0.15-0.1mdvmes5.1.i586.rpm 68633f05c02b2cc27640f3f07ae74979 mes5/SRPMS/wireshark-1.0.15-0.1mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 1ded87839c1efce910be6dd47b197a87 mes5/x86_64/dumpcap-1.0.15-0.1mdvmes5.1.x86_64.rpm d91facbb2261cc88e87d8d82bbba7018 mes5/x86_64/lib64wireshark0-1.0.15-0.1mdvmes5.1.x86_64.rpm 507e512d9b34124e34b3f9f5d745e0a5 mes5/x86_64/lib64wireshark-devel-1.0.15-0.1mdvmes5.1.x86_64.rpm 9ca6376417d980bd245f1a139e62cb34 mes5/x86_64/rawshark-1.0.15-0.1mdvmes5.1.x86_64.rpm e699c4729a8d0d707637e18435bc17e7 mes5/x86_64/tshark-1.0.15-0.1mdvmes5.1.x86_64.rpm 0e3d4a033e45bf69aeba46bd0a489f4d mes5/x86_64/wireshark-1.0.15-0.1mdvmes5.1.x86_64.rpm 7e1adf1ecdd7b98a3354e13a7a38153f mes5/x86_64/wireshark-tools-1.0.15-0.1mdvmes5.1.x86_64.rpm 68633f05c02b2cc27640f3f07ae74979 mes5/SRPMS/wireshark-1.0.15-0.1mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMWZb0mqjQ0CJFipgRArYLAKDq9FbR8zHVKVLeoNoS1v48TVS49QCffump UUPIbAZauyz46bUJa0oUHLs= =P0RR -----END PGP SIGNATURE-----
