-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:172 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : wireshark Date : June 12, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in wireshark: * The ASN.1 BER dissector could crash (CVE-2013-3557). * The CAPWAP dissector could crash (CVE-2013-4074). * The HTTP dissector could overrun the stack (CVE-2013-4081). * The DCP ETSI dissector could crash (CVE-2013-4083). This advisory provides the latest version of Wireshark (1.6.16) which is not vulnerable to these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4074 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4083 http://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: ee7dc085336b1112178dabcf9efcbfd6 mes5/i586/dumpcap-1.6.16-0.1mdvmes5.2.i586.rpm b3f0ee150e0cc4733bc6181784e3db0b mes5/i586/libwireshark1-1.6.16-0.1mdvmes5.2.i586.rpm ae18d8a751ddf6d0197a7259d4958dd7 mes5/i586/libwireshark-devel-1.6.16-0.1mdvmes5.2.i586.rpm ce85c65696abc4a9112200d73334a2a0 mes5/i586/rawshark-1.6.16-0.1mdvmes5.2.i586.rpm 9492d3e3dfccc7cc28b40558f2efc964 mes5/i586/tshark-1.6.16-0.1mdvmes5.2.i586.rpm bfb3a5facb92c41b43ec428b71bf6292 mes5/i586/wireshark-1.6.16-0.1mdvmes5.2.i586.rpm daefcf5e5f2e955df6bb39ce38f6adc2 mes5/i586/wireshark-tools-1.6.16-0.1mdvmes5.2.i586.rpm 13f53e174e10e8f7bf6b4896ea785067 mes5/SRPMS/wireshark-1.6.16-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 0e30acd436f428bf94164f2c2437ec37 mes5/x86_64/dumpcap-1.6.16-0.1mdvmes5.2.x86_64.rpm 24515452924f9b39dac572d541eb7135 mes5/x86_64/lib64wireshark1-1.6.16-0.1mdvmes5.2.x86_64.rpm b29c2e1acb4bbdbeac5db892353c58a3 mes5/x86_64/lib64wireshark-devel-1.6.16-0.1mdvmes5.2.x86_64.rpm b86457579d9a945a5e1859186ae40d04 mes5/x86_64/rawshark-1.6.16-0.1mdvmes5.2.x86_64.rpm 2a5971317b64668b1a0492ef05288707 mes5/x86_64/tshark-1.6.16-0.1mdvmes5.2.x86_64.rpm d22feab79bec9cd2dcffd339482cf8c2 mes5/x86_64/wireshark-1.6.16-0.1mdvmes5.2.x86_64.rpm 9b49117a0bcc4427bd5d725cd9c5152a mes5/x86_64/wireshark-tools-1.6.16-0.1mdvmes5.2.x86_64.rpm 13f53e174e10e8f7bf6b4896ea785067 mes5/SRPMS/wireshark-1.6.16-0.1mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 2390468bd95bc55cf6380912c651df30 mbs1/x86_64/dumpcap-1.6.16-1.mbs1.x86_64.rpm 1640e819389b89792aeb281daaad14b4 mbs1/x86_64/lib64wireshark1-1.6.16-1.mbs1.x86_64.rpm 1c29c375c42970380dce6e30c6a59193 mbs1/x86_64/lib64wireshark-devel-1.6.16-1.mbs1.x86_64.rpm edde8d7961d033ac5d76678604d19548 mbs1/x86_64/rawshark-1.6.16-1.mbs1.x86_64.rpm 4cbfe7fe1c7b27bb69fb6863d5db7f6b mbs1/x86_64/tshark-1.6.16-1.mbs1.x86_64.rpm 637924c40d0bff5b4149d2baa6a68f0d mbs1/x86_64/wireshark-1.6.16-1.mbs1.x86_64.rpm 5e7375e0d750820e503635794e6f2636 mbs1/x86_64/wireshark-tools-1.6.16-1.mbs1.x86_64.rpm 80a49547bf467b19038b4688a0aed2b3 mbs1/SRPMS/wireshark-1.6.16-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRuDfAmqjQ0CJFipgRAlYAAJwIpuOTE4GKqXJ9niV1xIIynwW/jwCdEhY/ JrhSt0wlpzW0Q1pgi4L6v7g= =wYly -----END PGP SIGNATURE-----
