[ MDVSA-2012:080 ] wireshark



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:080
http://www.mandriva.com/security/
_______________________________________________________________________

Package : wireshark
Date : May 23, 2012
Affected: 2011.
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities was found and corrected in Wireshark:

It may be possible to make Wireshark hang for long or indefinite
periods by injecting a malformed packet onto the wire or by convincing
someone to read a malformed packet trace file.

It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed
packet trace file.

This advisory provides the latest version of Wireshark (1.6.8) which
is not vulnerable to these issues.
_______________________________________________________________________

References:

http://www.wireshark.org/security/wnpa-sec-2012-08.html
http://www.wireshark.org/security/wnpa-sec-2012-09.html
http://www.wireshark.org/security/wnpa-sec-2012-10.html
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2011:
16a577c0711df7fc568696402109d6b4 2011/i586/dumpcap-1.6.8-0.1-mdv2011.0.i586.rpm
eada57c1d6f02e7ebf14fbb3789c5bbe 2011/i586/libwireshark1-1.6.8-0.1-mdv2011.0.i586.rpm
e9e98acba88c6ee3ab1d2e51536463aa 2011/i586/libwireshark-devel-1.6.8-0.1-mdv2011.0.i586.rpm
8017f3883e54db24eeee1e0f7b3c820f 2011/i586/rawshark-1.6.8-0.1-mdv2011.0.i586.rpm
bc33e60ea854669c81652090880c430b 2011/i586/tshark-1.6.8-0.1-mdv2011.0.i586.rpm
52cc8b37b569f8bc31800eacf347a7bd 2011/i586/wireshark-1.6.8-0.1-mdv2011.0.i586.rpm
b8cd1dca05b43e22accf8cd4a1517946 2011/i586/wireshark-tools-1.6.8-0.1-mdv2011.0.i586.rpm
c7678d090d491738155aa4bb6ae2b09d 2011/SRPMS/wireshark-1.6.8-0.1.src.rpm

Mandriva Linux 2011/X86_64:
25b79e5781f78e7c7a0f239406ad3a5a 2011/x86_64/dumpcap-1.6.8-0.1-mdv2011.0.x86_64.rpm
851832cf2439b688a491620ec43318ce 2011/x86_64/lib64wireshark1-1.6.8-0.1-mdv2011.0.x86_64.rpm
6c659fbff4840bc333d90e4d72a656eb 2011/x86_64/lib64wireshark-devel-1.6.8-0.1-mdv2011.0.x86_64.rpm
9b37711290f16de47b594397de980256 2011/x86_64/rawshark-1.6.8-0.1-mdv2011.0.x86_64.rpm
2aa4ab2ba5d5b4f914b91b7d0e608c15 2011/x86_64/tshark-1.6.8-0.1-mdv2011.0.x86_64.rpm
86cdbf15b98aaacb3d42bb43dfdf2c8f 2011/x86_64/wireshark-1.6.8-0.1-mdv2011.0.x86_64.rpm
d72665f272867ca3d4af106c1a751f91 2011/x86_64/wireshark-tools-1.6.8-0.1-mdv2011.0.x86_64.rpm
c7678d090d491738155aa4bb6ae2b09d 2011/SRPMS/wireshark-1.6.8-0.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPvM7pmqjQ0CJFipgRAgddAJ9vTgXP+6YXzxHaP3OflVdGXI5O6ACeKc+9
Q9lNj2Y7agvEy1+p9wOy+Nw=
=BGJY
-----END PGP SIGNATURE-----



Relevant Pages

  • [Full-disclosure] [ MDVSA-2013:042 ] krb5
    ... Multiple vulnerabilities has been discovered and corrected in krb5: ... An attacker could use this vulnerability to execute ... The updated packages have been patched to correct these issues. ... All packages are signed by Mandriva for security. ...
    (Full-Disclosure)
  • [ MDVSA-2013:042 ] krb5
    ... Multiple vulnerabilities has been discovered and corrected in krb5: ... An attacker could use this vulnerability to execute ... The updated packages have been patched to correct these issues. ... All packages are signed by Mandriva for security. ...
    (Bugtraq)
  • [Full-disclosure] [ MDVSA-2009:292-1 ] wireshark
    ... Vulnerabilities have been discovered and corrected in wireshark, ... The wireshark package has been updated to fix these vulnerabilities. ... Updated Packages: ... Mandriva Linux 2008.0/X86_64: ...
    (Full-Disclosure)
  • [Full-disclosure] [ MDVSA-2013:115 ] php-ZendFramework
    ... Updated php-ZendFramework packages fix security vulnerabilities: ... All packages are signed by Mandriva for security. ...
    (Full-Disclosure)
  • [Full-disclosure] [ MDVSA-2011:089 ] mplayer
    ... Multiple vulnerabilities have been identified and fixed in mplayer: ... FFmpeg 0.5 allows remote attackers to cause a denial of service ... The updated packages have been patched to correct these issues. ... Mandriva Linux 2010.1/X86_64: ...
    (Full-Disclosure)