-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:002 http://www.mandriva.com/security/ _______________________________________________________________________ Package : wireshark Date : January 9, 2011 Affected: 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in wireshark: Buffer overflow in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ENTTEC DMX packet with Run Length Encoding (RLE) compression (CVE-2010-4538). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4538 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.0: bc733c08820aaeb869510853a936e81d 2010.0/i586/dumpcap-1.2.13-0.2mdv2010.0.i586.rpm 543b842a25a76844958dc6b5822ab9b3 2010.0/i586/libwireshark0-1.2.13-0.2mdv2010.0.i586.rpm 25e6ff6cb7d93ca52944ab784fe51adb 2010.0/i586/libwireshark-devel-1.2.13-0.2mdv2010.0.i586.rpm e8c5adc49461e7b476dcd15aa44279d2 2010.0/i586/rawshark-1.2.13-0.2mdv2010.0.i586.rpm 7902aa25976038ed531c9bcf1086d80e 2010.0/i586/tshark-1.2.13-0.2mdv2010.0.i586.rpm 6bddcddb514176b40bba076e3a87ecc5 2010.0/i586/wireshark-1.2.13-0.2mdv2010.0.i586.rpm f1da516d547368c4eb67267fcad9f13c 2010.0/i586/wireshark-tools-1.2.13-0.2mdv2010.0.i586.rpm d48996cd65bf829feac3b1be9437b9b2 2010.0/SRPMS/wireshark-1.2.13-0.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: fd74949f67e63a6541aab106f1da36a2 2010.0/x86_64/dumpcap-1.2.13-0.2mdv2010.0.x86_64.rpm d2c293bfb7a7e684421d223a93fd0a2a 2010.0/x86_64/lib64wireshark0-1.2.13-0.2mdv2010.0.x86_64.rpm fed557a7f9e380a34aa27e2c3866107e 2010.0/x86_64/lib64wireshark-devel-1.2.13-0.2mdv2010.0.x86_64.rpm f4e013762264086f2977d80a029e622c 2010.0/x86_64/rawshark-1.2.13-0.2mdv2010.0.x86_64.rpm 574d2ae0ea7cc03acb1ef6fdf128a9c8 2010.0/x86_64/tshark-1.2.13-0.2mdv2010.0.x86_64.rpm 0094e85af23bca41f9197883a3749c11 2010.0/x86_64/wireshark-1.2.13-0.2mdv2010.0.x86_64.rpm fdb2ce454bca05a9c011a4a346c7990e 2010.0/x86_64/wireshark-tools-1.2.13-0.2mdv2010.0.x86_64.rpm d48996cd65bf829feac3b1be9437b9b2 2010.0/SRPMS/wireshark-1.2.13-0.2mdv2010.0.src.rpm Mandriva Linux 2010.1: 4f783c8013eb197511fa44656892c360 2010.1/i586/dumpcap-1.2.13-0.2mdv2010.2.i586.rpm b595251355981467e57eaac04705e10f 2010.1/i586/libwireshark0-1.2.13-0.2mdv2010.2.i586.rpm 0c126e731081d74be5da085039335b41 2010.1/i586/libwireshark-devel-1.2.13-0.2mdv2010.2.i586.rpm 45d3877083d9ba4a8a31a46502b19a11 2010.1/i586/rawshark-1.2.13-0.2mdv2010.2.i586.rpm 9af903c5c52f6ee2e5a7b49f46d38d36 2010.1/i586/tshark-1.2.13-0.2mdv2010.2.i586.rpm 0af932c596158318e76356a8a64a60f5 2010.1/i586/wireshark-1.2.13-0.2mdv2010.2.i586.rpm 20e3fa7c0053d16d4dded7175072aff7 2010.1/i586/wireshark-tools-1.2.13-0.2mdv2010.2.i586.rpm fa7daaebdc834c6533b629869089360e 2010.1/SRPMS/wireshark-1.2.13-0.2mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 9a4befad02a67bbc57600ec789449b93 2010.1/x86_64/dumpcap-1.2.13-0.2mdv2010.2.x86_64.rpm 66b07a62a38dceba28c5f88be7d76a4f 2010.1/x86_64/lib64wireshark0-1.2.13-0.2mdv2010.2.x86_64.rpm 33b1458860858b102f92ae7a9645b71b 2010.1/x86_64/lib64wireshark-devel-1.2.13-0.2mdv2010.2.x86_64.rpm 7dc782b29b48eb4954454faa51b304b8 2010.1/x86_64/rawshark-1.2.13-0.2mdv2010.2.x86_64.rpm 80b0ba9340e85b7c6cd3ffb44235fc2a 2010.1/x86_64/tshark-1.2.13-0.2mdv2010.2.x86_64.rpm b79ac38efc78fff5b4b216b0082cb024 2010.1/x86_64/wireshark-1.2.13-0.2mdv2010.2.x86_64.rpm fa577a69f960dc1adee521b5b0d2edc6 2010.1/x86_64/wireshark-tools-1.2.13-0.2mdv2010.2.x86_64.rpm fa7daaebdc834c6533b629869089360e 2010.1/SRPMS/wireshark-1.2.13-0.2mdv2010.2.src.rpm Corporate 4.0: cf1b0c56540fc63be852b7b9e81b8248 corporate/4.0/i586/dumpcap-1.0.15-0.3.20060mlcs4.i586.rpm b37f8b1d82a325de0eee152f575d91e5 corporate/4.0/i586/libwireshark0-1.0.15-0.3.20060mlcs4.i586.rpm 04c10931d30614fd79b8b729d6eddf8a corporate/4.0/i586/libwireshark-devel-1.0.15-0.3.20060mlcs4.i586.rpm eb947b7787649e06fece4ddd2ce46f46 corporate/4.0/i586/rawshark-1.0.15-0.3.20060mlcs4.i586.rpm 2ae0cda63c643b39a94bb39d24c4eae9 corporate/4.0/i586/tshark-1.0.15-0.3.20060mlcs4.i586.rpm e5f6df03fd7b73a10c247fd7d4a2469d corporate/4.0/i586/wireshark-1.0.15-0.3.20060mlcs4.i586.rpm 9bbeab7bf3131c4a92773967dfe2f79d corporate/4.0/i586/wireshark-tools-1.0.15-0.3.20060mlcs4.i586.rpm ab6808d1bd5805c5827203eeb1f59cb7 corporate/4.0/SRPMS/wireshark-1.0.15-0.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: 7026144a75428a773a1a5ba5ee8c9c77 corporate/4.0/x86_64/dumpcap-1.0.15-0.3.20060mlcs4.x86_64.rpm b9bff7450139f13d4edfd7abec34a5d5 corporate/4.0/x86_64/lib64wireshark0-1.0.15-0.3.20060mlcs4.x86_64.rpm 81637e330c64e3278cc3b3b08e98c51f corporate/4.0/x86_64/lib64wireshark-devel-1.0.15-0.3.20060mlcs4.x86_64.rpm c49228f3107c7b1754ce67e3183bce6e corporate/4.0/x86_64/rawshark-1.0.15-0.3.20060mlcs4.x86_64.rpm 417fdae547f7dc97f219c29e47668690 corporate/4.0/x86_64/tshark-1.0.15-0.3.20060mlcs4.x86_64.rpm e6894c9c8eb0efd2716ce1b3bf819cd5 corporate/4.0/x86_64/wireshark-1.0.15-0.3.20060mlcs4.x86_64.rpm 2211a4bafe98474c3e9b4cc5aa3723fa corporate/4.0/x86_64/wireshark-tools-1.0.15-0.3.20060mlcs4.x86_64.rpm ab6808d1bd5805c5827203eeb1f59cb7 corporate/4.0/SRPMS/wireshark-1.0.15-0.3.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 04a3d0056a82dbf60e2747fe92647362 mes5/i586/dumpcap-1.0.15-0.3mdvmes5.1.i586.rpm 73cfae8f517c3b1052b7c29805fbfca2 mes5/i586/libwireshark0-1.0.15-0.3mdvmes5.1.i586.rpm 7eb488244e7fb087381a19c23cbc805a mes5/i586/libwireshark-devel-1.0.15-0.3mdvmes5.1.i586.rpm 4e0dd1386498c875554478cd28055d67 mes5/i586/rawshark-1.0.15-0.3mdvmes5.1.i586.rpm 3aa9c6a7cafaebc2fc82a9bfdacb1d77 mes5/i586/tshark-1.0.15-0.3mdvmes5.1.i586.rpm 4af09e5e080a803568c8ebecce9625e4 mes5/i586/wireshark-1.0.15-0.3mdvmes5.1.i586.rpm 8a48d8b50db85c6f1d7ac70b0c9735b0 mes5/i586/wireshark-tools-1.0.15-0.3mdvmes5.1.i586.rpm 27c89a4787c3d44cdf33411baf316a2d mes5/SRPMS/wireshark-1.0.15-0.3mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: e49bb9b67a68687f09b632950a9b5622 mes5/x86_64/dumpcap-1.0.15-0.3mdvmes5.1.x86_64.rpm f1050a9a9bd95b3f751aedaf78e613f4 mes5/x86_64/lib64wireshark0-1.0.15-0.3mdvmes5.1.x86_64.rpm f98e3ba015b1268296d86442939b0539 mes5/x86_64/lib64wireshark-devel-1.0.15-0.3mdvmes5.1.x86_64.rpm 3a48f9623b86a873be763fe2fe17bf4c mes5/x86_64/rawshark-1.0.15-0.3mdvmes5.1.x86_64.rpm 62173e976799c3d64673e1225f966fae mes5/x86_64/tshark-1.0.15-0.3mdvmes5.1.x86_64.rpm 4a4d588321dc793d02e28f04b2585bc6 mes5/x86_64/wireshark-1.0.15-0.3mdvmes5.1.x86_64.rpm 030dbec9dbecc8223e046c588c29b65c mes5/x86_64/wireshark-tools-1.0.15-0.3mdvmes5.1.x86_64.rpm 27c89a4787c3d44cdf33411baf316a2d mes5/SRPMS/wireshark-1.0.15-0.3mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNKa8/mqjQ0CJFipgRAriMAJ94nGyssh4RG2rrRU8L+gjEeBwKtQCg6F/L 8pq9ULLdvxbSY9FvCRdaJos= =fLsc -----END PGP SIGNATURE-----