-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:105 http://www.mandriva.com/security/ _______________________________________________________________________ Package : wireshark Date : June 1, 2011 Affected: 2010.1, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: This advisory updates wireshark to the latest version (1.2.17), fixing several security issues: * Large/infinite loop in the DICOM dissector. (Bug 5876) Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6. * Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted Diameter dictionary file could crash Wireshark. Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6. * Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted snoop file could crash Wireshark. (Bug 5912) Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6. * David Maciejak of Fortinet's FortiGuard Labs discovered that malformed compressed capture data could crash Wireshark. (Bug 5908) Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6. * Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted Visual Networks file could crash Wireshark. (Bug 5934) Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6. _______________________________________________________________________ References: http://www.wireshark.org/security/wnpa-sec-2011-07.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: bf11862659afce8761a4d58ee546d1b9 2010.1/i586/dumpcap-1.2.17-0.1mdv2010.2.i586.rpm 0da0281f3c736de4929a053d5d92d1a7 2010.1/i586/libwireshark0-1.2.17-0.1mdv2010.2.i586.rpm b6e97b06fd0ac0e7384d6aab97e5cc50 2010.1/i586/libwireshark-devel-1.2.17-0.1mdv2010.2.i586.rpm 5cd0f0029fb4431c51ed8cd9207075ee 2010.1/i586/rawshark-1.2.17-0.1mdv2010.2.i586.rpm 43b1ee7fec3df0d6063d2f2e875a3ba1 2010.1/i586/tshark-1.2.17-0.1mdv2010.2.i586.rpm fa313ad7a730edd4440c7a5d61cb3aa3 2010.1/i586/wireshark-1.2.17-0.1mdv2010.2.i586.rpm a61c1457627b7371c3c7693dce1ebb6d 2010.1/i586/wireshark-tools-1.2.17-0.1mdv2010.2.i586.rpm 0dd2c106f7747527cab50ccb820e3005 2010.1/SRPMS/wireshark-1.2.17-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 125bf4d3c37ff2fd06ca3116d1a06448 2010.1/x86_64/dumpcap-1.2.17-0.1mdv2010.2.x86_64.rpm 2e80800ec2d5a221bcc6a1beffa99605 2010.1/x86_64/lib64wireshark0-1.2.17-0.1mdv2010.2.x86_64.rpm d05b01efa7eceb47c4dc9655a4108790 2010.1/x86_64/lib64wireshark-devel-1.2.17-0.1mdv2010.2.x86_64.rpm 13ff82aeeed568b1e58884b965d4dd2b 2010.1/x86_64/rawshark-1.2.17-0.1mdv2010.2.x86_64.rpm fbbbcbcdfd4f98893c6a49f03d9990f7 2010.1/x86_64/tshark-1.2.17-0.1mdv2010.2.x86_64.rpm d5e412a56fbbb8d8d456ab06408587a7 2010.1/x86_64/wireshark-1.2.17-0.1mdv2010.2.x86_64.rpm adf06e2c47c991886b674a9b300c83c6 2010.1/x86_64/wireshark-tools-1.2.17-0.1mdv2010.2.x86_64.rpm 0dd2c106f7747527cab50ccb820e3005 2010.1/SRPMS/wireshark-1.2.17-0.1mdv2010.2.src.rpm Corporate 4.0: 642f57dfe04fbe995e2dc3764305ac48 corporate/4.0/i586/dumpcap-1.2.17-0.1.20060mlcs4.i586.rpm 6a32aebf65252655762e4b276765435e corporate/4.0/i586/libwireshark0-1.2.17-0.1.20060mlcs4.i586.rpm d3170e8152da4c8911e4a997f68434e6 corporate/4.0/i586/libwireshark-devel-1.2.17-0.1.20060mlcs4.i586.rpm a352fd66d6778a139e6ba01723fed2fd corporate/4.0/i586/rawshark-1.2.17-0.1.20060mlcs4.i586.rpm db3c0befa16510f4cb4ecb1420a6d261 corporate/4.0/i586/tshark-1.2.17-0.1.20060mlcs4.i586.rpm c558f334fa91cef5b92c8de899a138f0 corporate/4.0/i586/wireshark-1.2.17-0.1.20060mlcs4.i586.rpm 60f329a78d00c9c22cbb3b1bf7464ba4 corporate/4.0/i586/wireshark-tools-1.2.17-0.1.20060mlcs4.i586.rpm 45b07dac18687757472e952371f0c7a5 corporate/4.0/SRPMS/wireshark-1.2.17-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: b6c85c2f78b59e35e0a07d040fe9ab2e corporate/4.0/x86_64/dumpcap-1.2.17-0.1.20060mlcs4.x86_64.rpm f7947f2f688a2989edee5202ed7edb4c corporate/4.0/x86_64/lib64wireshark0-1.2.17-0.1.20060mlcs4.x86_64.rpm 1d3938c349d356b719b1461340744a07 corporate/4.0/x86_64/lib64wireshark-devel-1.2.17-0.1.20060mlcs4.x86_64.rpm 615e1104bb0cc89494cd018802c8db99 corporate/4.0/x86_64/rawshark-1.2.17-0.1.20060mlcs4.x86_64.rpm 759e77482159d94b723f2e3cdcad3987 corporate/4.0/x86_64/tshark-1.2.17-0.1.20060mlcs4.x86_64.rpm 20bc7d7883ec6ad04661540aac91750b corporate/4.0/x86_64/wireshark-1.2.17-0.1.20060mlcs4.x86_64.rpm 7552340c66ecaf4ca3c343efd2687844 corporate/4.0/x86_64/wireshark-tools-1.2.17-0.1.20060mlcs4.x86_64.rpm 45b07dac18687757472e952371f0c7a5 corporate/4.0/SRPMS/wireshark-1.2.17-0.1.20060mlcs4.src.rpm Mandriva Enterprise Server 5: aaa5c6d5fc4d2c95ac4195e47d33fafa mes5/i586/dumpcap-1.2.17-0.1mdvmes5.2.i586.rpm 6d58055269e6092d0a5686a4a8c42ac3 mes5/i586/libwireshark0-1.2.17-0.1mdvmes5.2.i586.rpm a3cb3bb89e80fe29c790f6e8b063b131 mes5/i586/libwireshark-devel-1.2.17-0.1mdvmes5.2.i586.rpm 79fa5c8f2a5eb746b1187c65cbae4e40 mes5/i586/rawshark-1.2.17-0.1mdvmes5.2.i586.rpm e100f6d645ab73a1fc5a9deb84606698 mes5/i586/tshark-1.2.17-0.1mdvmes5.2.i586.rpm 4b04325c54878e19f1f4c72311560034 mes5/i586/wireshark-1.2.17-0.1mdvmes5.2.i586.rpm 5527a82f63a08dd5c975155e1fedd338 mes5/i586/wireshark-tools-1.2.17-0.1mdvmes5.2.i586.rpm 55e251303583720d3cb1017a6ee760cb mes5/SRPMS/wireshark-1.2.17-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: cfb3fce8ca61979a2a6460ae5bb1e0fa mes5/x86_64/dumpcap-1.2.17-0.1mdvmes5.2.x86_64.rpm a0143cf4fd861df6d0e48f64fde3b624 mes5/x86_64/lib64wireshark0-1.2.17-0.1mdvmes5.2.x86_64.rpm 06d2eabbcefdc213ca49eea94861384f mes5/x86_64/lib64wireshark-devel-1.2.17-0.1mdvmes5.2.x86_64.rpm e280f7279b408002816ac4a4cc5011db mes5/x86_64/rawshark-1.2.17-0.1mdvmes5.2.x86_64.rpm 9268040d3f61500dda520eab5ac49fd6 mes5/x86_64/tshark-1.2.17-0.1mdvmes5.2.x86_64.rpm 9277a5ee2abdb2382e123269f7ea2688 mes5/x86_64/wireshark-1.2.17-0.1mdvmes5.2.x86_64.rpm e9d8581141921e54a69932192f96b817 mes5/x86_64/wireshark-tools-1.2.17-0.1mdvmes5.2.x86_64.rpm 55e251303583720d3cb1017a6ee760cb mes5/SRPMS/wireshark-1.2.17-0.1mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFN5hCamqjQ0CJFipgRAtWMAKC7lUm7KIzYoaUyDLAldfYfMgyPAACg2atx qx2ViMyJnyfW7cy9RohtHzE= =IUCE -----END PGP SIGNATURE-----