-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:125 http://www.mandriva.com/security/ _______________________________________________________________________ Package : wireshark Date : August 6, 2012 Affected: 2011., Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities was found and corrected in Wireshark: It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file (CVE-2012-4048). It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file (CVE-2012-4049). This advisory provides the latest versiona of Wireshark (1.4.14, 1.6.8) which is not vulnerable to these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4049 http://www.wireshark.org/security/wnpa-sec-2012-11.html http://www.wireshark.org/security/wnpa-sec-2012-12.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2011: f3ffccbd9181351dae1d2c0b758cbf37 2011/i586/dumpcap-1.6.9-0.1-mdv2011.0.i586.rpm 2e4f9f20e5700174f5fca72fe971e7f4 2011/i586/libwireshark1-1.6.9-0.1-mdv2011.0.i586.rpm 4cfcdf10019b8acd1c31463bdd197e23 2011/i586/libwireshark-devel-1.6.9-0.1-mdv2011.0.i586.rpm 07fcde7006fe2e37a5750f9315ec3d2c 2011/i586/rawshark-1.6.9-0.1-mdv2011.0.i586.rpm 959a554376c637f102c9554857f8e6d8 2011/i586/tshark-1.6.9-0.1-mdv2011.0.i586.rpm 3268efef55ceeec0c7bd92fa6cc88aff 2011/i586/wireshark-1.6.9-0.1-mdv2011.0.i586.rpm bab97929a14abe2ad00304666ec8b245 2011/i586/wireshark-tools-1.6.9-0.1-mdv2011.0.i586.rpm 1030bf8c8d4d1cbcc94311783ef024ed 2011/SRPMS/wireshark-1.6.9-0.1.src.rpm Mandriva Linux 2011/X86_64: 55643125eac0aa52d7aefc3c79865aca 2011/x86_64/dumpcap-1.6.9-0.1-mdv2011.0.x86_64.rpm de6d050196f470c2957b7f029f244fa0 2011/x86_64/lib64wireshark1-1.6.9-0.1-mdv2011.0.x86_64.rpm 7a118e7b16666246e012925f82089a3a 2011/x86_64/lib64wireshark-devel-1.6.9-0.1-mdv2011.0.x86_64.rpm 8a1e82c5eeb39601b4bc1a84b2e7b3dc 2011/x86_64/rawshark-1.6.9-0.1-mdv2011.0.x86_64.rpm ecf48e205ae56a633ebba9aee42c2652 2011/x86_64/tshark-1.6.9-0.1-mdv2011.0.x86_64.rpm 769dbbba44184f7688d65c7796c9a09a 2011/x86_64/wireshark-1.6.9-0.1-mdv2011.0.x86_64.rpm 874c594675dd32c845b4ca2f7906ebf6 2011/x86_64/wireshark-tools-1.6.9-0.1-mdv2011.0.x86_64.rpm 1030bf8c8d4d1cbcc94311783ef024ed 2011/SRPMS/wireshark-1.6.9-0.1.src.rpm Mandriva Enterprise Server 5: 16739c56347a27bc2ec7aabb2be8bd0f mes5/i586/dumpcap-1.4.14-0.1mdvmes5.2.i586.rpm 2e2b32f8a0353d40a845305a6d4358a6 mes5/i586/libwireshark0-1.4.14-0.1mdvmes5.2.i586.rpm f45141ca30f2a5e3eab17e2be47db83f mes5/i586/libwireshark-devel-1.4.14-0.1mdvmes5.2.i586.rpm 8687707fa691ecc28820a9530b999e7b mes5/i586/rawshark-1.4.14-0.1mdvmes5.2.i586.rpm 74f48956f17a1d8c2ae979e16266d192 mes5/i586/tshark-1.4.14-0.1mdvmes5.2.i586.rpm d67c8fe15fb4cb1adfe382ec1de560ed mes5/i586/wireshark-1.4.14-0.1mdvmes5.2.i586.rpm b30607a3a748fd366b9b4e0633c9b73e mes5/i586/wireshark-tools-1.4.14-0.1mdvmes5.2.i586.rpm 392f5a6307f5b89f4c76778e55b70ba6 mes5/SRPMS/wireshark-1.4.14-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 4ebd9a744ae2b266acb47151f99fb5e3 mes5/x86_64/dumpcap-1.4.14-0.1mdvmes5.2.x86_64.rpm 5db432a062c8a779db4b91ca0936afca mes5/x86_64/lib64wireshark0-1.4.14-0.1mdvmes5.2.x86_64.rpm abd972eb433c6953ffde0f729d3db2d4 mes5/x86_64/lib64wireshark-devel-1.4.14-0.1mdvmes5.2.x86_64.rpm dcd1f95845241b0185881b4dc3c03926 mes5/x86_64/rawshark-1.4.14-0.1mdvmes5.2.x86_64.rpm 1f6e17dca6e5341abbcb023ccfcd2279 mes5/x86_64/tshark-1.4.14-0.1mdvmes5.2.x86_64.rpm fbdadf4ffd48a6b0a9055180a9b29f08 mes5/x86_64/wireshark-1.4.14-0.1mdvmes5.2.x86_64.rpm 00854c699d93b24b7a6e1d884e8c534a mes5/x86_64/wireshark-tools-1.4.14-0.1mdvmes5.2.x86_64.rpm 392f5a6307f5b89f4c76778e55b70ba6 mes5/SRPMS/wireshark-1.4.14-0.1mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFQH6JpmqjQ0CJFipgRAl+kAJ9gUVOZp2sMBqhkmkk/FZsfn38x0QCgw41K CgFRtsp/hwri5v7fhPx93KM= =cXYu -----END PGP SIGNATURE-----