-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:159 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : wireshark Date : August 8, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in wireshark: * The Catapult DCT2000 and IrDA dissectors could underrun a buffer (CVE-2014-5161, CVE-2014-5162). * The GTP and GSM Management dissectors could crash (CVE-2014-5163). * The RLC dissector could crash (CVE-2014-5164). * The ASN.1 BER dissector could crash (CVE-2014-5165). The updated packages have been upgraded to the 1.10.9 version where these security flaws has been fixed. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5165 https://www.wireshark.org/security/wnpa-sec-2014-08.html https://www.wireshark.org/security/wnpa-sec-2014-09.html https://www.wireshark.org/security/wnpa-sec-2014-10.html https://www.wireshark.org/security/wnpa-sec-2014-11.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 24e40ed80d9445dbc612e3cef008fcb9 mbs1/x86_64/dumpcap-1.10.9-1.mbs1.x86_64.rpm df4352153be18ce3ac44d7d881a3e8d4 mbs1/x86_64/lib64wireshark3-1.10.9-1.mbs1.x86_64.rpm c15a267f427e2c75fe8a07daa1c3aa07 mbs1/x86_64/lib64wireshark-devel-1.10.9-1.mbs1.x86_64.rpm bf302a093c6a0ec76981fb8bb87a38d1 mbs1/x86_64/lib64wiretap3-1.10.9-1.mbs1.x86_64.rpm 8fe8436f9a57e312b07b29af3bafe647 mbs1/x86_64/lib64wsutil3-1.10.9-1.mbs1.x86_64.rpm 60311fdcecbf510417290b4594299082 mbs1/x86_64/rawshark-1.10.9-1.mbs1.x86_64.rpm 6abddad19c35810e5df8390b47aa7046 mbs1/x86_64/tshark-1.10.9-1.mbs1.x86_64.rpm b6eedad02d0fe68f696f8379f23b090c mbs1/x86_64/wireshark-1.10.9-1.mbs1.x86_64.rpm fd5bbe1363461548a46652cb8b75e45c mbs1/x86_64/wireshark-tools-1.10.9-1.mbs1.x86_64.rpm 2da0d93d36fb5b30b27fc524399cf20e mbs1/SRPMS/wireshark-1.10.9-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFT5NGSmqjQ0CJFipgRAtCCAKD2BXHvASFNz/dQ2Qv9f8yr3DneUACgmJht RqW08wYHGkDQVWZrzE4+m5o= =zyXs -----END PGP SIGNATURE-----