-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:200 http://www.mandriva.com/security/ _______________________________________________________________________ Package : wireshark Date : October 13, 2010 Affected: 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: It was discovered that the ASN.1 BER dissector in wireshark was susceptible to a stack overflow (CVE-2010-3445). For 2010.0 and 2010.1 wireshark was upgraded to v1.2.12 which is not vulnerable to this issue and was patched for CS4 and MES5 to resolve the vulnerability. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name= https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5230 http://www.wireshark.org/security/wnpa-sec-2010-11.html http://www.wireshark.org/security/wnpa-sec-2010-12.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.0: f40ac2df7d649771ca4436997815ff7d 2010.0/i586/dumpcap-1.2.12-0.1mdv2010.0.i586.rpm 6b1ff44460cb8c2d13fe79a7727a7576 2010.0/i586/libwireshark0-1.2.12-0.1mdv2010.0.i586.rpm f1b70e6241c58b97fcaeb694801e939b 2010.0/i586/libwireshark-devel-1.2.12-0.1mdv2010.0.i586.rpm cd3df61a371dd1deccf8fd8fbca80aa7 2010.0/i586/rawshark-1.2.12-0.1mdv2010.0.i586.rpm 960c3289f6e2185517161d9223476d97 2010.0/i586/tshark-1.2.12-0.1mdv2010.0.i586.rpm e46825ba00c144e3f4de545a7996c9ca 2010.0/i586/wireshark-1.2.12-0.1mdv2010.0.i586.rpm 3c30f330037371e1d9f5abbe393e2950 2010.0/i586/wireshark-tools-1.2.12-0.1mdv2010.0.i586.rpm c872e89346410766c482dbf846883e3c 2010.0/SRPMS/wireshark-1.2.12-0.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 92be514a497b7463a322d846e6b7e9f6 2010.0/x86_64/dumpcap-1.2.12-0.1mdv2010.0.x86_64.rpm 90c09a2441ab754559cbd8ac8aff112c 2010.0/x86_64/lib64wireshark0-1.2.12-0.1mdv2010.0.x86_64.rpm 779e8575d192294604fa65970edc5279 2010.0/x86_64/lib64wireshark-devel-1.2.12-0.1mdv2010.0.x86_64.rpm c7e58ccd2579d611b0cc30aeec55499f 2010.0/x86_64/rawshark-1.2.12-0.1mdv2010.0.x86_64.rpm 5588757ab177b0992f0cef2a169fd922 2010.0/x86_64/tshark-1.2.12-0.1mdv2010.0.x86_64.rpm a5c953819a8ecbade91aa69a6a9ebf36 2010.0/x86_64/wireshark-1.2.12-0.1mdv2010.0.x86_64.rpm b2a51e06e507aab3af42db5bde28e6ea 2010.0/x86_64/wireshark-tools-1.2.12-0.1mdv2010.0.x86_64.rpm c872e89346410766c482dbf846883e3c 2010.0/SRPMS/wireshark-1.2.12-0.1mdv2010.0.src.rpm Mandriva Linux 2010.1: 5c62d199b162f3234aa1b6bcd1b762a2 2010.1/i586/dumpcap-1.2.12-0.1mdv2010.1.i586.rpm f471133514b535a05e3ff34f6d143249 2010.1/i586/libwireshark0-1.2.12-0.1mdv2010.1.i586.rpm a9a220bbe0b0f00cb3fd4346f3840e4d 2010.1/i586/libwireshark-devel-1.2.12-0.1mdv2010.1.i586.rpm 21029c832b5e55cc7b1a560d1c94d364 2010.1/i586/rawshark-1.2.12-0.1mdv2010.1.i586.rpm f6669ac7083215d23bdaf60c3bff67c2 2010.1/i586/tshark-1.2.12-0.1mdv2010.1.i586.rpm 3e81b5bcf9921fac5ac5c1faee72dd59 2010.1/i586/wireshark-1.2.12-0.1mdv2010.1.i586.rpm a7290eb217dd4b33b309ef6012d6495a 2010.1/i586/wireshark-tools-1.2.12-0.1mdv2010.1.i586.rpm a163debb57786ad7e057be1adbc42dc6 2010.1/SRPMS/wireshark-1.2.12-0.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: 7404e0d17a12cae4bc0eab808b4c7910 2010.1/x86_64/dumpcap-1.2.12-0.1mdv2010.1.x86_64.rpm 4a11c3b558b22da2a4992f316e172b76 2010.1/x86_64/lib64wireshark0-1.2.12-0.1mdv2010.1.x86_64.rpm fd8be9700208d2de0deb68b4c52dbf29 2010.1/x86_64/lib64wireshark-devel-1.2.12-0.1mdv2010.1.x86_64.rpm 5c55ed9782c1c621bd6fbbc26d4e5a4f 2010.1/x86_64/rawshark-1.2.12-0.1mdv2010.1.x86_64.rpm b03b323ea0bca097af95a375b644f0db 2010.1/x86_64/tshark-1.2.12-0.1mdv2010.1.x86_64.rpm ac8a98fba0778c3b6e605dc56d685137 2010.1/x86_64/wireshark-1.2.12-0.1mdv2010.1.x86_64.rpm 0441430e34ea5dad2fe88367c2d49a4f 2010.1/x86_64/wireshark-tools-1.2.12-0.1mdv2010.1.x86_64.rpm a163debb57786ad7e057be1adbc42dc6 2010.1/SRPMS/wireshark-1.2.12-0.1mdv2010.1.src.rpm Corporate 4.0: a1587f7fd3ad986b4c77b4fefc7cffe4 corporate/4.0/i586/dumpcap-1.0.15-0.2.20060mlcs4.i586.rpm b549bc8586bec1a9d39a52c483086a74 corporate/4.0/i586/libwireshark0-1.0.15-0.2.20060mlcs4.i586.rpm ad5189043e06c0ca244dadbef04713ae corporate/4.0/i586/libwireshark-devel-1.0.15-0.2.20060mlcs4.i586.rpm 12271d314116cbbcae2752103e2c2833 corporate/4.0/i586/rawshark-1.0.15-0.2.20060mlcs4.i586.rpm 902578159f4ac5e1c6cb46b694abfbd6 corporate/4.0/i586/tshark-1.0.15-0.2.20060mlcs4.i586.rpm 4ec8f9b9d98406b4b66058d187449447 corporate/4.0/i586/wireshark-1.0.15-0.2.20060mlcs4.i586.rpm 457d599fcff364ff83f781536319bde0 corporate/4.0/i586/wireshark-tools-1.0.15-0.2.20060mlcs4.i586.rpm 237f35e28dde484145ea6818d3bdeb35 corporate/4.0/SRPMS/wireshark-1.0.15-0.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: d5ee916cf712de37c061b90dc428595b corporate/4.0/x86_64/dumpcap-1.0.15-0.2.20060mlcs4.x86_64.rpm a78bdeb3a412fe624afbf370faa63ca2 corporate/4.0/x86_64/lib64wireshark0-1.0.15-0.2.20060mlcs4.x86_64.rpm 439edea75eb61a18236839c051927726 corporate/4.0/x86_64/lib64wireshark-devel-1.0.15-0.2.20060mlcs4.x86_64.rpm 933730b1bf446d96681e03bb7e8b77a9 corporate/4.0/x86_64/rawshark-1.0.15-0.2.20060mlcs4.x86_64.rpm cb576f13d3fe98af597c1174db94680e corporate/4.0/x86_64/tshark-1.0.15-0.2.20060mlcs4.x86_64.rpm 0dadd636756c86be73272a3e52eeb2b0 corporate/4.0/x86_64/wireshark-1.0.15-0.2.20060mlcs4.x86_64.rpm f166b39458ace00ab82b0bc3cb26d0d8 corporate/4.0/x86_64/wireshark-tools-1.0.15-0.2.20060mlcs4.x86_64.rpm 237f35e28dde484145ea6818d3bdeb35 corporate/4.0/SRPMS/wireshark-1.0.15-0.2.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 36fc3359d0837a4e99ddaa39c08fac14 mes5/i586/dumpcap-1.0.15-0.2mdvmes5.1.i586.rpm a7e80b330d95ce5a882d5b4cc3b9daa0 mes5/i586/libwireshark0-1.0.15-0.2mdvmes5.1.i586.rpm e91f395a7e1bf38997a5e7346129eca9 mes5/i586/libwireshark-devel-1.0.15-0.2mdvmes5.1.i586.rpm 676221c2b1db8c1ea855adc6b6c2cdcd mes5/i586/rawshark-1.0.15-0.2mdvmes5.1.i586.rpm 6aa18b2c65a37449ee1b55f76b06c7b0 mes5/i586/tshark-1.0.15-0.2mdvmes5.1.i586.rpm e5c00d579270c2b83fdd0a4c0ab2dd41 mes5/i586/wireshark-1.0.15-0.2mdvmes5.1.i586.rpm 26961535b9defa4cee65c2687772672d mes5/i586/wireshark-tools-1.0.15-0.2mdvmes5.1.i586.rpm 15470206d4632a0ca26c1c8c4c54954b mes5/SRPMS/wireshark-1.0.15-0.2mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: df38c30fed1ff3a5c4a53b7c27112bd5 mes5/x86_64/dumpcap-1.0.15-0.2mdvmes5.1.x86_64.rpm 69e44cc6333a09c87a79dba552615be6 mes5/x86_64/lib64wireshark0-1.0.15-0.2mdvmes5.1.x86_64.rpm 0f27ccfdac100c5761fb88528b3344a1 mes5/x86_64/lib64wireshark-devel-1.0.15-0.2mdvmes5.1.x86_64.rpm bd895bd6785072eb2773cadde01ea7ad mes5/x86_64/rawshark-1.0.15-0.2mdvmes5.1.x86_64.rpm 9a2438c11ba437ce0c7a4c6e919355ea mes5/x86_64/tshark-1.0.15-0.2mdvmes5.1.x86_64.rpm ef30b0a1dd50d2d7c6ac7675c5188c0b mes5/x86_64/wireshark-1.0.15-0.2mdvmes5.1.x86_64.rpm 0c2f49379d8cc212b55612f9716507db mes5/x86_64/wireshark-tools-1.0.15-0.2mdvmes5.1.x86_64.rpm 15470206d4632a0ca26c1c8c4c54954b mes5/SRPMS/wireshark-1.0.15-0.2mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD4DBQFMtajhmqjQ0CJFipgRAvAaAJUW6eyGO4pIywGTJsg1MLRXwSMIAJ4qnAUp m1kKVUlRRH2sOhg9V3Z/Iw== =S/af -----END PGP SIGNATURE-----