-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:164
http://www.mandriva.com/security/
_______________________________________________________________________
Package : wireshark
Date : November 2, 2011
Affected: 2011.
_______________________________________________________________________
Problem Description:
This advisory updates wireshark to the latest version (1.6.3), fixing
several security issues:
An uninitialized variable in the CSN.1 dissector could cause a crash
(CVE-2011-4100).
Huzaifa Sidhpurwala of Red Hat Security Response Team discovered
that the Infiniband dissector could dereference a NULL pointer
(CVE-2011-4101).
Huzaifa Sidhpurwala of Red Hat Security Response Team discovered a
buffer overflow in the ERF file reader (CVE-2011-4102).
The updated packages have been upgraded to the latest 1.6.x version
(1.6.3) which is not vulnerable to these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4102
http://www.wireshark.org/security/wnpa-sec-2011-17.html
http://www.wireshark.org/security/wnpa-sec-2011-18.html
http://www.wireshark.org/security/wnpa-sec-2011-19.html
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2011:
0b5ac9722ad8eab01e3806d308c3e5be
2011/i586/dumpcap-1.6.3-0.1-mdv2011.0.i586.rpm
6e19c82aa19d8f3538454e791efda914
2011/i586/libwireshark1-1.6.3-0.1-mdv2011.0.i586.rpm
a65286ff617109423a548d3af675ce25
2011/i586/libwireshark-devel-1.6.3-0.1-mdv2011.0.i586.rpm
a1a8effdebd29e525f4069e22d689599
2011/i586/rawshark-1.6.3-0.1-mdv2011.0.i586.rpm
1eae86f6dc50df492f9da0098eb889ae
2011/i586/tshark-1.6.3-0.1-mdv2011.0.i586.rpm
a3a78552342edfb562c9019dbf223cca
2011/i586/wireshark-1.6.3-0.1-mdv2011.0.i586.rpm
77e7f551ef26d0bc667118091c77059e
2011/i586/wireshark-tools-1.6.3-0.1-mdv2011.0.i586.rpm
62f46aea01740a89b0cd31baf9ac82a1 2011/SRPMS/wireshark-1.6.3-0.1.src.rpm
Mandriva Linux 2011/X86_64:
200c7fce5888bbd88badb78a757692df
2011/x86_64/dumpcap-1.6.3-0.1-mdv2011.0.x86_64.rpm
2bbb9dd050ee7c7abf4022d67d886d41
2011/x86_64/lib64wireshark1-1.6.3-0.1-mdv2011.0.x86_64.rpm
0fb9974d9a755593f5ec8977c22f25ac
2011/x86_64/lib64wireshark-devel-1.6.3-0.1-mdv2011.0.x86_64.rpm
a16851c1d3f6444c6c8a2b0c56ad5570
2011/x86_64/rawshark-1.6.3-0.1-mdv2011.0.x86_64.rpm
14565aa0dbc8261a969b983f0a93aea3
2011/x86_64/tshark-1.6.3-0.1-mdv2011.0.x86_64.rpm
7257cfd3572e2fef8ee166abd3e7471f
2011/x86_64/wireshark-1.6.3-0.1-mdv2011.0.x86_64.rpm
b06e4710c4d0e21bcd367a67cc7f1fb4
2011/x86_64/wireshark-tools-1.6.3-0.1-mdv2011.0.x86_64.rpm
62f46aea01740a89b0cd31baf9ac82a1 2011/SRPMS/wireshark-1.6.3-0.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFOsSnpmqjQ0CJFipgRAu0vAKDZN4pCvOqGm0kL1yqDacJXeUgbhQCfWBNx
FLThhT8zQa9eZYug6gzxREo=
=KSPx
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke