LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: August 25th, 2014
Linux Advisory Watch: August 15th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Low: wireshark security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux New Wireshark packages that fix various security vulnerabilities are now available for Red Hat Enterprise Linux 5. Wireshark was previously known as Ethereal. Several denial of service bugs were found in Wireshark's HTTP, iSeries, DCP ETSI, SSL, MMS, DHCP and BOOTP protocol dissectors. It was possible for Wireshark to crash or stop responding if it read a malformed packet off the network. This update has been rated as having low security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Low: wireshark security update
Advisory ID:       RHSA-2007:0710-04
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0710.html
Issue date:        2007-11-07
Updated on:        2007-11-07
Product:           Red Hat Enterprise Linux
Keywords:          HTTP iSeries DCP ETSI SSL MMS DHCP BOOTP crash loop DoS
CVE Names:         CVE-2007-3389 CVE-2007-3390 CVE-2007-3391 
                   CVE-2007-3392 CVE-2007-3393 
- ---------------------------------------------------------------------

1. Summary:

New Wireshark packages that fix various security vulnerabilities are now
available for Red Hat Enterprise Linux 5.  Wireshark was previously known
as Ethereal.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

Wireshark is a program for monitoring network traffic.

Several denial of service bugs were found in Wireshark's HTTP, iSeries, DCP
ETSI, SSL, MMS, DHCP and BOOTP protocol dissectors.  It was possible for
Wireshark to crash or stop responding if it read a malformed packet off the
network. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392,
CVE-2007-3393)

Users of Wireshark and Ethereal should upgrade to these updated packages,
containing Wireshark version 0.99.6, which is not vulnerable to these
issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

245796 - CVE-2007-3389 Wireshark crashes when inspecting HTTP traffic
245797 - CVE-2007-3391 Wireshark loops infinitely when inspecting DCP ETSI traffic
245798 - CVE-2007-3392 Wireshark loops infinitely when inspecting SSL traffic
246221 - CVE-2007-3393 Wireshark corrupts the stack when inspecting BOOTP traffic
246225 - CVE-2007-3390 Wireshark crashes when inspecting iSeries traffic
246229 - CVE-2007-3392 Wireshark crashes when inspecting MMS traffic

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/wireshark-0.99.6-1.el5.src.rpm
f49fa8d0277d49cd8eaca3cab3d72990  wireshark-0.99.6-1.el5.src.rpm

i386:
47debd82ab5bc864a3cdd9dd64484282  wireshark-0.99.6-1.el5.i386.rpm
48c58d3ef97e8cf0f77a9301853c2987  wireshark-debuginfo-0.99.6-1.el5.i386.rpm

x86_64:
a28ed04bd22158d7cf68bc71589b82c4  wireshark-0.99.6-1.el5.x86_64.rpm
7141bfcf3751bed8454c1b9f3204d8cd  wireshark-debuginfo-0.99.6-1.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/wireshark-0.99.6-1.el5.src.rpm
f49fa8d0277d49cd8eaca3cab3d72990  wireshark-0.99.6-1.el5.src.rpm

i386:
48c58d3ef97e8cf0f77a9301853c2987  wireshark-debuginfo-0.99.6-1.el5.i386.rpm
b9b63d2c30c0100d5f573ebc81bd4023  wireshark-gnome-0.99.6-1.el5.i386.rpm

x86_64:
7141bfcf3751bed8454c1b9f3204d8cd  wireshark-debuginfo-0.99.6-1.el5.x86_64.rpm
8fc46b79d4d74c5434b5a673c38d80d0  wireshark-gnome-0.99.6-1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/wireshark-0.99.6-1.el5.src.rpm
f49fa8d0277d49cd8eaca3cab3d72990  wireshark-0.99.6-1.el5.src.rpm

i386:
47debd82ab5bc864a3cdd9dd64484282  wireshark-0.99.6-1.el5.i386.rpm
48c58d3ef97e8cf0f77a9301853c2987  wireshark-debuginfo-0.99.6-1.el5.i386.rpm
b9b63d2c30c0100d5f573ebc81bd4023  wireshark-gnome-0.99.6-1.el5.i386.rpm

ia64:
9803781c960202e93b07c15edfac733c  wireshark-0.99.6-1.el5.ia64.rpm
8e77dc603a06d63b8e53c813d61e607b  wireshark-debuginfo-0.99.6-1.el5.ia64.rpm
3711e4d1653c0aac43ee7b08f5149304  wireshark-gnome-0.99.6-1.el5.ia64.rpm

ppc:
598a710138caa4c174306ba4930201d4  wireshark-0.99.6-1.el5.ppc.rpm
b636439b3c01926fd707162d5c902084  wireshark-debuginfo-0.99.6-1.el5.ppc.rpm
7560565717c181cf210eab9438ae5f29  wireshark-gnome-0.99.6-1.el5.ppc.rpm

s390x:
25ac5e44a7a5dcd87c77292999b2501c  wireshark-0.99.6-1.el5.s390x.rpm
aae09261c552e0c87883df3c155ce2f8  wireshark-debuginfo-0.99.6-1.el5.s390x.rpm
2238fbab472c7f05b7b3ac801f8652dc  wireshark-gnome-0.99.6-1.el5.s390x.rpm

x86_64:
a28ed04bd22158d7cf68bc71589b82c4  wireshark-0.99.6-1.el5.x86_64.rpm
7141bfcf3751bed8454c1b9f3204d8cd  wireshark-debuginfo-0.99.6-1.el5.x86_64.rpm
8fc46b79d4d74c5434b5a673c38d80d0  wireshark-gnome-0.99.6-1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3393
http://www.wireshark.org/docs/relnotes/wireshark-0.99.6.html
http://www.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.