- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Low: wireshark security and bug fix update
Advisory ID:       RHSA-2007:0709-02
Advisory URL:      https://access.redhat.com/errata/RHSA-2007:0709.html
Issue date:        2007-11-15
Updated on:        2007-11-15
Product:           Red Hat Enterprise Linux
Keywords:          HTTP iSeries DCP ETSI SSL MMS DHCP BOOTP crash loop DoS IPMI
CVE Names:         CVE-2007-3389 CVE-2007-3390 CVE-2007-3391 
                   CVE-2007-3392 CVE-2007-3393 
- ---------------------------------------------------------------------1. Summary:

New Wireshark packages that fix various security vulnerabilities and
functionality bugs are now available for Red Hat Enterprise Linux 4.
Wireshark was previously known as Ethereal.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Wireshark is a program for monitoring network traffic.

Several denial of service bugs were found in Wireshark's HTTP, iSeries, DCP
ETSI, SSL, MMS, DHCP and BOOTP protocol dissectors. It was possible for
Wireshark to crash or stop responding if it read a malformed packet off the
network. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392,
CVE-2007-3393)

Wireshark would interpret certain completion codes incorrectly when
dissecting IPMI traffic. Additionally, IPMI 2.0 packets would be reported
as malformed IPMI traffic.

Users of Wireshark should upgrade to these updated packages containing
Wireshark version 0.99.6, which correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at

5. Bug IDs fixed (http://bugzilla.redhat.com/):

245796 - CVE-2007-3389 Wireshark crashes when inspecting HTTP traffic
245797 - CVE-2007-3391 Wireshark loops infinitely when inspecting DCP ETSI traffic
245798 - CVE-2007-3392 Wireshark loops infinitely when inspecting SSL traffic
246221 - CVE-2007-3393 Wireshark corrupts the stack when inspecting BOOTP traffic
246225 - CVE-2007-3390 Wireshark crashes when inspecting iSeries traffic
246229 - CVE-2007-3392 Wireshark crashes when inspecting MMS traffic

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
2d8ad27725033ac2bbadd5a385b6ae76  wireshark-0.99.6-EL4.1.src.rpm

i386:
3c6c77126ea4b1999f75a18a283d6499  wireshark-0.99.6-EL4.1.i386.rpm
8ac66efd8177234af75cf8af1bed2706  wireshark-debuginfo-0.99.6-EL4.1.i386.rpm
ce5d1420de890fab97bb8c84617d1f25  wireshark-gnome-0.99.6-EL4.1.i386.rpm

ia64:
1db9e6a01562b42162772472433ec40c  wireshark-0.99.6-EL4.1.ia64.rpm
4602cc3474ca776e4b8a3340664fa308  wireshark-debuginfo-0.99.6-EL4.1.ia64.rpm
2be1f400717544434423277057fb8a6a  wireshark-gnome-0.99.6-EL4.1.ia64.rpm

ppc:
851e28e735d2cca81f036e84c10592de  wireshark-0.99.6-EL4.1.ppc.rpm
c1aa1b3e309e1246d2b2067811b759fe  wireshark-debuginfo-0.99.6-EL4.1.ppc.rpm
ca38499152427371121737fcfe545a1a  wireshark-gnome-0.99.6-EL4.1.ppc.rpm

s390:
deaa06304c3926eed158bed8a15b2e2b  wireshark-0.99.6-EL4.1.s390.rpm
c63f46b2598583595ca4d4d38d7e44b0  wireshark-debuginfo-0.99.6-EL4.1.s390.rpm
2020932bacbcdbbad055735ac0b0100e  wireshark-gnome-0.99.6-EL4.1.s390.rpm

s390x:
dc81c1505a3040328ab53cd449b388cd  wireshark-0.99.6-EL4.1.s390x.rpm
a22957a9c7bdf4976edcd2f6d7c0c5d2  wireshark-debuginfo-0.99.6-EL4.1.s390x.rpm
88a5ef4d0cf176f18fcf0381c8e80d2e  wireshark-gnome-0.99.6-EL4.1.s390x.rpm

x86_64:
a42ab0969e973cdab74c439427e21cfe  wireshark-0.99.6-EL4.1.x86_64.rpm
6d12a229024b47a7ad5b6efcf71cb1d7  wireshark-debuginfo-0.99.6-EL4.1.x86_64.rpm
0c41fb92a893e0e031be4be98d54db3d  wireshark-gnome-0.99.6-EL4.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
2d8ad27725033ac2bbadd5a385b6ae76  wireshark-0.99.6-EL4.1.src.rpm

i386:
3c6c77126ea4b1999f75a18a283d6499  wireshark-0.99.6-EL4.1.i386.rpm
8ac66efd8177234af75cf8af1bed2706  wireshark-debuginfo-0.99.6-EL4.1.i386.rpm
ce5d1420de890fab97bb8c84617d1f25  wireshark-gnome-0.99.6-EL4.1.i386.rpm

x86_64:
a42ab0969e973cdab74c439427e21cfe  wireshark-0.99.6-EL4.1.x86_64.rpm
6d12a229024b47a7ad5b6efcf71cb1d7  wireshark-debuginfo-0.99.6-EL4.1.x86_64.rpm
0c41fb92a893e0e031be4be98d54db3d  wireshark-gnome-0.99.6-EL4.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
2d8ad27725033ac2bbadd5a385b6ae76  wireshark-0.99.6-EL4.1.src.rpm

i386:
3c6c77126ea4b1999f75a18a283d6499  wireshark-0.99.6-EL4.1.i386.rpm
8ac66efd8177234af75cf8af1bed2706  wireshark-debuginfo-0.99.6-EL4.1.i386.rpm
ce5d1420de890fab97bb8c84617d1f25  wireshark-gnome-0.99.6-EL4.1.i386.rpm

ia64:
1db9e6a01562b42162772472433ec40c  wireshark-0.99.6-EL4.1.ia64.rpm
4602cc3474ca776e4b8a3340664fa308  wireshark-debuginfo-0.99.6-EL4.1.ia64.rpm
2be1f400717544434423277057fb8a6a  wireshark-gnome-0.99.6-EL4.1.ia64.rpm

x86_64:
a42ab0969e973cdab74c439427e21cfe  wireshark-0.99.6-EL4.1.x86_64.rpm
6d12a229024b47a7ad5b6efcf71cb1d7  wireshark-debuginfo-0.99.6-EL4.1.x86_64.rpm
0c41fb92a893e0e031be4be98d54db3d  wireshark-gnome-0.99.6-EL4.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
2d8ad27725033ac2bbadd5a385b6ae76  wireshark-0.99.6-EL4.1.src.rpm

i386:
3c6c77126ea4b1999f75a18a283d6499  wireshark-0.99.6-EL4.1.i386.rpm
8ac66efd8177234af75cf8af1bed2706  wireshark-debuginfo-0.99.6-EL4.1.i386.rpm
ce5d1420de890fab97bb8c84617d1f25  wireshark-gnome-0.99.6-EL4.1.i386.rpm

ia64:
1db9e6a01562b42162772472433ec40c  wireshark-0.99.6-EL4.1.ia64.rpm
4602cc3474ca776e4b8a3340664fa308  wireshark-debuginfo-0.99.6-EL4.1.ia64.rpm
2be1f400717544434423277057fb8a6a  wireshark-gnome-0.99.6-EL4.1.ia64.rpm

x86_64:
a42ab0969e973cdab74c439427e21cfe  wireshark-0.99.6-EL4.1.x86_64.rpm
6d12a229024b47a7ad5b6efcf71cb1d7  wireshark-debuginfo-0.99.6-EL4.1.x86_64.rpm
0c41fb92a893e0e031be4be98d54db3d  wireshark-gnome-0.99.6-EL4.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3393
https://www.wireshark.org/docs/relnotes/wireshark-0.99.6.html
http://www.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.

RedHat: Low: wireshark security and bug fix update

New Wireshark packages that fix various security vulnerabilities and functionality bugs are now available for Red Hat Enterprise Linux 4. Wireshark was previously known as Ethere...

Summary



Summary

Wireshark is a program for monitoring network traffic. Several denial of service bugs were found in Wireshark's HTTP, iSeries, DCP ETSI, SSL, MMS, DHCP and BOOTP protocol dissectors. It was possible for Wireshark to crash or stop responding if it read a malformed packet off the network. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3393) Wireshark would interpret certain completion codes incorrectly when dissecting IPMI traffic. Additionally, IPMI 2.0 packets would be reported as malformed IPMI traffic. Users of Wireshark should upgrade to these updated packages containing Wireshark version 0.99.6, which correct these issues.


Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at
5. Bug IDs fixed (http://bugzilla.redhat.com/):
245796 - CVE-2007-3389 Wireshark crashes when inspecting HTTP traffic 245797 - CVE-2007-3391 Wireshark loops infinitely when inspecting DCP ETSI traffic 245798 - CVE-2007-3392 Wireshark loops infinitely when inspecting SSL traffic 246221 - CVE-2007-3393 Wireshark corrupts the stack when inspecting BOOTP traffic 246225 - CVE-2007-3390 Wireshark crashes when inspecting iSeries traffic 246229 - CVE-2007-3392 Wireshark crashes when inspecting MMS traffic
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS: 2d8ad27725033ac2bbadd5a385b6ae76 wireshark-0.99.6-EL4.1.src.rpm
i386: 3c6c77126ea4b1999f75a18a283d6499 wireshark-0.99.6-EL4.1.i386.rpm 8ac66efd8177234af75cf8af1bed2706 wireshark-debuginfo-0.99.6-EL4.1.i386.rpm ce5d1420de890fab97bb8c84617d1f25 wireshark-gnome-0.99.6-EL4.1.i386.rpm
ia64: 1db9e6a01562b42162772472433ec40c wireshark-0.99.6-EL4.1.ia64.rpm 4602cc3474ca776e4b8a3340664fa308 wireshark-debuginfo-0.99.6-EL4.1.ia64.rpm 2be1f400717544434423277057fb8a6a wireshark-gnome-0.99.6-EL4.1.ia64.rpm
ppc: 851e28e735d2cca81f036e84c10592de wireshark-0.99.6-EL4.1.ppc.rpm c1aa1b3e309e1246d2b2067811b759fe wireshark-debuginfo-0.99.6-EL4.1.ppc.rpm ca38499152427371121737fcfe545a1a wireshark-gnome-0.99.6-EL4.1.ppc.rpm
s390: deaa06304c3926eed158bed8a15b2e2b wireshark-0.99.6-EL4.1.s390.rpm c63f46b2598583595ca4d4d38d7e44b0 wireshark-debuginfo-0.99.6-EL4.1.s390.rpm 2020932bacbcdbbad055735ac0b0100e wireshark-gnome-0.99.6-EL4.1.s390.rpm
s390x: dc81c1505a3040328ab53cd449b388cd wireshark-0.99.6-EL4.1.s390x.rpm a22957a9c7bdf4976edcd2f6d7c0c5d2 wireshark-debuginfo-0.99.6-EL4.1.s390x.rpm 88a5ef4d0cf176f18fcf0381c8e80d2e wireshark-gnome-0.99.6-EL4.1.s390x.rpm
x86_64: a42ab0969e973cdab74c439427e21cfe wireshark-0.99.6-EL4.1.x86_64.rpm 6d12a229024b47a7ad5b6efcf71cb1d7 wireshark-debuginfo-0.99.6-EL4.1.x86_64.rpm 0c41fb92a893e0e031be4be98d54db3d wireshark-gnome-0.99.6-EL4.1.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: 2d8ad27725033ac2bbadd5a385b6ae76 wireshark-0.99.6-EL4.1.src.rpm
i386: 3c6c77126ea4b1999f75a18a283d6499 wireshark-0.99.6-EL4.1.i386.rpm 8ac66efd8177234af75cf8af1bed2706 wireshark-debuginfo-0.99.6-EL4.1.i386.rpm ce5d1420de890fab97bb8c84617d1f25 wireshark-gnome-0.99.6-EL4.1.i386.rpm
x86_64: a42ab0969e973cdab74c439427e21cfe wireshark-0.99.6-EL4.1.x86_64.rpm 6d12a229024b47a7ad5b6efcf71cb1d7 wireshark-debuginfo-0.99.6-EL4.1.x86_64.rpm 0c41fb92a893e0e031be4be98d54db3d wireshark-gnome-0.99.6-EL4.1.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: 2d8ad27725033ac2bbadd5a385b6ae76 wireshark-0.99.6-EL4.1.src.rpm
i386: 3c6c77126ea4b1999f75a18a283d6499 wireshark-0.99.6-EL4.1.i386.rpm 8ac66efd8177234af75cf8af1bed2706 wireshark-debuginfo-0.99.6-EL4.1.i386.rpm ce5d1420de890fab97bb8c84617d1f25 wireshark-gnome-0.99.6-EL4.1.i386.rpm
ia64: 1db9e6a01562b42162772472433ec40c wireshark-0.99.6-EL4.1.ia64.rpm 4602cc3474ca776e4b8a3340664fa308 wireshark-debuginfo-0.99.6-EL4.1.ia64.rpm 2be1f400717544434423277057fb8a6a wireshark-gnome-0.99.6-EL4.1.ia64.rpm
x86_64: a42ab0969e973cdab74c439427e21cfe wireshark-0.99.6-EL4.1.x86_64.rpm 6d12a229024b47a7ad5b6efcf71cb1d7 wireshark-debuginfo-0.99.6-EL4.1.x86_64.rpm 0c41fb92a893e0e031be4be98d54db3d wireshark-gnome-0.99.6-EL4.1.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: 2d8ad27725033ac2bbadd5a385b6ae76 wireshark-0.99.6-EL4.1.src.rpm
i386: 3c6c77126ea4b1999f75a18a283d6499 wireshark-0.99.6-EL4.1.i386.rpm 8ac66efd8177234af75cf8af1bed2706 wireshark-debuginfo-0.99.6-EL4.1.i386.rpm ce5d1420de890fab97bb8c84617d1f25 wireshark-gnome-0.99.6-EL4.1.i386.rpm
ia64: 1db9e6a01562b42162772472433ec40c wireshark-0.99.6-EL4.1.ia64.rpm 4602cc3474ca776e4b8a3340664fa308 wireshark-debuginfo-0.99.6-EL4.1.ia64.rpm 2be1f400717544434423277057fb8a6a wireshark-gnome-0.99.6-EL4.1.ia64.rpm
x86_64: a42ab0969e973cdab74c439427e21cfe wireshark-0.99.6-EL4.1.x86_64.rpm 6d12a229024b47a7ad5b6efcf71cb1d7 wireshark-debuginfo-0.99.6-EL4.1.x86_64.rpm 0c41fb92a893e0e031be4be98d54db3d wireshark-gnome-0.99.6-EL4.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3393 https://www.wireshark.org/docs/relnotes/wireshark-0.99.6.html http://www.redhat.com/security/updates/classification/#low

Package List


Severity
Advisory ID: RHSA-2007:0709-02
Advisory URL: https://access.redhat.com/errata/RHSA-2007:0709.html
Issued Date: : 2007-11-15
Updated on: 2007-11-15
Product: Red Hat Enterprise Linux
Keywords: HTTP iSeries DCP ETSI SSL MMS DHCP BOOTP crash loop DoS IPMI
CVE Names: CVE-2007-3389 CVE-2007-3390 CVE-2007-3391 CVE-2007-3392 CVE-2007-3393 New Wireshark packages that fix various security vulnerabilities and functionality bugs are now available for Red Hat Enterprise Linux 4. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team.

Topic


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64


Bugs Fixed


Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved