LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2012:134: wireshark Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Multiple vulnerabilities was found and corrected in Wireshark: The DCP ETSI dissector could trigger a zero division (CVE-2012-4285). The MongoDB dissector could go into a large loop (CVE-2012-4287). [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:134
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : August 16, 2012
 Affected: 2011.
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities was found and corrected in Wireshark:
 
 The DCP ETSI dissector could trigger a zero division (CVE-2012-4285).
 
 The MongoDB dissector could go into a large loop (CVE-2012-4287).
 
 The XTP dissector could go into an infinite loop (CVE-2012-4288).
 
 The AFP dissector could go into a large loop (CVE-2012-4289).
 
 The RTPS2 dissector could overflow a buffer (CVE-2012-4296).
 
 The GSM RLC MAC dissector could overflow a buffer (CVE-2012-4297).
 
 The CIP dissector could exhaust system memory (CVE-2012-4291).
 
 The STUN dissector could crash (CVE-2012-4292).
 
 The EtherCAT Mailbox dissector could abort (CVE-2012-4293).
 
 The CTDB dissector could go into a large loop (CVE-2012-4290).
 
 This advisory provides the latest version of Wireshark (1.6.10)
 which is not vulnerable to these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4285
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4288
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4289
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4296
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4297
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4291
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4292
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4293
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4290
 http://www.wireshark.org/security/wnpa-sec-2012-13.html
 http://www.wireshark.org/security/wnpa-sec-2012-14.html
 http://www.wireshark.org/security/wnpa-sec-2012-15.html
 http://www.wireshark.org/security/wnpa-sec-2012-17.html
 http://www.wireshark.org/security/wnpa-sec-2012-18.html
 http://www.wireshark.org/security/wnpa-sec-2012-19.html
 http://www.wireshark.org/security/wnpa-sec-2012-20.html
 http://www.wireshark.org/security/wnpa-sec-2012-21.html
 http://www.wireshark.org/security/wnpa-sec-2012-22.html
 http://www.wireshark.org/security/wnpa-sec-2012-23.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 7f9b50d728f3677d600e2b3c5cf9e143  2011/i586/dumpcap-1.6.10-0.1-mdv2011.0.i586.rpm
 41abd4e3174bc66135b63c3ce413cd8b  2011/i586/libwireshark1-1.6.10-0.1-mdv2011.0.i586.rpm
 a4bf1c8d7782a041943931e03b9ec697  2011/i586/libwireshark-devel-1.6.10-0.1-mdv2011.0.i586.rpm
 4dbd471403d5fa43f773d451026927f3  2011/i586/rawshark-1.6.10-0.1-mdv2011.0.i586.rpm
 df238ceb7fce4e998831115aba7cb198  2011/i586/tshark-1.6.10-0.1-mdv2011.0.i586.rpm
 15ee012ac6dcbc61c98e1e6cf9f81f33  2011/i586/wireshark-1.6.10-0.1-mdv2011.0.i586.rpm
 3eb9c08e21a8d18c8fe2053112244260  2011/i586/wireshark-tools-1.6.10-0.1-mdv2011.0.i586.rpm 
 47f4c354b2c73e325e99d1f699d9b8c8  2011/SRPMS/wireshark-1.6.10-0.1.src.rpm

 Mandriva Linux 2011/X86_64:
 0b3d330fc5721e9fe162d458aca0eb90  2011/x86_64/dumpcap-1.6.10-0.1-mdv2011.0.x86_64.rpm
 e2e642f3864a217f26d2f07ac0dc473a  2011/x86_64/lib64wireshark1-1.6.10-0.1-mdv2011.0.x86_64.rpm
 c73e6a0704ec32b2b10b2ec1dad3fa0b  2011/x86_64/lib64wireshark-devel-1.6.10-0.1-mdv2011.0.x86_64.rpm
 bdffe67b6ecf6a09035b74ba703def73  2011/x86_64/rawshark-1.6.10-0.1-mdv2011.0.x86_64.rpm
 9bedf4907301f42a94c7c9ab9114a9c2  2011/x86_64/tshark-1.6.10-0.1-mdv2011.0.x86_64.rpm
 9ea44005e04b88cbabe97d2ed75f2ed5  2011/x86_64/wireshark-1.6.10-0.1-mdv2011.0.x86_64.rpm
 506b0f9a80fdc7482b185c543669e331  2011/x86_64/wireshark-tools-1.6.10-0.1-mdv2011.0.x86_64.rpm 
 47f4c354b2c73e325e99d1f699d9b8c8  2011/SRPMS/wireshark-1.6.10-0.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Linux Foundation enlists Microsoft, Google to prevent the next Heartbleed
Heartbleed prompts joint vendor effort to boost OpenSSL, security
F.B.I. Informant Is Tied to Cyberattacks Abroad
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.