LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2013:172: wireshark Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Multiple vulnerabilities has been found and corrected in wireshark: * The ASN.1 BER dissector could crash (CVE-2013-3557). * The CAPWAP dissector could crash (CVE-2013-4074). * The HTTP dissector could overrun the stack (CVE-2013-4081). [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:172
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : June 12, 2013
 Affected: Business Server 1.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in wireshark:
 
 * The ASN.1 BER dissector could crash (CVE-2013-3557).
 * The CAPWAP dissector could crash (CVE-2013-4074).
 * The HTTP dissector could overrun the stack (CVE-2013-4081).
 * The DCP ETSI dissector could crash (CVE-2013-4083).
 
 This advisory provides the latest version of Wireshark (1.6.16)
 which is not vulnerable to these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3557
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4074
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4081
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4083
 http://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html
 http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 ee7dc085336b1112178dabcf9efcbfd6  mes5/i586/dumpcap-1.6.16-0.1mdvmes5.2.i586.rpm
 b3f0ee150e0cc4733bc6181784e3db0b  mes5/i586/libwireshark1-1.6.16-0.1mdvmes5.2.i586.rpm
 ae18d8a751ddf6d0197a7259d4958dd7  mes5/i586/libwireshark-devel-1.6.16-0.1mdvmes5.2.i586.rpm
 ce85c65696abc4a9112200d73334a2a0  mes5/i586/rawshark-1.6.16-0.1mdvmes5.2.i586.rpm
 9492d3e3dfccc7cc28b40558f2efc964  mes5/i586/tshark-1.6.16-0.1mdvmes5.2.i586.rpm
 bfb3a5facb92c41b43ec428b71bf6292  mes5/i586/wireshark-1.6.16-0.1mdvmes5.2.i586.rpm
 daefcf5e5f2e955df6bb39ce38f6adc2  mes5/i586/wireshark-tools-1.6.16-0.1mdvmes5.2.i586.rpm 
 13f53e174e10e8f7bf6b4896ea785067  mes5/SRPMS/wireshark-1.6.16-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 0e30acd436f428bf94164f2c2437ec37  mes5/x86_64/dumpcap-1.6.16-0.1mdvmes5.2.x86_64.rpm
 24515452924f9b39dac572d541eb7135  mes5/x86_64/lib64wireshark1-1.6.16-0.1mdvmes5.2.x86_64.rpm
 b29c2e1acb4bbdbeac5db892353c58a3  mes5/x86_64/lib64wireshark-devel-1.6.16-0.1mdvmes5.2.x86_64.rpm
 b86457579d9a945a5e1859186ae40d04  mes5/x86_64/rawshark-1.6.16-0.1mdvmes5.2.x86_64.rpm
 2a5971317b64668b1a0492ef05288707  mes5/x86_64/tshark-1.6.16-0.1mdvmes5.2.x86_64.rpm
 d22feab79bec9cd2dcffd339482cf8c2  mes5/x86_64/wireshark-1.6.16-0.1mdvmes5.2.x86_64.rpm
 9b49117a0bcc4427bd5d725cd9c5152a  mes5/x86_64/wireshark-tools-1.6.16-0.1mdvmes5.2.x86_64.rpm 
 13f53e174e10e8f7bf6b4896ea785067  mes5/SRPMS/wireshark-1.6.16-0.1mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 2390468bd95bc55cf6380912c651df30  mbs1/x86_64/dumpcap-1.6.16-1.mbs1.x86_64.rpm
 1640e819389b89792aeb281daaad14b4  mbs1/x86_64/lib64wireshark1-1.6.16-1.mbs1.x86_64.rpm
 1c29c375c42970380dce6e30c6a59193  mbs1/x86_64/lib64wireshark-devel-1.6.16-1.mbs1.x86_64.rpm
 edde8d7961d033ac5d76678604d19548  mbs1/x86_64/rawshark-1.6.16-1.mbs1.x86_64.rpm
 4cbfe7fe1c7b27bb69fb6863d5db7f6b  mbs1/x86_64/tshark-1.6.16-1.mbs1.x86_64.rpm
 637924c40d0bff5b4149d2baa6a68f0d  mbs1/x86_64/wireshark-1.6.16-1.mbs1.x86_64.rpm
 5e7375e0d750820e503635794e6f2636  mbs1/x86_64/wireshark-tools-1.6.16-1.mbs1.x86_64.rpm 
 80a49547bf467b19038b4688a0aed2b3  mbs1/SRPMS/wireshark-1.6.16-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Heartbleed: Security experts reality-check the 3 most hysterical fears
Open source trounces proprietary software for code defects, Coverity analysis finds
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.