LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 31st, 2014
Linux Security Week: October 27th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2014:050: wireshark Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Multiple vulnerabilities was found and corrected in Wireshark: * The NFS dissector could crash. Discovered by Moshe Kaplan (CVE-2014-2281). [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:050
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : March 10, 2014
 Affected: Business Server 1.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities was found and corrected in Wireshark:
 
 * The NFS dissector could crash. Discovered by Moshe Kaplan
 (CVE-2014-2281).
 
 * The RLC dissector could crash (CVE-2014-2283).
 
 * The MPEG file parser could overflow a buffer. Discovered by Wesley
 Neelen (CVE-2014-2299).
 
 This advisory provides the latest version of Wireshark (1.8.13)
 which is not vulnerable to these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2281
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2283
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2299
 http://www.wireshark.org/security/wnpa-sec-2014-01.html
 http://www.wireshark.org/security/wnpa-sec-2014-03.html
 http://www.wireshark.org/security/wnpa-sec-2014-04.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 4f641d05af87e5a053edd599e23975c7  mes5/i586/dumpcap-1.8.13-0.1mdvmes5.2.i586.rpm
 b1a8a82298dd88bde7f9e41b1a73b47d  mes5/i586/libwireshark2-1.8.13-0.1mdvmes5.2.i586.rpm
 896c658c6ddacc562a0d70366c64aefd  mes5/i586/libwireshark-devel-1.8.13-0.1mdvmes5.2.i586.rpm
 b3287396b309bd0ec077ec03647356ac  mes5/i586/rawshark-1.8.13-0.1mdvmes5.2.i586.rpm
 b05f181a687aee422bcc9d2a0dbedecc  mes5/i586/tshark-1.8.13-0.1mdvmes5.2.i586.rpm
 a3c609066ee5c522f735160b791b3d1d  mes5/i586/wireshark-1.8.13-0.1mdvmes5.2.i586.rpm
 8e3d5cddff1cf5b3de28e6fd6298a412  mes5/i586/wireshark-tools-1.8.13-0.1mdvmes5.2.i586.rpm 
 104a5965c230eba36b23945ea4d378e6  mes5/SRPMS/wireshark-1.8.13-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 bf3e734f58c22f4a7d4cb9a92c723e6b  mes5/x86_64/dumpcap-1.8.13-0.1mdvmes5.2.x86_64.rpm
 f3f2f97f4a0dab273fe6821f9b3dcda2  mes5/x86_64/lib64wireshark2-1.8.13-0.1mdvmes5.2.x86_64.rpm
 d7182aa64192b2b4856ce1deb25da35d  mes5/x86_64/lib64wireshark-devel-1.8.13-0.1mdvmes5.2.x86_64.rpm
 ce9a49108e3e37385b1ecd1aec0818b5  mes5/x86_64/rawshark-1.8.13-0.1mdvmes5.2.x86_64.rpm
 345d1066d8dda18a06b0f9b0f34b12ff  mes5/x86_64/tshark-1.8.13-0.1mdvmes5.2.x86_64.rpm
 49cf7c4dbec20d065ff535f5bc500d3b  mes5/x86_64/wireshark-1.8.13-0.1mdvmes5.2.x86_64.rpm
 79c290d0a6934440a3989e696f6e3a2d  mes5/x86_64/wireshark-tools-1.8.13-0.1mdvmes5.2.x86_64.rpm 
 104a5965c230eba36b23945ea4d378e6  mes5/SRPMS/wireshark-1.8.13-0.1mdvmes5.2.src.rpm

 Mandriva Business Server 1/X86_64:
 919616ad2d26713c2d0a4148d06cc671  mbs1/x86_64/dumpcap-1.8.13-1.mbs1.x86_64.rpm
 32bc98bd5e9d2e19043d77ba944413fb  mbs1/x86_64/lib64wireshark2-1.8.13-1.mbs1.x86_64.rpm
 e966a54884894738c89859f3768aed5c  mbs1/x86_64/lib64wireshark-devel-1.8.13-1.mbs1.x86_64.rpm
 b96bbb6c34d1bf867e7409392b82817a  mbs1/x86_64/rawshark-1.8.13-1.mbs1.x86_64.rpm
 a803b639bdf2ffa9d905bae772d19498  mbs1/x86_64/tshark-1.8.13-1.mbs1.x86_64.rpm
 ba694e53492db08cb4db43ae181b519f  mbs1/x86_64/wireshark-1.8.13-1.mbs1.x86_64.rpm
 c24508e134fd8be7216f4a165dc3f71c  mbs1/x86_64/wireshark-tools-1.8.13-1.mbs1.x86_64.rpm 
 bc9586d2a42a3b7f52a02843905c7f59  mbs1/SRPMS/wireshark-1.8.13-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pirate Bay founder guilty in historic hacker case
Parallels CTO: Linux container security is not the problem
Advisory says to assume all Drupal 7 websites are compromised
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.