Mandriva: 2013:055: wireshark
Posted by Benjamin D. Thomas   
Mandrake Multiple vulnerabilities has been found and corrected in wireshark: Infinite and large loops in ANSI MAP, BACapp, Bluetooth HCI, IEEE 802.3, LTP, and R3 dissectors have been fixed. Discovered by Laurent Butti (http://www.wireshark.org/security/wnpa-sec-2012-08.html [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:055
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : April 5, 2013
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in wireshark:
 
 Infinite and large loops in ANSI MAP, BACapp, Bluetooth HCI, IEEE
 802.3, LTP, and R3 dissectors have been fixed. Discovered by Laurent
 Butti (http://www.wireshark.org/security/wnpa-sec-2012-08.html
 [CVE-2012-2392])
 
 The DIAMETER dissector could try to allocate memory improperly
 and crash (http://www.wireshark.org/security/wnpa-sec-2012-09.html
 [CVE-2012-2393])
 
 Wireshark could crash on SPARC processors due to
 misaligned memory. Discovered by Klaus Heckelmann
 (http://www.wireshark.org/security/wnpa-sec-2012-10.html
 [CVE-2012-2394])
 
 The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9,
 and 1.8.x before 1.8.1 allows remote attackers to cause a denial of
 service (invalid pointer dereference and application crash) via a
 crafted packet, as demonstrated by a usbmon dump (CVE-2012-4048).
 
 epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x
 before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote
 attackers to cause a denial of service (loop and CPU consumption)
 via a crafted packet (CVE-2012-4049).
 
 The DCP ETSI dissector could trigger a zero division (CVE-2012-4285).
 
 The XTP dissector could go into an infinite loop (CVE-2012-4288).
 
 The AFP dissector could go into a large loop (CVE-2012-4289).
 
 The RTPS2 dissector could overflow a buffer (CVE-2012-4296).
 
 The GSM RLC MAC dissector could overflow a buffer (CVE-2012-4297).
 
 The CIP dissector could exhaust system memory (CVE-2012-4291).
 
 The STUN dissector could crash (CVE-2012-4292).
 
 The EtherCAT Mailbox dissector could abort (CVE-2012-4293).
 
 The CTDB dissector could go into a large loop (CVE-2012-4290).
 
 Martin Wilck discovered an infinite loop in the DRDA dissector
 (CVE-2012-5239).
 
 The USB dissector could go into an infinite loop. (wnpa-sec-2012-31)
 
 The ISAKMP dissector could crash. (wnpa-sec-2012-35)
 
 The iSCSI dissector could go into an infinite loop. (wnpa-sec-2012-36)
 
 The WTP dissector could go into an infinite loop. (wnpa-sec-2012-37)
 
 The RTCP dissector could go into an infinite loop. (wnpa-sec-2012-38)
 
 The ICMPv6 dissector could go into an infinite loop. (wnpa-sec-2012-40)
 
 Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS
 CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP
 dissectors (wnpa-sec-2013-01).
 
 The CLNP dissector could crash (wnpa-sec-2013-02).
 
 The DTN dissector could crash (wnpa-sec-2013-03).
 
 The MS-MMC dissector (and possibly others) could crash
 (wnpa-sec-2013-04).
 
 The DTLS dissector could crash (wnpa-sec-2013-05).
 
 The DCP-ETSI dissector could corrupt memory (wnpa-sec-2013-07).
 
 The Wireshark dissection engine could crash (wnpa-sec-2013-08).
 
 The NTLMSSP dissector could overflow a buffer (wnpa-sec-2013-09).
 
 The sFlow dissector could go into an infinite loop (CVE-2012-6054).
 
 The SCTP dissector could go into an infinite loop (CVE-2012-6056).
 
 The MS-MMS dissector could crash (CVE-2013-2478).
 
 The RTPS and RTPS2 dissectors could crash (CVE-2013-2480).
 
 The Mount dissector could crash (CVE-2013-2481).
 
 The AMPQ dissector could go into an infinite loop (CVE-2013-2482).
 
 The ACN dissector could attempt to divide by zero (CVE-2013-2483).
 
 The CIMD dissector could crash (CVE-2013-2484).
 
 The FCSP dissector could go into an infinite loop (CVE-2013-2485).
 
 The DTLS dissector could crash (CVE-2013-2488).
 
 This advisory provides the latest version of Wireshark (1.6.14)
 which is not vulnerable to these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2392
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2393
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2394
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4048
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4049
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4285
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4288
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4289
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4290
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4291
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4292
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4293
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4296
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4297
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5239
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6054
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6056
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2478
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2480
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2481
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2482
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2483
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2484
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2485
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2488
 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0134
 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0210
 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0226
 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0284
 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0348
 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0034
 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0090
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 1817d98ba604d0b8347bf9ef5d7ddf00  mbs1/x86_64/dumpcap-1.6.14-1.mbs1.x86_64.rpm
 a5319dbd9c47629f4fb6797f313dfcf5  mbs1/x86_64/lib64wireshark1-1.6.14-1.mbs1.x86_64.rpm
 c0bb6476540803d16355bb9006179b1d  mbs1/x86_64/lib64wireshark-devel-1.6.14-1.mbs1.x86_64.rpm
 e0b9fede48c4c4db36b22814477cfaa4  mbs1/x86_64/rawshark-1.6.14-1.mbs1.x86_64.rpm
 4de1571d4b7a2cf3daea452a2d46ed78  mbs1/x86_64/tshark-1.6.14-1.mbs1.x86_64.rpm
 1c3a0948612798f471d1bb6a5a9e3620  mbs1/x86_64/wireshark-1.6.14-1.mbs1.x86_64.rpm
 88fea6e5203d3d0c8f38ebf9a82ae5d4  mbs1/x86_64/wireshark-tools-1.6.14-1.mbs1.x86_64.rpm 
 e915fb3656c689705b86ab93896a5da9  mbs1/SRPMS/wireshark-1.6.14-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________