Mailing List Archive

[ MDVSA-2014:050 ] wireshark
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:050
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : wireshark
Date : March 10, 2014
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities was found and corrected in Wireshark:

* The NFS dissector could crash. Discovered by Moshe Kaplan
(CVE-2014-2281).

* The RLC dissector could crash (CVE-2014-2283).

* The MPEG file parser could overflow a buffer. Discovered by Wesley
Neelen (CVE-2014-2299).

This advisory provides the latest version of Wireshark (1.8.13)
which is not vulnerable to these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2283
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2299
http://www.wireshark.org/security/wnpa-sec-2014-01.html
http://www.wireshark.org/security/wnpa-sec-2014-03.html
http://www.wireshark.org/security/wnpa-sec-2014-04.html
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
4f641d05af87e5a053edd599e23975c7 mes5/i586/dumpcap-1.8.13-0.1mdvmes5.2.i586.rpm
b1a8a82298dd88bde7f9e41b1a73b47d mes5/i586/libwireshark2-1.8.13-0.1mdvmes5.2.i586.rpm
896c658c6ddacc562a0d70366c64aefd mes5/i586/libwireshark-devel-1.8.13-0.1mdvmes5.2.i586.rpm
b3287396b309bd0ec077ec03647356ac mes5/i586/rawshark-1.8.13-0.1mdvmes5.2.i586.rpm
b05f181a687aee422bcc9d2a0dbedecc mes5/i586/tshark-1.8.13-0.1mdvmes5.2.i586.rpm
a3c609066ee5c522f735160b791b3d1d mes5/i586/wireshark-1.8.13-0.1mdvmes5.2.i586.rpm
8e3d5cddff1cf5b3de28e6fd6298a412 mes5/i586/wireshark-tools-1.8.13-0.1mdvmes5.2.i586.rpm
104a5965c230eba36b23945ea4d378e6 mes5/SRPMS/wireshark-1.8.13-0.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
bf3e734f58c22f4a7d4cb9a92c723e6b mes5/x86_64/dumpcap-1.8.13-0.1mdvmes5.2.x86_64.rpm
f3f2f97f4a0dab273fe6821f9b3dcda2 mes5/x86_64/lib64wireshark2-1.8.13-0.1mdvmes5.2.x86_64.rpm
d7182aa64192b2b4856ce1deb25da35d mes5/x86_64/lib64wireshark-devel-1.8.13-0.1mdvmes5.2.x86_64.rpm
ce9a49108e3e37385b1ecd1aec0818b5 mes5/x86_64/rawshark-1.8.13-0.1mdvmes5.2.x86_64.rpm
345d1066d8dda18a06b0f9b0f34b12ff mes5/x86_64/tshark-1.8.13-0.1mdvmes5.2.x86_64.rpm
49cf7c4dbec20d065ff535f5bc500d3b mes5/x86_64/wireshark-1.8.13-0.1mdvmes5.2.x86_64.rpm
79c290d0a6934440a3989e696f6e3a2d mes5/x86_64/wireshark-tools-1.8.13-0.1mdvmes5.2.x86_64.rpm
104a5965c230eba36b23945ea4d378e6 mes5/SRPMS/wireshark-1.8.13-0.1mdvmes5.2.src.rpm

Mandriva Business Server 1/X86_64:
919616ad2d26713c2d0a4148d06cc671 mbs1/x86_64/dumpcap-1.8.13-1.mbs1.x86_64.rpm
32bc98bd5e9d2e19043d77ba944413fb mbs1/x86_64/lib64wireshark2-1.8.13-1.mbs1.x86_64.rpm
e966a54884894738c89859f3768aed5c mbs1/x86_64/lib64wireshark-devel-1.8.13-1.mbs1.x86_64.rpm
b96bbb6c34d1bf867e7409392b82817a mbs1/x86_64/rawshark-1.8.13-1.mbs1.x86_64.rpm
a803b639bdf2ffa9d905bae772d19498 mbs1/x86_64/tshark-1.8.13-1.mbs1.x86_64.rpm
ba694e53492db08cb4db43ae181b519f mbs1/x86_64/wireshark-1.8.13-1.mbs1.x86_64.rpm
c24508e134fd8be7216f4a165dc3f71c mbs1/x86_64/wireshark-tools-1.8.13-1.mbs1.x86_64.rpm
bc9586d2a42a3b7f52a02843905c7f59 mbs1/SRPMS/wireshark-1.8.13-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTHcXMmqjQ0CJFipgRApA3AJ9dlqu6qQiutinpvBDtprtQHoIKIQCeM396
03x4Ft2ynLHpeO4UFnID4QM=
=F8Lb
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/