|
|
Subscribe / Log in / New account

Mageia alert MGASA-2012-0226 (wireshark)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2012-0226: wireshark-1.4.15-1.mga1
 (1/core), wireshark-1.6.10-1.mga2 (2/core) 


Date:
    	      Sat, 18 Aug 2012 12:41:56 +0200


Message-ID:
    	      <20120818104156.GA4194@valstar.mageia.org>



MGASA-2012-0226
Date: 	August 18th, 2012
Affected releases: 	1, 2


Description:
Updated wireshark packages fix security vulnerabilities:

The DCP ETSI dissector could trigger a zero division (CVE-2012-4285).

The XTP dissector could go into an infinite loop (CVE-2012-4288).

The AFP dissector could go into a large loop (CVE-2012-4289).

The RTPS2 dissector could overflow a buffer (CVE-2012-4296).

The GSM RLC MAC dissector could overflow a buffer (CVE-2012-4297).
Note: this issue, also known as wnpa-sec-2012-19, only affects Mageia 2.

The CIP dissector could exhaust system memory (CVE-2012-4291).

The STUN dissector could crash (CVE-2012-4292).

The EtherCAT Mailbox dissector could abort (CVE-2012-4293).

The CTDB dissector could go into a large loop (CVE-2012-4290).


Updated Packages:
Mageia 1:
dumpcap-1.4.15-1.mga1
lib(64)wireshark0-1.4.15-1.mga1
lib(64)wireshark-devel-1.4.15-1.mga1
rawshark-1.4.15-1.mga1
tshark-1.4.15-1.mga1
wireshark-1.4.15-1.mga1
wireshark-tools-1.4.15-1.mga1

Mageia 2:
dumpcap-1.6.10-1.mga2
lib(64)wireshark1-1.6.10-1.mga2
lib(64)wireshark-devel-1.6.10-1.mga2
rawshark-1.6.10-1.mga2
tshark-1.6.10-1.mga2
wireshark-1.6.10-1.mga2
wireshark-tools-1.6.10-1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4297 (mga2 only)
http://www.wireshark.org/security/wnpa-sec-2012-13.html
http://www.wireshark.org/security/wnpa-sec-2012-15.html
http://www.wireshark.org/security/wnpa-sec-2012-17.html
http://www.wireshark.org/security/wnpa-sec-2012-18.html
http://www.wireshark.org/security/wnpa-sec-2012-19.html (mga2 only)
http://www.wireshark.org/security/wnpa-sec-2012-20.html
http://www.wireshark.org/security/wnpa-sec-2012-21.html
http://www.wireshark.org/security/wnpa-sec-2012-22.html
http://www.wireshark.org/security/wnpa-sec-2012-23.html
http://www.wireshark.org/docs/relnotes/wireshark-1.4.15.html (mga1 only)
http://www.wireshark.org/docs/relnotes/wireshark-1.6.10.html (mga2 only)
http://www.wireshark.org/news/20120815.html
https://bugs.mageia.org/show_bug.cgi?id=7075
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds