[Security Announce] [ MDKSA-2007:033 ] - Updated wireshark packages fix multiple vulnerabilities
Posted on: 02/03/2007 09:15 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:033
http://www.mandriva.com/security/
_______________________________________________________________________

Package : wireshark
Date : February 2, 2007
Affected: 2007.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

Vulnerabilities in the LLT, IEEE 802.11, HTTP, and TCP dissectors were
discovered in versions of wireshark less than 0.99.5, as well as
various other bugs.

This updated provides wireshark 0.99.5 which is not vulnerable to these
issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0459
http://www.wireshark.org/security/wnpa-sec-2007-01.html
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
740873204531526e4cc6878444af8362 2007.0/i586/libwireshark0-0.99.5-0.1mdv2007.0.i586.rpm
add82ec56d6f77ee7368cd080a82a465 2007.0/i586/tshark-0.99.5-0.1mdv2007.0.i586.rpm
d193c2b44c08aac1b67d64613532ef80 2007.0/i586/wireshark-0.99.5-0.1mdv2007.0.i586.rpm
858bbb85edc9783b155ef0a0ac6c3b90 2007.0/i586/wireshark-tools-0.99.5-0.1mdv2007.0.i586.rpm
1df4c1838fe6b746a782e133de279827 2007.0/SRPMS/wireshark-0.99.5-0.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
8ef87dcfc0cc5ac18a31945959e7aa7c 2007.0/x86_64/lib64wireshark0-0.99.5-0.1mdv2007.0.x86_64.rpm
a3f7656a6b2c90d23bac921d472bffaf 2007.0/x86_64/tshark-0.99.5-0.1mdv2007.0.x86_64.rpm
81050abf3144fd206f8a2f0a7e910836 2007.0/x86_64/wireshark-0.99.5-0.1mdv2007.0.x86_64.rpm
b2f12630475a24dec626092e231cc24a 2007.0/x86_64/wireshark-tools-0.99.5-0.1mdv2007.0.x86_64.rpm
1df4c1838fe6b746a782e133de279827 2007.0/SRPMS/wireshark-0.99.5-0.1mdv2007.0.src.rpm

Corporate 4.0:
26813537c4e24420d2cb1bbcbaad3185 corporate/4.0/i586/libwireshark0-0.99.5-0.1.20060mlcs4.i586.rpm
55d76fd9bc65b2cd4eb602a8e8b034d1 corporate/4.0/i586/tshark-0.99.5-0.1.20060mlcs4.i586.rpm
8aaf460bab2133abe4c7d5973f190d8c corporate/4.0/i586/wireshark-0.99.5-0.1.20060mlcs4.i586.rpm
4b12b3ad9f259bb9099208cb530bc42d corporate/4.0/i586/wireshark-tools-0.99.5-0.1.20060mlcs4.i586.rpm
5937c2654ada4050818cc4d2f88d13ce corporate/4.0/SRPMS/wireshark-0.99.5-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
b6da34d5d4f983d981f298b20f26222c corporate/4.0/x86_64/lib64wireshark0-0.99.5-0.1.20060mlcs4.x86_64.rpm
1a7b1c1d3c142f7e735f0b4e94b6fee8 corporate/4.0/x86_64/tshark-0.99.5-0.1.20060mlcs4.x86_64.rpm
103ef9c506489cf585aa01bf71c8e24a corporate/4.0/x86_64/wireshark-0.99.5-0.1.20060mlcs4.x86_64.rpm
b9b872ed0afc643f40fc35983d0a7302 corporate/4.0/x86_64/wireshark-tools-0.99.5-0.1.20060mlcs4.x86_64.rpm
5937c2654ada4050818cc4d2f88d13ce corporate/4.0/SRPMS/wireshark-0.99.5-0.1.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFw9EcmqjQ0CJFipgRAnDtAKCjD5xWhqIieHZJ1sXG6QHpMu5M0QCfesmh
Gbkbxd4FLH/gNMJxW9I0X2c=
=sFUw
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2007033__updated_wireshark_packages_fix_multiple_vulnerabilities.html)