MDVSA-2013:020

Nome do pacote

wireshark

Data

2013-03-08

ID Alerta

MDVSA-2013:020

Versões afetadas

MES5 i586 , MES5 x86_64

Descrição do problema

Multiple vulnerabilities was found and corrected in Wireshark:

* DRDA dissector infinite loop (CVE-2012-5239).
* USB dissector infinite loop
* ISAKMP dissector crash
* iSCSI dissector infinite loop
* WTP dissector infinite loop
* RTCP dissector inifinte loop
* ICMPv6 dissector infinite loop
* Infinite and large loops in several dissectors (CVE-2013-1572,
CVE-2013-1573, CVE-2013-1574, CVE-2013-1575, CVE-2013-1576,
CVE-2013-1577, CVE-2013-1578, CVE-2013-1579, CVE-2013-1580,
CVE-2013-1581).
* CLNP dissector crash (CVE-2013-1582).
* DTN dissector crash (CVE-2013-1583, CVE-2013-1584).
* MS-MMC dissector crash (CVE-2013-1585).
* DTLS dissector crash (CVE-2013-1586).
* DCP-ETSI dissector crash (CVE-2013-1588).
* Wireshark dissection engine crash (CVE-2013-1589).
* NTLMSSP dissector overflow (CVE-2013-1590).
* MS-MMS dissector crash (CVE-2013-2478).
* RTPS and RTPS2 dissector crash (CVE-2013-2480).
* Mount dissector crash (CVE-2013-2481).
* AMPQ dissector infinite loop (CVE-2013-2482).
* ACN dissector divide by zero (CVE-2013-2483).
* CIMD dissector crash (CVE-2013-2484).
* FCSP dissector infinite loop (CVE-2013-2485).
* DTLS dissector crash (CVE-2013-2488).

This advisory provides the latest version of Wireshark (1.6.14)
which is not vulnerable to these issues.

Pacotes atualizados

MES5 i586

 a22beeba6fa41e24c7cfac34d5df7cce  mes5/i586/dumpcap-1.6.14-0.1mdvmes5.2.i586.rpm
 14d093a7435774afd18f24a2abb41b1f  mes5/i586/libwireshark1-1.6.14-0.1mdvmes5.2.i586.rpm
 36654a282d83b0105a8c9df3a97eee97  mes5/i586/libwireshark-devel-1.6.14-0.1mdvmes5.2.i586.rpm
 a82e66bd38a63cca2c0727ca1d38e3fb  mes5/i586/rawshark-1.6.14-0.1mdvmes5.2.i586.rpm
 0986f3ddb45fc6bd3d1659951ab47816  mes5/i586/tshark-1.6.14-0.1mdvmes5.2.i586.rpm
 b58996993509b52a43395458fbc290ba  mes5/i586/wireshark-1.6.14-0.1mdvmes5.2.i586.rpm
 2eab9f9ecf9f622a5f06b36d71183ffb  mes5/i586/wireshark-tools-1.6.14-0.1mdvmes5.2.i586.rpm 
 6288f0cf8b88de7fb206c2b0dba2fe0c  mes5/SRPMS/wireshark-1.6.14-0.1mdvmes5.2.src.rpm

MES5 x86_64

 dbe7f9af81fc6dee15f1af6b8f57513e  mes5/x86_64/dumpcap-1.6.14-0.1mdvmes5.2.x86_64.rpm
 2755728f4fbd11eab89648f4ced5816f  mes5/x86_64/lib64wireshark1-1.6.14-0.1mdvmes5.2.x86_64.rpm
 7499190e0f8cee43b68228126764a674  mes5/x86_64/lib64wireshark-devel-1.6.14-0.1mdvmes5.2.x86_64.rpm
 0b885069ea9380aff5f0a6bdc858dc6c  mes5/x86_64/rawshark-1.6.14-0.1mdvmes5.2.x86_64.rpm
 bc7a38103a6a72370f0c24b956cadc47  mes5/x86_64/tshark-1.6.14-0.1mdvmes5.2.x86_64.rpm
 a515e67149dc0f1a35bc6769c8fa31ac  mes5/x86_64/wireshark-1.6.14-0.1mdvmes5.2.x86_64.rpm
 ae4e61b2418693acebb9778c3a9eb165  mes5/x86_64/wireshark-tools-1.6.14-0.1mdvmes5.2.x86_64.rpm 
 6288f0cf8b88de7fb206c2b0dba2fe0c  mes5/SRPMS/wireshark-1.6.14-0.1mdvmes5.2.src.rpm

Referências

• http://www.wireshark.org/security/wnpa-sec-2013-09.html
• http://www.wireshark.org/security/wnpa-sec-2013-08.html
• http://www.wireshark.org/security/wnpa-sec-2013-07.html
• http://www.wireshark.org/security/wnpa-sec-2013-05.html
• http://www.wireshark.org/security/wnpa-sec-2013-04.html
• http://www.wireshark.org/security/wnpa-sec-2013-03.html
• http://www.wireshark.org/security/wnpa-sec-2013-02.html
• http://www.wireshark.org/security/wnpa-sec-2013-01.html
• http://www.wireshark.org/security/wnpa-sec-2012-40.html
• http://www.wireshark.org/security/wnpa-sec-2012-38.html
• http://www.wireshark.org/security/wnpa-sec-2012-37.html
• http://www.wireshark.org/security/wnpa-sec-2012-36.html
• http://www.wireshark.org/security/wnpa-sec-2012-35.html
• http://www.wireshark.org/security/wnpa-sec-2012-31.html
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2488
• http://www.wireshark.org/security/wnpa-sec-2012-28.html
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2485
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2483
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2484
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2482
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2480
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2481
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2478
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1589
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1590
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1588
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1585
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1586
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1584
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1582
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1583
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1581
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1579
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1580
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1578
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1576
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1577
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1575
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1573
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1574
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5239
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1572
• http://www.wireshark.org/security/wnpa-sec-2013-13.html
• http://www.wireshark.org/security/wnpa-sec-2013-15.html
• http://www.wireshark.org/security/wnpa-sec-2013-16.html
• http://www.wireshark.org/security/wnpa-sec-2013-17.html
• http://www.wireshark.org/security/wnpa-sec-2013-18.html
• http://www.wireshark.org/security/wnpa-sec-2013-19.html
• http://www.wireshark.org/security/wnpa-sec-2013-20.html
• http://www.wireshark.org/security/wnpa-sec-2013-22.html
• http://www.wireshark.org/lists/wireshark-announce/201208/msg00003.html