MDVSA-2012:134
- Package name
- wireshark
- Date
- 2012-08-16
- Advisory ID
- MDVSA-2012:134
- Affected versions
- 2011 i586 , 2011 x86_64
Problem description
Multiple vulnerabilities was found and corrected in Wireshark:
The DCP ETSI dissector could trigger a zero division (CVE-2012-4285).
The MongoDB dissector could go into a large loop (CVE-2012-4287).
The XTP dissector could go into an infinite loop (CVE-2012-4288).
The AFP dissector could go into a large loop (CVE-2012-4289).
The RTPS2 dissector could overflow a buffer (CVE-2012-4296).
The GSM RLC MAC dissector could overflow a buffer (CVE-2012-4297).
The CIP dissector could exhaust system memory (CVE-2012-4291).
The STUN dissector could crash (CVE-2012-4292).
The EtherCAT Mailbox dissector could abort (CVE-2012-4293).
The CTDB dissector could go into a large loop (CVE-2012-4290).
This advisory provides the latest version of Wireshark (1.6.10)
which is not vulnerable to these issues.
Updated packages
2011 i586
7f9b50d728f3677d600e2b3c5cf9e143 2011/i586/dumpcap-1.6.10-0.1-mdv2011.0.i586.rpm 41abd4e3174bc66135b63c3ce413cd8b 2011/i586/libwireshark1-1.6.10-0.1-mdv2011.0.i586.rpm a4bf1c8d7782a041943931e03b9ec697 2011/i586/libwireshark-devel-1.6.10-0.1-mdv2011.0.i586.rpm 4dbd471403d5fa43f773d451026927f3 2011/i586/rawshark-1.6.10-0.1-mdv2011.0.i586.rpm df238ceb7fce4e998831115aba7cb198 2011/i586/tshark-1.6.10-0.1-mdv2011.0.i586.rpm 15ee012ac6dcbc61c98e1e6cf9f81f33 2011/i586/wireshark-1.6.10-0.1-mdv2011.0.i586.rpm 3eb9c08e21a8d18c8fe2053112244260 2011/i586/wireshark-tools-1.6.10-0.1-mdv2011.0.i586.rpm 47f4c354b2c73e325e99d1f699d9b8c8 2011/SRPMS/wireshark-1.6.10-0.1.src.rpm
2011 x86_64
0b3d330fc5721e9fe162d458aca0eb90 2011/x86_64/dumpcap-1.6.10-0.1-mdv2011.0.x86_64.rpm e2e642f3864a217f26d2f07ac0dc473a 2011/x86_64/lib64wireshark1-1.6.10-0.1-mdv2011.0.x86_64.rpm c73e6a0704ec32b2b10b2ec1dad3fa0b 2011/x86_64/lib64wireshark-devel-1.6.10-0.1-mdv2011.0.x86_64.rpm bdffe67b6ecf6a09035b74ba703def73 2011/x86_64/rawshark-1.6.10-0.1-mdv2011.0.x86_64.rpm 9bedf4907301f42a94c7c9ab9114a9c2 2011/x86_64/tshark-1.6.10-0.1-mdv2011.0.x86_64.rpm 9ea44005e04b88cbabe97d2ed75f2ed5 2011/x86_64/wireshark-1.6.10-0.1-mdv2011.0.x86_64.rpm 506b0f9a80fdc7482b185c543669e331 2011/x86_64/wireshark-tools-1.6.10-0.1-mdv2011.0.x86_64.rpm 47f4c354b2c73e325e99d1f699d9b8c8 2011/SRPMS/wireshark-1.6.10-0.1.src.rpm
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4296
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4297
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4289
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4285
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4288
- http://www.wireshark.org/security/wnpa-sec-2012-23.html
- http://www.wireshark.org/security/wnpa-sec-2012-22.html
- http://www.wireshark.org/security/wnpa-sec-2012-21.html
- http://www.wireshark.org/security/wnpa-sec-2012-20.html
- http://www.wireshark.org/security/wnpa-sec-2012-19.html
- http://www.wireshark.org/security/wnpa-sec-2012-18.html
- http://www.wireshark.org/security/wnpa-sec-2012-17.html
- http://www.wireshark.org/security/wnpa-sec-2012-15.html
- http://www.wireshark.org/security/wnpa-sec-2012-14.html
- http://www.wireshark.org/security/wnpa-sec-2012-13.html
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4291
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4292
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4293
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4290