MDVSA-2012:135

Nom du paquet

wireshark

Date

2012-08-16

Advisory ID

MDVSA-2012:135

Affected versions

MES5 i586 , MES5 x86_64

Problem description

Multiple vulnerabilities was found and corrected in Wireshark:

The DCP ETSI dissector could trigger a zero division (CVE-2012-4285).

The MongoDB dissector could go into a large loop (CVE-2012-4287).

The XTP dissector could go into an infinite loop (CVE-2012-4288).

The AFP dissector could go into a large loop (CVE-2012-4289).

The RTPS2 dissector could overflow a buffer (CVE-2012-4296).

The CIP dissector could exhaust system memory (CVE-2012-4291).

The STUN dissector could crash (CVE-2012-4292).

The EtherCAT Mailbox dissector could abort (CVE-2012-4293).

The CTDB dissector could go into a large loop (CVE-2012-4290).

This advisory provides the latest version of Wireshark (1.4.15)
which is not vulnerable to these issues.

Updated packages

MES5 i586

 de5916a3a128c3d1a4ab4a949711cfff  mes5/i586/dumpcap-1.4.15-0.1mdvmes5.2.i586.rpm
 ab21d43c9db40602e052ac1c971fa2bf  mes5/i586/libwireshark0-1.4.15-0.1mdvmes5.2.i586.rpm
 5006e1626b0c20298f495701da7afabf  mes5/i586/libwireshark-devel-1.4.15-0.1mdvmes5.2.i586.rpm
 87d38a533260ef42ca0b7e26f8a06ddc  mes5/i586/rawshark-1.4.15-0.1mdvmes5.2.i586.rpm
 38624a2593f86f609185b1977ad2016b  mes5/i586/tshark-1.4.15-0.1mdvmes5.2.i586.rpm
 cce04280dd6d0fcea7cddf1fda4ec39d  mes5/i586/wireshark-1.4.15-0.1mdvmes5.2.i586.rpm
 a86beb4e7fd29ad2e7b46f2774ce5a21  mes5/i586/wireshark-tools-1.4.15-0.1mdvmes5.2.i586.rpm 
 041a1698014486564bff3894c7059a88  mes5/SRPMS/wireshark-1.4.15-0.1mdvmes5.2.src.rpm

MES5 x86_64

 0f6dd53b61852266edcfaf8d4c90a273  mes5/x86_64/dumpcap-1.4.15-0.1mdvmes5.2.x86_64.rpm
 c4507be655e01e351f405d3ad7e653ff  mes5/x86_64/lib64wireshark0-1.4.15-0.1mdvmes5.2.x86_64.rpm
 1b0139bb5a3a27c5a9aede9f7460d509  mes5/x86_64/lib64wireshark-devel-1.4.15-0.1mdvmes5.2.x86_64.rpm
 8c2ecfbcd9f3391dee8a603d5835d3ca  mes5/x86_64/rawshark-1.4.15-0.1mdvmes5.2.x86_64.rpm
 a5b63ec4848d7b5deba240eb1e32df68  mes5/x86_64/tshark-1.4.15-0.1mdvmes5.2.x86_64.rpm
 f8f929468711cd9105570aee159d2a2a  mes5/x86_64/wireshark-1.4.15-0.1mdvmes5.2.x86_64.rpm
 512747db5037f6971bd6d042ecd564ed  mes5/x86_64/wireshark-tools-1.4.15-0.1mdvmes5.2.x86_64.rpm 
 041a1698014486564bff3894c7059a88  mes5/SRPMS/wireshark-1.4.15-0.1mdvmes5.2.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4289
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4285
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4288
• http://www.wireshark.org/security/wnpa-sec-2012-23.html
• http://www.wireshark.org/security/wnpa-sec-2012-22.html
• http://www.wireshark.org/security/wnpa-sec-2012-21.html
• http://www.wireshark.org/security/wnpa-sec-2012-20.html
• http://www.wireshark.org/security/wnpa-sec-2012-18.html
• http://www.wireshark.org/security/wnpa-sec-2012-17.html
• http://www.wireshark.org/security/wnpa-sec-2012-15.html
• http://www.wireshark.org/security/wnpa-sec-2012-14.html
• http://www.wireshark.org/security/wnpa-sec-2012-13.html
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4296
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4291
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4292
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4293
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4290