Advisories | Mandriva

Package name	wireshark
Date	July 22nd, 2008
Advisory ID	MDVSA-2008:152
Affected versions	CS4.0, 2007.1, 2008.0, 2008.1

Problem Description

A number of vulnerabilities were discovered in Wireshark that could
cause it to crash while processing malicious packets (CVE-2008-3137,
CVE-2008-3138, CVE-2008-3139, CVE-2008-3140, CVE-2008-3141,
CVE-2008-3145).

This update provides Wireshark 1.0.2, which is not vulnerable to
these issues.

Updated Packages

Corporate Server 4.0

 b7c9b207a1f6671c389de029acad1c69  corporate/4.0/i586/dumpcap-1.0.2-0.1.20060mlcs4.i586.rpm
 11a820b27705d4860f809894fb86d085  corporate/4.0/i586/libwireshark0-1.0.2-0.1.20060mlcs4.i586.rpm
 1de9bd371f233413b1bd0c120d43e1c5  corporate/4.0/i586/libwireshark-devel-1.0.2-0.1.20060mlcs4.i586.rpm
 3b1335973cc247f69a944850d8cbc125  corporate/4.0/i586/rawshark-1.0.2-0.1.20060mlcs4.i586.rpm
 563078c222926843c031f130d3d99c2c  corporate/4.0/i586/tshark-1.0.2-0.1.20060mlcs4.i586.rpm
 cfcbbd5c3e911ac5987364f74ae4f588  corporate/4.0/i586/wireshark-1.0.2-0.1.20060mlcs4.i586.rpm
 c139f48f790fd228abd6bb36e5a64208  corporate/4.0/i586/wireshark-tools-1.0.2-0.1.20060mlcs4.i586.rpm 
 1be97ba104894a51125ab692206d8611  corporate/4.0/SRPMS/wireshark-1.0.2-0.1.20060mlcs4.src.rpm

Corporate Server 4.0/X86_64

 d75d7a3ee8af84b96a84ffcd52dc89b8  corporate/4.0/x86_64/dumpcap-1.0.2-0.1.20060mlcs4.x86_64.rpm
 0bfb4e76da0b755e27eea200d86a14d2  corporate/4.0/x86_64/lib64wireshark0-1.0.2-0.1.20060mlcs4.x86_64.rpm
 807c5bab351e4bbf760cabc1ac4e731d  corporate/4.0/x86_64/lib64wireshark-devel-1.0.2-0.1.20060mlcs4.x86_64.rpm
 01dd72f008237d1a466970b2393a58d6  corporate/4.0/x86_64/rawshark-1.0.2-0.1.20060mlcs4.x86_64.rpm
 03fc5d527317d3bf56d837ac3519c92e  corporate/4.0/x86_64/tshark-1.0.2-0.1.20060mlcs4.x86_64.rpm
 85a416415f1e2bb89a9e772de95999ef  corporate/4.0/x86_64/wireshark-1.0.2-0.1.20060mlcs4.x86_64.rpm
 05a1763fc92c61ca4e717cafbdd78f39  corporate/4.0/x86_64/wireshark-tools-1.0.2-0.1.20060mlcs4.x86_64.rpm 
 1be97ba104894a51125ab692206d8611  corporate/4.0/SRPMS/wireshark-1.0.2-0.1.20060mlcs4.src.rpm

Mandriva Linux 2007.1

 dd208d3bd415b566884410e3efb5a748  2007.1/i586/libwireshark0-1.0.2-0.1mdv2007.1.i586.rpm
 8ac38caee13fca07ff4cf7119491256c  2007.1/i586/tshark-1.0.2-0.1mdv2007.1.i586.rpm
 31815a8faec571b90c786112651853bf  2007.1/i586/wireshark-1.0.2-0.1mdv2007.1.i586.rpm
 6c61296c26edd8e8d62e30c7af36ba02  2007.1/i586/wireshark-tools-1.0.2-0.1mdv2007.1.i586.rpm 
 00dca267b96e50a75e7c4b7952ca1e61  2007.1/SRPMS/wireshark-1.0.2-0.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64

 0fa4bbaf37ea0bbec825a292f6ba1f08  2007.1/x86_64/lib64wireshark0-1.0.2-0.1mdv2007.1.x86_64.rpm
 ec00436f7fa7246808ff9294d3d30106  2007.1/x86_64/tshark-1.0.2-0.1mdv2007.1.x86_64.rpm
 c0f6b3ce6506a9027d713a89fb411aac  2007.1/x86_64/wireshark-1.0.2-0.1mdv2007.1.x86_64.rpm
 83cde7ccbdc2455adb91f5f8449866f6  2007.1/x86_64/wireshark-tools-1.0.2-0.1mdv2007.1.x86_64.rpm 
 00dca267b96e50a75e7c4b7952ca1e61  2007.1/SRPMS/wireshark-1.0.2-0.1mdv2007.1.src.rpm

Mandriva Linux 2008.0

 7f8c3c3536693c76c35a2433217672f1  2008.0/i586/dumpcap-1.0.2-0.1mdv2008.0.i586.rpm
 d786b113715eebfed26d744f234926f9  2008.0/i586/libwireshark0-1.0.2-0.1mdv2008.0.i586.rpm
 20e723680556b90b32753a22debcc8fd  2008.0/i586/libwireshark-devel-1.0.2-0.1mdv2008.0.i586.rpm
 55324e20c3793fefa4fc31466a230859  2008.0/i586/rawshark-1.0.2-0.1mdv2008.0.i586.rpm
 36c42e5a2a8ca9133ef8b23781c2a908  2008.0/i586/tshark-1.0.2-0.1mdv2008.0.i586.rpm
 cdc0c62d7936e449564c32fe6a829394  2008.0/i586/wireshark-1.0.2-0.1mdv2008.0.i586.rpm
 856e94f29f01a71cffc9d1fc05cfcabc  2008.0/i586/wireshark-tools-1.0.2-0.1mdv2008.0.i586.rpm 
 802f0a708e0dd820b242b9682ef5f482  2008.0/SRPMS/wireshark-1.0.2-0.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64

 a473c5eab195923066ba820207cd4dd0  2008.0/x86_64/dumpcap-1.0.2-0.1mdv2008.0.x86_64.rpm
 2345349e97af7c3b07c9effba42e9a5b  2008.0/x86_64/lib64wireshark0-1.0.2-0.1mdv2008.0.x86_64.rpm
 ded19cb2dc2e3a435c83ad6010dd1ab6  2008.0/x86_64/lib64wireshark-devel-1.0.2-0.1mdv2008.0.x86_64.rpm
 6ae396fcdc52b87f7c4d359ae596e861  2008.0/x86_64/rawshark-1.0.2-0.1mdv2008.0.x86_64.rpm
 b28e8bcf8801836a8d1c35f53e566fc6  2008.0/x86_64/tshark-1.0.2-0.1mdv2008.0.x86_64.rpm
 bd219f2c009719d100f5411fd2e1472f  2008.0/x86_64/wireshark-1.0.2-0.1mdv2008.0.x86_64.rpm
 3f552df165c98123991e8aca8290944b  2008.0/x86_64/wireshark-tools-1.0.2-0.1mdv2008.0.x86_64.rpm 
 802f0a708e0dd820b242b9682ef5f482  2008.0/SRPMS/wireshark-1.0.2-0.1mdv2008.0.src.rpm

Mandriva Linux 2008.1

 b4cd63431babb044b459f41edd4df7a9  2008.1/i586/dumpcap-1.0.2-0.1mdv2008.1.i586.rpm
 aecdbf2396bd03ff4035ce3d0361c8e0  2008.1/i586/libwireshark0-1.0.2-0.1mdv2008.1.i586.rpm
 21947f15d454e06e183282e943590fc5  2008.1/i586/libwireshark-devel-1.0.2-0.1mdv2008.1.i586.rpm
 04e5404a727ec4ca9bbb15ee577b2a3e  2008.1/i586/rawshark-1.0.2-0.1mdv2008.1.i586.rpm
 c4779d4d2118c82a01c0427fcc63edaf  2008.1/i586/tshark-1.0.2-0.1mdv2008.1.i586.rpm
 4cea15f71bb937e02babe751db0bf14e  2008.1/i586/wireshark-1.0.2-0.1mdv2008.1.i586.rpm
 dfbb6ffde7247a632f668f505e238b93  2008.1/i586/wireshark-tools-1.0.2-0.1mdv2008.1.i586.rpm 
 2053cca12220e79bb9b3c44d05cdc025  2008.1/SRPMS/wireshark-1.0.2-0.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64

 01304dde4b0d58f4b25cf189cd26e6e4  2008.1/x86_64/dumpcap-1.0.2-0.1mdv2008.1.x86_64.rpm
 a1ca40167925697676bb747bb073cbe3  2008.1/x86_64/lib64wireshark0-1.0.2-0.1mdv2008.1.x86_64.rpm
 325f5a4bfcbc85e1eb0a2d73f7643b0c  2008.1/x86_64/lib64wireshark-devel-1.0.2-0.1mdv2008.1.x86_64.rpm
 974780f892d6c73b3071708cc8e43f7a  2008.1/x86_64/rawshark-1.0.2-0.1mdv2008.1.x86_64.rpm
 65e8b1137469b6f2c57c6c67c71c3f34  2008.1/x86_64/tshark-1.0.2-0.1mdv2008.1.x86_64.rpm
 9c006ce97cc27a379ad7103fae91d276  2008.1/x86_64/wireshark-1.0.2-0.1mdv2008.1.x86_64.rpm
 5b58551478a166e16a1eefe6b7bf8734  2008.1/x86_64/wireshark-tools-1.0.2-0.1mdv2008.1.x86_64.rpm 
 2053cca12220e79bb9b3c44d05cdc025  2008.1/SRPMS/wireshark-1.0.2-0.1mdv2008.1.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3145
http://www.wireshark.org/security/wnpa-sec-2008-03.html
http://www.wireshark.org/security/wnpa-sec-2008-04.html

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

		rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.