From Mageia wiki
Jump to: navigation, search

MGASA-2012-0226

Date: August 18th, 2012
Affected releases: 1, 2


Description:
Updated wireshark packages fix security vulnerabilities:

The DCP ETSI dissector could trigger a zero division (CVE-2012-4285).

The XTP dissector could go into an infinite loop (CVE-2012-4288).

The AFP dissector could go into a large loop (CVE-2012-4289).

The RTPS2 dissector could overflow a buffer (CVE-2012-4296).

The GSM RLC MAC dissector could overflow a buffer (CVE-2012-4297).
Note: this issue, also known as wnpa-sec-2012-19, only affects Mageia 2.

The CIP dissector could exhaust system memory (CVE-2012-4291).

The STUN dissector could crash (CVE-2012-4292).

The EtherCAT Mailbox dissector could abort (CVE-2012-4293).

The CTDB dissector could go into a large loop (CVE-2012-4290).


Updated Packages:
Mageia 1:
dumpcap-1.4.15-1.mga1
lib(64)wireshark0-1.4.15-1.mga1
lib(64)wireshark-devel-1.4.15-1.mga1
rawshark-1.4.15-1.mga1
tshark-1.4.15-1.mga1
wireshark-1.4.15-1.mga1
wireshark-tools-1.4.15-1.mga1

Mageia 2:
dumpcap-1.6.10-1.mga2
lib(64)wireshark1-1.6.10-1.mga2
lib(64)wireshark-devel-1.6.10-1.mga2
rawshark-1.6.10-1.mga2
tshark-1.6.10-1.mga2
wireshark-1.6.10-1.mga2
wireshark-tools-1.6.10-1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4297 (mga2 only)
http://www.wireshark.org/security/wnpa-sec-2012-13.html
http://www.wireshark.org/security/wnpa-sec-2012-15.html
http://www.wireshark.org/security/wnpa-sec-2012-17.html
http://www.wireshark.org/security/wnpa-sec-2012-18.html
http://www.wireshark.org/security/wnpa-sec-2012-19.html (mga2 only)
http://www.wireshark.org/security/wnpa-sec-2012-20.html
http://www.wireshark.org/security/wnpa-sec-2012-21.html
http://www.wireshark.org/security/wnpa-sec-2012-22.html
http://www.wireshark.org/security/wnpa-sec-2012-23.html
http://www.wireshark.org/docs/relnotes/wireshark-1.4.15.html (mga1 only)
http://www.wireshark.org/docs/relnotes/wireshark-1.6.10.html (mga2 only)
http://www.wireshark.org/news/20120815.html
https://bugs.mageia.org/show_bug.cgi?id=7075

Retrieved from "https://wiki.mageia.org/mw-en/index.php?title=Support/Advisories/MGASA-2012-0226&oldid=10347"