===================================================================== CERT-Renater Note d'Information No. 2008/VULN002 _____________________________________________________________________ DATE : 03/01/2008 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Mandriva running wireshark. ====================================================================== _______________________________________________________________________ Package : wireshark Date : January 2, 2008 Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A number of vulnerabilities in the Wireshark program were found that could cause crashes, excessive looping, or arbitrary code execution. This update rovides Wireshark 0.99.7 which is not vulnerable to these issues. An updated version of libsmi is also being provided, not because of security issues, but because this version of wireshark uses it instead of net-snmp for SNMP support. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6111 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6112 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6117 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6118 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6120 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6121 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6438 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6439 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6441 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6451 http://www.wireshark.org/security/wnpa-sec-2007-03.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 3b8e9077915d6d2b26334de8d2f845fe 2007.0/i586/libsmi-mibs-ext-0.4.5-2.2mdv2007.0.i586.rpm dbe6a64db1d2fccb573a3e3f67f973f8 2007.0/i586/libsmi-mibs-std-0.4.5-2.2mdv2007.0.i586.rpm 87d655b543be31d5ae0f58a8dbf97027 2007.0/i586/libsmi2-0.4.5-2.2mdv2007.0.i586.rpm 4ff75e902911eb3ff3fdf307220ca62d 2007.0/i586/libsmi2-devel-0.4.5-2.2mdv2007.0.i586.rpm 49765d2627d5d361fea25034a7cffdb3 2007.0/i586/libwireshark0-0.99.7-0.1mdv2007.0.i586.rpm 0a01841128e59b2f7d176294017c6763 2007.0/i586/smi-tools-0.4.5-2.2mdv2007.0.i586.rpm 8aa19bb4d1e9117ca49513cc59029796 2007.0/i586/tshark-0.99.7-0.1mdv2007.0.i586.rpm 3bc0b4bab65defa5bf6e35759031fcb7 2007.0/i586/wireshark-0.99.7-0.1mdv2007.0.i586.rpm c0c54d8444367c6183c62cece8cac049 2007.0/i586/wireshark-tools-0.99.7-0.1mdv2007.0.i586.rpm 7968c27be369f6b1f420fa24a4a515a1 2007.0/SRPMS/libsmi-0.4.5-2.2mdv2007.0.src.rpm 93d4485e496435ada84767d57f7c1225 2007.0/SRPMS/wireshark-0.99.7-0.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 5f6ce5ab3aec1f5127103b072bd119f8 2007.0/x86_64/lib64smi2-0.4.5-2.2mdv2007.0.x86_64.rpm be3c430ecada008c60cf35e286825708 2007.0/x86_64/lib64smi2-devel-0.4.5-2.2mdv2007.0.x86_64.rpm c6fe3c1044e2dd49e6ba317ccb894584 2007.0/x86_64/lib64wireshark0-0.99.7-0.1mdv2007.0.x86_64.rpm 9d8536864c09ad40dd4224fa3b0d574d 2007.0/x86_64/libsmi-mibs-ext-0.4.5-2.2mdv2007.0.x86_64.rpm 6f038a40025193ca8051b0460fb7caa5 2007.0/x86_64/libsmi-mibs-std-0.4.5-2.2mdv2007.0.x86_64.rpm 68369d61905e99fe3ccaf53f5e57bc8e 2007.0/x86_64/smi-tools-0.4.5-2.2mdv2007.0.x86_64.rpm c26ac8fc5775cd607c661690329ab1e1 2007.0/x86_64/tshark-0.99.7-0.1mdv2007.0.x86_64.rpm d459878bb96b1876b5bd6bb474e4a7ce 2007.0/x86_64/wireshark-0.99.7-0.1mdv2007.0.x86_64.rpm 0f8cb96e05b83022fb31444bc01e08c3 2007.0/x86_64/wireshark-tools-0.99.7-0.1mdv2007.0.x86_64.rpm 7968c27be369f6b1f420fa24a4a515a1 2007.0/SRPMS/libsmi-0.4.5-2.2mdv2007.0.src.rpm 93d4485e496435ada84767d57f7c1225 2007.0/SRPMS/wireshark-0.99.7-0.1mdv2007.0.src.rpm Mandriva Linux 2007.1: d4f8fcfde7e4a5f547282829163a6838 2007.1/i586/libsmi-mibs-ext-0.4.5-2.2mdv2007.1.i586.rpm be6c823a10d7dd7ea3b23da1606e30a7 2007.1/i586/libsmi-mibs-std-0.4.5-2.2mdv2007.1.i586.rpm ae2f88e691ebb0b376a136fa2f7a5949 2007.1/i586/libsmi2-0.4.5-2.2mdv2007.1.i586.rpm 245b8d9a9b8f85437f8c4aebb81479c6 2007.1/i586/libsmi2-devel-0.4.5-2.2mdv2007.1.i586.rpm 8fe776c3019f672043e5346fd4462995 2007.1/i586/libwireshark0-0.99.7-0.1mdv2007.1.i586.rpm 42fb7f4c0baaed536c933adc1e4cb07c 2007.1/i586/smi-tools-0.4.5-2.2mdv2007.1.i586.rpm 1fefa448daf9412b9475a1fcb908ddc4 2007.1/i586/tshark-0.99.7-0.1mdv2007.1.i586.rpm 6df4f1564d1d20087b87ad12c2afc7d8 2007.1/i586/wireshark-0.99.7-0.1mdv2007.1.i586.rpm 18263c6e83de541e5c241ee90e6c07d7 2007.1/i586/wireshark-tools-0.99.7-0.1mdv2007.1.i586.rpm db3984a957602d0d4d92b3afb3a99d4e 2007.1/SRPMS/libsmi-0.4.5-2.2mdv2007.1.src.rpm ff37f6fc51d9f1fceb55e7cc993e7de5 2007.1/SRPMS/wireshark-0.99.7-0.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 33c0feb8826a285b520ec5779e94b193 2007.1/x86_64/lib64smi2-0.4.5-2.2mdv2007.1.x86_64.rpm 27af7f9e7aa57ae63b4afc44c7cf5509 2007.1/x86_64/lib64smi2-devel-0.4.5-2.2mdv2007.1.x86_64.rpm 49b666ff593a860f1930f66d1ce4defe 2007.1/x86_64/lib64wireshark0-0.99.7-0.1mdv2007.1.x86_64.rpm aee09168343a531052b148ee2b8cb612 2007.1/x86_64/libsmi-mibs-ext-0.4.5-2.2mdv2007.1.x86_64.rpm de9f9609eb2b1fa492179af10a4ae48b 2007.1/x86_64/libsmi-mibs-std-0.4.5-2.2mdv2007.1.x86_64.rpm d8e3b591abae976a1a0171824a36c906 2007.1/x86_64/smi-tools-0.4.5-2.2mdv2007.1.x86_64.rpm a26a60457e667e0bf28911bd17f9031f 2007.1/x86_64/tshark-0.99.7-0.1mdv2007.1.x86_64.rpm 55a41bf37f237a77b6d700521222865a 2007.1/x86_64/wireshark-0.99.7-0.1mdv2007.1.x86_64.rpm 1253938c2b8b83846fbcba775d1abfb6 2007.1/x86_64/wireshark-tools-0.99.7-0.1mdv2007.1.x86_64.rpm db3984a957602d0d4d92b3afb3a99d4e 2007.1/SRPMS/libsmi-0.4.5-2.2mdv2007.1.src.rpm ff37f6fc51d9f1fceb55e7cc993e7de5 2007.1/SRPMS/wireshark-0.99.7-0.1mdv2007.1.src.rpm Mandriva Linux 2008.0: 8ddec7918618ad0c05681c9e868d5749 2008.0/i586/libsmi-devel-0.4.5-2.1mdv2008.0.i586.rpm 515291f1ea87bc98886232c88d8e77ac 2008.0/i586/libsmi-mibs-ext-0.4.5-2.1mdv2008.0.i586.rpm 428ca0dd4c11b4a52e9b8b55c1226889 2008.0/i586/libsmi-mibs-std-0.4.5-2.1mdv2008.0.i586.rpm 78d313e34cd392ad925c497d77703bd1 2008.0/i586/libsmi2-0.4.5-2.1mdv2008.0.i586.rpm e9d9a6560a9f35a325c45142c20d73a7 2008.0/i586/libwireshark-devel-0.99.7-0.1mdv2008.0.i586.rpm 8cd27aef2b1d9a74125aa09a0fd67c62 2008.0/i586/libwireshark0-0.99.7-0.1mdv2008.0.i586.rpm 03ec7ad86e36e72f5726ef3e61d0c966 2008.0/i586/smi-tools-0.4.5-2.1mdv2008.0.i586.rpm ddb7b8990649bc5dfb924ab138b5f166 2008.0/i586/tshark-0.99.7-0.1mdv2008.0.i586.rpm acd81887f0c6d376c5c27c25bd9ce573 2008.0/i586/wireshark-0.99.7-0.1mdv2008.0.i586.rpm 42d89dc7de0b0d95de0b145348fbe434 2008.0/i586/wireshark-tools-0.99.7-0.1mdv2008.0.i586.rpm 1f6549a3de8de269542ed3136059de7d 2008.0/SRPMS/libsmi-0.4.5-2.1mdv2008.0.src.rpm 7d2618f7919055f24c6a5a0a642c012c 2008.0/SRPMS/wireshark-0.99.7-0.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 422f39bcba64fdc3034d8ae4107d0c83 2008.0/x86_64/lib64smi-devel-0.4.5-2.1mdv2008.0.x86_64.rpm 82cee9a6f246a30e3981639ad559ac99 2008.0/x86_64/lib64smi2-0.4.5-2.1mdv2008.0.x86_64.rpm e2750893002c9f30573bf9f13e208a24 2008.0/x86_64/lib64wireshark-devel-0.99.7-0.1mdv2008.0.x86_64.rpm 053969419e2af559526b382f891d5b5e 2008.0/x86_64/lib64wireshark0-0.99.7-0.1mdv2008.0.x86_64.rpm 9e52ac6e6da6ee73a9e5ee9713b93eac 2008.0/x86_64/libsmi-mibs-ext-0.4.5-2.1mdv2008.0.x86_64.rpm 56dda40a8b674d50338c09895d5b0edb 2008.0/x86_64/libsmi-mibs-std-0.4.5-2.1mdv2008.0.x86_64.rpm d12810fb24e625beff6000b0eb11319f 2008.0/x86_64/smi-tools-0.4.5-2.1mdv2008.0.x86_64.rpm 2a4d7a7174e29b939f7328b6c42b0cbe 2008.0/x86_64/tshark-0.99.7-0.1mdv2008.0.x86_64.rpm d9f0965ee9bd47c2a7e29d2adb7632ce 2008.0/x86_64/wireshark-0.99.7-0.1mdv2008.0.x86_64.rpm 7045d748d1bff2cc6372efcc1fa8eee9 2008.0/x86_64/wireshark-tools-0.99.7-0.1mdv2008.0.x86_64.rpm 1f6549a3de8de269542ed3136059de7d 2008.0/SRPMS/libsmi-0.4.5-2.1mdv2008.0.src.rpm 7d2618f7919055f24c6a5a0a642c012c 2008.0/SRPMS/wireshark-0.99.7-0.1mdv2008.0.src.rpm Corporate 4.0: 3105c7480d1466787bab5c202a24c881 corporate/4.0/i586/libsmi-mibs-ext-0.4.5-2.2.20060mlcs4.i586.rpm 6b1f79d9dcfede50a77833d7e27b2207 corporate/4.0/i586/libsmi-mibs-std-0.4.5-2.2.20060mlcs4.i586.rpm 3a022e89d08142476e1dd697da40aefd corporate/4.0/i586/libsmi2-0.4.5-2.2.20060mlcs4.i586.rpm ce253c3fd84efb95e9f80d91d2047ba3 corporate/4.0/i586/libsmi2-devel-0.4.5-2.2.20060mlcs4.i586.rpm cb1558626b02c7ac7a60f2470e22406f corporate/4.0/i586/libwireshark0-0.99.7-0.1.20060mlcs4.i586.rpm ba73ddd29044d4d93cec49dcd737efae corporate/4.0/i586/smi-tools-0.4.5-2.2.20060mlcs4.i586.rpm 16fde2392ce2adf31a992010cbec390f corporate/4.0/i586/tshark-0.99.7-0.1.20060mlcs4.i586.rpm f9eca8f2b302d3dbb8d7379d4038e910 corporate/4.0/i586/wireshark-0.99.7-0.1.20060mlcs4.i586.rpm 71fe25c9a1bd3b9bdb0339c51aa9463c corporate/4.0/i586/wireshark-tools-0.99.7-0.1.20060mlcs4.i586.rpm a050e420402960d4ff2608487326bc31 corporate/4.0/SRPMS/libsmi-0.4.5-2.2.20060mlcs4.src.rpm 5cce91e2cb4c0e330b7280131870640f corporate/4.0/SRPMS/wireshark-0.99.7-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 22ae3adf154cd430b91c1883344df21d corporate/4.0/x86_64/lib64smi2-0.4.5-2.2.20060mlcs4.x86_64.rpm fa4f2e5e8a8f4b055ba34ea3d6c33224 corporate/4.0/x86_64/lib64smi2-devel-0.4.5-2.2.20060mlcs4.x86_64.rpm 1601e097303a14f2b9c36d13b6d8e785 corporate/4.0/x86_64/lib64wireshark0-0.99.7-0.1.20060mlcs4.x86_64.rpm c682b4bb19a9161ffe0d4520a091815e corporate/4.0/x86_64/libsmi-mibs-ext-0.4.5-2.2.20060mlcs4.x86_64.rpm 7605b1a4a0c911e4de3c5658e87bd2fd corporate/4.0/x86_64/libsmi-mibs-std-0.4.5-2.2.20060mlcs4.x86_64.rpm 1ffe2793d1ec3747e503caa0ae38faed corporate/4.0/x86_64/smi-tools-0.4.5-2.2.20060mlcs4.x86_64.rpm 6e405520c32127950447cf43c3399bf7 corporate/4.0/x86_64/tshark-0.99.7-0.1.20060mlcs4.x86_64.rpm 3d5691445aabafc9b1871c0f46df4cb0 corporate/4.0/x86_64/wireshark-0.99.7-0.1.20060mlcs4.x86_64.rpm 9509f638dbab7c4e5a89f356db1d49fc corporate/4.0/x86_64/wireshark-tools-0.99.7-0.1.20060mlcs4.x86_64.rpm a050e420402960d4ff2608487326bc31 corporate/4.0/SRPMS/libsmi-0.4.5-2.2.20060mlcs4.src.rpm 5cce91e2cb4c0e330b7280131870640f corporate/4.0/SRPMS/wireshark-0.99.7-0.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================