LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

October 2008

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA October 2008

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Security ERRATA for wireshark on SL3.x, SL4.x, SL5.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Tue, 14 Oct 2008 16:16:17 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (88 lines)

We had a compiling problem on the SL4 x86_64 rpms.  The compiling problem has 
been fixed and is working now.  Both the x86_64 and i386 rpm's have been 
rebuilt with the new name to keep consistency.
No code has been changed.  The rpm's were only recompiled.

SL 4.x

        SRPMS:
wireshark-1.0.3-3.el4_7.sl.src.rpm
        i386:
wireshark-1.0.3-3.el4_7.sl.i386.rpm
wireshark-gnome-1.0.3-3.el4_7.sl.i386.rpm
        x86_64:
wireshark-1.0.3-3.el4_7.sl.x86_64.rpm
wireshark-gnome-1.0.3-3.el4_7.sl.x86_64.rpm

Troy Dawson

Troy J Dawson wrote:
> Synopsis:       Moderate: wireshark security update
> Issue date:     2008-10-01
> CVE Names:      CVE-2008-1070 CVE-2008-1071 CVE-2008-1072
>                    CVE-2008-1561 CVE-2008-1562 CVE-2008-1563
>                    CVE-2008-3137 CVE-2008-3138 CVE-2008-3141
>                    CVE-2008-3145 CVE-2008-3146 CVE-2008-3932
>                    CVE-2008-3933 CVE-2008-3934
> 
> Multiple buffer overflow flaws were found in Wireshark. If Wireshark read
> a malformed packet off a network, it could crash or, possibly, execute
> arbitrary code as the user running Wireshark. (CVE-2008-3146)
> 
> Several denial of service flaws were found in Wireshark. Wireshark could
> crash or stop responding if it read a malformed packet off a network, or
> opened a malformed dump file. (CVE-2008-1070, CVE-2008-1071, CVE-2008-1072,
> CVE-2008-1561, CVE-2008-1562, CVE-2008-1563, CVE-2008-3137, CVE-2008-3138,
> CVE-2008-3141, CVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934)
> 
> Additionally, this update changes the default Pluggable Authentication
> Modules (PAM) configuration to always prompt for the root password before
> each start of Wireshark. This avoids unintentionally running Wireshark with
> root privileges.
> 
> SL 3.0.x
> 
>       SRPMS:
> wireshark-1.0.3-EL3.3.src.rpm
>       i386:
> wireshark-1.0.3-EL3.3.i386.rpm
> wireshark-gnome-1.0.3-EL3.3.i386.rpm
>       x86_64:
> wireshark-1.0.3-EL3.3.x86_64.rpm
> wireshark-gnome-1.0.3-EL3.3.x86_64.rpm
> 
> SL 4.x
> 
>       SRPMS:
> wireshark-1.0.3-3.el4_7.src.rpm
>       i386:
> wireshark-1.0.3-3.el4_7.i386.rpm
> wireshark-gnome-1.0.3-3.el4_7.i386.rpm
>       x86_64:
> wireshark-1.0.3-3.el4_7.x86_64.rpm
> wireshark-gnome-1.0.3-3.el4_7.x86_64.rpm
> 
> SL 5.x
> 
>       SRPMS:
> wireshark-1.0.3-4.el5_2.src.rpm
>       i386:
> wireshark-1.0.3-4.el5_2.i386.rpm
> wireshark-gnome-1.0.3-4.el5_2.i386.rpm
>       x86_64:
> wireshark-1.0.3-4.el5_2.x86_64.rpm
> wireshark-gnome-1.0.3-4.el5_2.x86_64.rpm
> 
> -Connie Sieh
> -Troy Dawson
> 
> 
> 


-- 
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/LCSI/CSI DSS Group
__________________________________________________

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV