LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

January 2013

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA January 2013

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Moderate: wireshark on SL5.x i386/x86_64
From:	Pat Riehecky <[log in to unmask]>
Reply To:	Pat Riehecky <[log in to unmask]>
Date:	Wed, 16 Jan 2013 16:10:20 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (87 lines)

Synopsis:          Moderate: wireshark security, bug fix, and 
enhancement update
Issue Date:        2013-01-08
CVE Numbers:       CVE-2011-1959
                    CVE-2011-2175
                    CVE-2011-1958
                    CVE-2011-2698
                    CVE-2011-4102
                    CVE-2012-0041
                    CVE-2012-0042
                    CVE-2012-0066
                    CVE-2012-0067
                    CVE-2012-4285
                    CVE-2012-4289
                    CVE-2012-4291
                    CVE-2012-4290
--

A heap-based buffer overflow flaw was found in the way Wireshark handled 
Endace
ERF (Extensible Record Format) capture files. If Wireshark opened a 
specially-
crafted ERF capture file, it could crash or, possibly, execute arbitrary 
code
as the user running Wireshark. (CVE-2011-4102)

Several denial of service flaws were found in Wireshark. Wireshark could 
crash
or stop responding if it read a malformed packet off a network, or opened a
malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175,
CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067,
CVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291)

This update also fixes the following bugs:

* When Wireshark starts with the X11 protocol being tunneled through an SSH
connection, it automatically prepares its capture filter to omit the SSH
packets. If the SSH connection was to a link-local IPv6 address including an
interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed this
address erroneously, constructed an incorrect capture filter and refused to
capture packets. The "Invalid capture filter" message was displayed. 
With this
update, parsing of link-local IPv6 addresses is fixed and Wireshark 
correctly
prepares a capture filter to omit SSH packets over a link-local IPv6
connection.

* Previously, Wireshark's column editing dialog malformed column names when
they were selected. With this update, the dialog is fixed and no longer 
breaks
column names.

* Previously, TShark, the console packet analyzer, did not properly 
analyze the
exit code of Dumpcap, Wireshark's packet capturing back end. As a result,
TShark returned exit code 0 when Dumpcap failed to parse its command-line
arguments. In this update, TShark correctly propagates the Dumpcap exit code
and returns a non-zero exit code when Dumpcap fails.

* Previously, the TShark "-s" (snapshot length) option worked only for a 
value
greater than 68 bytes. If a lower value was specified, TShark captured 
just 68
bytes of incoming packets. With this update, the "-s" option is fixed 
and sizes
lower than 68 bytes work as expected.

This update also adds the following enhancement:

* In this update, support for the "NetDump" protocol was added.

All running instances of Wireshark must be restarted for the update to take
effect.
--

SL5
   x86_64
     wireshark-1.0.15-5.el5.x86_64.rpm
     wireshark-debuginfo-1.0.15-5.el5.x86_64.rpm
     wireshark-gnome-1.0.15-5.el5.x86_64.rpm
   i386
     wireshark-1.0.15-5.el5.i386.rpm
     wireshark-debuginfo-1.0.15-5.el5.i386.rpm
     wireshark-gnome-1.0.15-5.el5.i386.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV