Jump to content

Sign in to follow this

Followers 0

news

[RHSA-2008:0890-01] Moderate: wireshark security update

By news, October 1, 2008 in Upcoming News

Recommended Posts

news 28

news

Posted October 1, 2008

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

=====================================================================

Red Hat Security Advisory

Synopsis: Moderate: wireshark security update

Advisory ID: RHSA-2008:0890-01

Product: Red Hat Enterprise Linux

Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0890.html

Issue date: 2008-10-01

CVE Names: CVE-2008-1070 CVE-2008-1071 CVE-2008-1072

CVE-2008-1561 CVE-2008-1562 CVE-2008-1563

CVE-2008-3137 CVE-2008-3138 CVE-2008-3141

CVE-2008-3145 CVE-2008-3146 CVE-2008-3932

CVE-2008-3933 CVE-2008-3934

=====================================================================

1. Summary:

Updated wireshark packages that fix several security issues are now

available for Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having moderate security impact by the Red

Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Desktop version 3 - i386, x86_64

Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

RHEL Desktop Workstation (v. 5 client) - i386, x86_64

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Description:

Wireshark is a program for monitoring network traffic. Wireshark was

previously known as Ethereal.

Multiple buffer overflow flaws were found in Wireshark. If Wireshark read

a malformed packet off a network, it could crash or, possibly, execute

arbitrary code as the user running Wireshark. (CVE-2008-3146)

Several denial of service flaws were found in Wireshark. Wireshark could

crash or stop responding if it read a malformed packet off a network, or

opened a malformed dump file. (CVE-2008-1070, CVE-2008-1071, CVE-2008-1072,

CVE-2008-1561, CVE-2008-1562, CVE-2008-1563, CVE-2008-3137, CVE-2008-3138,

CVE-2008-3141, CVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934)

Additionally, this update changes the default Pluggable Authentication

Modules (PAM) configuration to always prompt for the root password before

each start of Wireshark. This avoids unintentionally running Wireshark with

root privileges.

Users of wireshark should upgrade to these updated packages, which contain

Wireshark version 1.0.3, and resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released

errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use

the Red Hat Network to apply this update are available at

http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

435481 - CVE-2008-1070 wireshark: SCTP dissector crash

435482 - CVE-2008-1071 wireshark: SNMP dissector crash

435483 - CVE-2008-1072 wireshark: TFTP dissector crash

439943 - CVE-2008-1563 wireshark: crash in SCCP dissector

440014 - CVE-2008-1561 wireshark: crash in X.509sat and Roofnet dissectors

440015 - CVE-2008-1562 wireshark: crash in LDAP dissector

448584 - Don't automatically use stored privileges

454970 - CVE-2008-3137 wireshark: crash in the GSM SMS dissector

454971 - CVE-2008-3138 wireshark: unexpected exit in the PANA and KISMET dissectors

454975 - CVE-2008-3141 wireshark: memory disclosure in the RMI dissector

454984 - CVE-2008-3145 wireshark: crash in the packet reassembling

461242 - CVE-2008-3146 wireshark: multiple buffer overflows in NCP dissector

461243 - CVE-2008-3932 wireshark: infinite loop in the NCP dissector

461244 - CVE-2008-3933 wireshark: crash triggered by zlib-compressed packet data

461245 - CVE-2008-3934 wireshark: crash via crafted Tektronix .rf5 file

6. Package List:

Red Hat Enterprise Linux AS version 3:

Source:

ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/wireshark-1.0.3-EL3.3.src.rpm

i386:

wireshark-1.0.3-EL3.3.i386.rpm

wireshark-debuginfo-1.0.3-EL3.3.i386.rpm

wireshark-gnome-1.0.3-EL3.3.i386.rpm

ia64:

wireshark-1.0.3-EL3.3.ia64.rpm

wireshark-debuginfo-1.0.3-EL3.3.ia64.rpm

wireshark-gnome-1.0.3-EL3.3.ia64.rpm

ppc:

wireshark-1.0.3-EL3.3.ppc.rpm

wireshark-debuginfo-1.0.3-EL3.3.ppc.rpm

wireshark-gnome-1.0.3-EL3.3.ppc.rpm

s390:

wireshark-1.0.3-EL3.3.s390.rpm

wireshark-debuginfo-1.0.3-EL3.3.s390.rpm

wireshark-gnome-1.0.3-EL3.3.s390.rpm

s390x:

wireshark-1.0.3-EL3.3.s390x.rpm

wireshark-debuginfo-1.0.3-EL3.3.s390x.rpm

wireshark-gnome-1.0.3-EL3.3.s390x.rpm

x86_64:

wireshark-1.0.3-EL3.3.x86_64.rpm

wireshark-debuginfo-1.0.3-EL3.3.x86_64.rpm

wireshark-gnome-1.0.3-EL3.3.x86_64.rpm

Red Hat Desktop version 3:

Source:

ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/wireshark-1.0.3-EL3.3.src.rpm

i386:

wireshark-1.0.3-EL3.3.i386.rpm

wireshark-debuginfo-1.0.3-EL3.3.i386.rpm

wireshark-gnome-1.0.3-EL3.3.i386.rpm

x86_64:

wireshark-1.0.3-EL3.3.x86_64.rpm

wireshark-debuginfo-1.0.3-EL3.3.x86_64.rpm

wireshark-gnome-1.0.3-EL3.3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

Source:

ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/wireshark-1.0.3-EL3.3.src.rpm

i386:

wireshark-1.0.3-EL3.3.i386.rpm

wireshark-debuginfo-1.0.3-EL3.3.i386.rpm

wireshark-gnome-1.0.3-EL3.3.i386.rpm

ia64:

wireshark-1.0.3-EL3.3.ia64.rpm

wireshark-debuginfo-1.0.3-EL3.3.ia64.rpm

wireshark-gnome-1.0.3-EL3.3.ia64.rpm

x86_64:

wireshark-1.0.3-EL3.3.x86_64.rpm

wireshark-debuginfo-1.0.3-EL3.3.x86_64.rpm

wireshark-gnome-1.0.3-EL3.3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

Source:

ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/wireshark-1.0.3-EL3.3.src.rpm

i386:

wireshark-1.0.3-EL3.3.i386.rpm

wireshark-debuginfo-1.0.3-EL3.3.i386.rpm

wireshark-gnome-1.0.3-EL3.3.i386.rpm

ia64:

wireshark-1.0.3-EL3.3.ia64.rpm

wireshark-debuginfo-1.0.3-EL3.3.ia64.rpm

wireshark-gnome-1.0.3-EL3.3.ia64.rpm

x86_64:

wireshark-1.0.3-EL3.3.x86_64.rpm

wireshark-debuginfo-1.0.3-EL3.3.x86_64.rpm

wireshark-gnome-1.0.3-EL3.3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

Source:

ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/wireshark-1.0.3-3.el4_7.src.rpm

i386:

wireshark-1.0.3-3.el4_7.i386.rpm

wireshark-debuginfo-1.0.3-3.el4_7.i386.rpm

wireshark-gnome-1.0.3-3.el4_7.i386.rpm

ia64:

wireshark-1.0.3-3.el4_7.ia64.rpm

wireshark-debuginfo-1.0.3-3.el4_7.ia64.rpm

wireshark-gnome-1.0.3-3.el4_7.ia64.rpm

ppc:

wireshark-1.0.3-3.el4_7.ppc.rpm

wireshark-debuginfo-1.0.3-3.el4_7.ppc.rpm

wireshark-gnome-1.0.3-3.el4_7.ppc.rpm

s390:

wireshark-1.0.3-3.el4_7.s390.rpm

wireshark-debuginfo-1.0.3-3.el4_7.s390.rpm

wireshark-gnome-1.0.3-3.el4_7.s390.rpm

s390x:

wireshark-1.0.3-3.el4_7.s390x.rpm

wireshark-debuginfo-1.0.3-3.el4_7.s390x.rpm

wireshark-gnome-1.0.3-3.el4_7.s390x.rpm

x86_64:

wireshark-1.0.3-3.el4_7.x86_64.rpm

wireshark-debuginfo-1.0.3-3.el4_7.x86_64.rpm

wireshark-gnome-1.0.3-3.el4_7.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:

ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/wireshark-1.0.3-3.el4_7.src.rpm

i386:

wireshark-1.0.3-3.el4_7.i386.rpm

wireshark-debuginfo-1.0.3-3.el4_7.i386.rpm

wireshark-gnome-1.0.3-3.el4_7.i386.rpm

x86_64:

wireshark-1.0.3-3.el4_7.x86_64.rpm

wireshark-debuginfo-1.0.3-3.el4_7.x86_64.rpm

wireshark-gnome-1.0.3-3.el4_7.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:

ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/wireshark-1.0.3-3.el4_7.src.rpm

i386:

wireshark-1.0.3-3.el4_7.i386.rpm

wireshark-debuginfo-1.0.3-3.el4_7.i386.rpm

wireshark-gnome-1.0.3-3.el4_7.i386.rpm

ia64:

wireshark-1.0.3-3.el4_7.ia64.rpm

wireshark-debuginfo-1.0.3-3.el4_7.ia64.rpm

wireshark-gnome-1.0.3-3.el4_7.ia64.rpm

x86_64:

wireshark-1.0.3-3.el4_7.x86_64.rpm

wireshark-debuginfo-1.0.3-3.el4_7.x86_64.rpm

wireshark-gnome-1.0.3-3.el4_7.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:

ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/wireshark-1.0.3-3.el4_7.src.rpm

i386:

wireshark-1.0.3-3.el4_7.i386.rpm

wireshark-debuginfo-1.0.3-3.el4_7.i386.rpm

wireshark-gnome-1.0.3-3.el4_7.i386.rpm

ia64:

wireshark-1.0.3-3.el4_7.ia64.rpm

wireshark-debuginfo-1.0.3-3.el4_7.ia64.rpm

wireshark-gnome-1.0.3-3.el4_7.ia64.rpm

x86_64:

wireshark-1.0.3-3.el4_7.x86_64.rpm

wireshark-debuginfo-1.0.3-3.el4_7.x86_64.rpm

wireshark-gnome-1.0.3-3.el4_7.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:

ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/wireshark-1.0.3-4.el5_2.src.rpm

i386:

wireshark-1.0.3-4.el5_2.i386.rpm

wireshark-debuginfo-1.0.3-4.el5_2.i386.rpm

x86_64:

wireshark-1.0.3-4.el5_2.x86_64.rpm

wireshark-debuginfo-1.0.3-4.el5_2.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:

ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/wireshark-1.0.3-4.el5_2.src.rpm

i386:

wireshark-debuginfo-1.0.3-4.el5_2.i386.rpm

wireshark-gnome-1.0.3-4.el5_2.i386.rpm

x86_64:

wireshark-debuginfo-1.0.3-4.el5_2.x86_64.rpm

wireshark-gnome-1.0.3-4.el5_2.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:

ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/wireshark-1.0.3-4.el5_2.src.rpm

i386:

wireshark-1.0.3-4.el5_2.i386.rpm

wireshark-debuginfo-1.0.3-4.el5_2.i386.rpm

wireshark-gnome-1.0.3-4.el5_2.i386.rpm

ia64:

wireshark-1.0.3-4.el5_2.ia64.rpm

wireshark-debuginfo-1.0.3-4.el5_2.ia64.rpm

wireshark-gnome-1.0.3-4.el5_2.ia64.rpm

ppc:

wireshark-1.0.3-4.el5_2.ppc.rpm

wireshark-debuginfo-1.0.3-4.el5_2.ppc.rpm

wireshark-gnome-1.0.3-4.el5_2.ppc.rpm

s390x:

wireshark-1.0.3-4.el5_2.s390x.rpm

wireshark-debuginfo-1.0.3-4.el5_2.s390x.rpm

wireshark-gnome-1.0.3-4.el5_2.s390x.rpm

x86_64:

wireshark-1.0.3-4.el5_2.x86_64.rpm

wireshark-debuginfo-1.0.3-4.el5_2.x86_64.rpm

wireshark-gnome-1.0.3-4.el5_2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and

details on how to verify the signature are available from

https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1070

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1071

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1072

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1561

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1562

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1563

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3137

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3138

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3141

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3145

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3146

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3932

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3933

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3934

http://www.redhat.com/security/updates/classification/#moderate

http://www.wireshark.org/docs/relnotes/

http://www.wireshark.org/security/

8. Contact:

The Red Hat security contact is . More contact

details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFI47SDXlSAg2UNWIIRAn+rAKCpwzf0qDvMW7oKkRFBPKG9SUM8EQCdFOrY

IA/ni3ULZkdy5MvSwZ19o1U=

=X25R

-----END PGP SIGNATURE-----

--

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in

Sign In Now

Sign in to follow this

Followers 0

Go To Topic Listing Upcoming News

×

Existing user? Sign In

Browse
- Back
- Browse
- Forums
- Staff
- Online Users
- Leaderboard
Activity
- Back
- Activity
- All Activity
- Search
Leaderboard