wireshark-1.2.15-1.AXS4.1

エラータID: AXSA:2011-117:01

リリース日: 
2011/03/29 Tuesday - 14:09
題名: 
wireshark-1.2.15-1.AXS4.1
影響のあるチャネル: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Wireshark is a network traffic analyzer for Unix-ish operating systems.
This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package.
Security issues fixed with this release:
CVE-2011-0444
Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs.
CVE-2011-0538
Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file.
CVE-2011-0713
Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file.
CVE-2011-1139
wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) via a pcap-ng file that contains a large packet-length field.
CVE-2011-1140
Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet.
CVE-2011-1141
epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (memory consumption) via (1) a long LDAP filter string or (2) an LDAP filter string containing many elements.

解決策: 

Update packages.

CVE: 
CVE-2011-0444
Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs.
CVE-2011-0538
Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file.
CVE-2011-0713
Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file.
CVE-2011-1139
wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) via a pcap-ng file that contains a large packet-length field.
CVE-2011-1140
Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet.
CVE-2011-1141
epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (memory consumption) via (1) a long LDAP filter string or (2) an LDAP filter string containing many elements.




追加情報: 

N/A

ダウンロード: 

SRPMS
  1. wireshark-1.2.15-1.AXS4.1.src.rpm
    MD5: dfbef90a8a6daeedc37ad853b24ba7e9
    SHA-256: 731cdfcaf35ec07b70900ab84cc03f021322afe5b6b307224e89d5918f55e42f
    Size: 14.70 MB

Asianux Server 4 for x86
  1. wireshark-1.2.15-1.AXS4.1.i686.rpm
    MD5: f25bece36b424ed9b7535e316d114f13
    SHA-256: 954e46a8239635df17aee14d57f60ad5e77e381ed79fc9e27349304f52a9d0c0
    Size: 9.58 MB

Asianux Server 4 for x86_64
  1. wireshark-1.2.15-1.AXS4.1.x86_64.rpm
    MD5: 57b58769a449b3db10a14173816c21dd
    SHA-256: 5b9ea65520f307edb7554365fb84bc17977e471c07420644f80b3bf8e6d33c18
    Size: 10.65 MB
  2. wireshark-1.2.15-1.AXS4.1.i686.rpm
    MD5: f25bece36b424ed9b7535e316d114f13
    SHA-256: 954e46a8239635df17aee14d57f60ad5e77e381ed79fc9e27349304f52a9d0c0
    Size: 9.58 MB