Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2007.0882 -- [Win][UNIX/Linux][RedHat] Low: wireshark security update 8 November 2007 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: wireshark Publisher: Red Hat Operating System: Red Hat Linux 5 UNIX variants (UNIX, Linux, OSX) Windows Impact: Denial of Service Access: Remote/Unauthenticated CVE Names: CVE-2007-3393 CVE-2007-3392 CVE-2007-3391 CVE-2007-3390 CVE-2007-3389 Ref: ESB-2007.0478 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2007-0710.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: wireshark security update Advisory ID: RHSA-2007:0710-04 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0710.html Issue date: 2007-11-07 Updated on: 2007-11-07 Product: Red Hat Enterprise Linux Keywords: HTTP iSeries DCP ETSI SSL MMS DHCP BOOTP crash loop DoS CVE Names: CVE-2007-3389 CVE-2007-3390 CVE-2007-3391 CVE-2007-3392 CVE-2007-3393 - - --------------------------------------------------------------------- 1. Summary: New Wireshark packages that fix various security vulnerabilities are now available for Red Hat Enterprise Linux 5. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: Wireshark is a program for monitoring network traffic. Several denial of service bugs were found in Wireshark's HTTP, iSeries, DCP ETSI, SSL, MMS, DHCP and BOOTP protocol dissectors. It was possible for Wireshark to crash or stop responding if it read a malformed packet off the network. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3393) Users of Wireshark and Ethereal should upgrade to these updated packages, containing Wireshark version 0.99.6, which is not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 245796 - CVE-2007-3389 Wireshark crashes when inspecting HTTP traffic 245797 - CVE-2007-3391 Wireshark loops infinitely when inspecting DCP ETSI traffic 245798 - CVE-2007-3392 Wireshark loops infinitely when inspecting SSL traffic 246221 - CVE-2007-3393 Wireshark corrupts the stack when inspecting BOOTP traffic 246225 - CVE-2007-3390 Wireshark crashes when inspecting iSeries traffic 246229 - CVE-2007-3392 Wireshark crashes when inspecting MMS traffic 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/wireshark-0.99.6-1.el5.src.rpm f49fa8d0277d49cd8eaca3cab3d72990 wireshark-0.99.6-1.el5.src.rpm i386: 47debd82ab5bc864a3cdd9dd64484282 wireshark-0.99.6-1.el5.i386.rpm 48c58d3ef97e8cf0f77a9301853c2987 wireshark-debuginfo-0.99.6-1.el5.i386.rpm x86_64: a28ed04bd22158d7cf68bc71589b82c4 wireshark-0.99.6-1.el5.x86_64.rpm 7141bfcf3751bed8454c1b9f3204d8cd wireshark-debuginfo-0.99.6-1.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/wireshark-0.99.6-1.el5.src.rpm f49fa8d0277d49cd8eaca3cab3d72990 wireshark-0.99.6-1.el5.src.rpm i386: 48c58d3ef97e8cf0f77a9301853c2987 wireshark-debuginfo-0.99.6-1.el5.i386.rpm b9b63d2c30c0100d5f573ebc81bd4023 wireshark-gnome-0.99.6-1.el5.i386.rpm x86_64: 7141bfcf3751bed8454c1b9f3204d8cd wireshark-debuginfo-0.99.6-1.el5.x86_64.rpm 8fc46b79d4d74c5434b5a673c38d80d0 wireshark-gnome-0.99.6-1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/wireshark-0.99.6-1.el5.src.rpm f49fa8d0277d49cd8eaca3cab3d72990 wireshark-0.99.6-1.el5.src.rpm i386: 47debd82ab5bc864a3cdd9dd64484282 wireshark-0.99.6-1.el5.i386.rpm 48c58d3ef97e8cf0f77a9301853c2987 wireshark-debuginfo-0.99.6-1.el5.i386.rpm b9b63d2c30c0100d5f573ebc81bd4023 wireshark-gnome-0.99.6-1.el5.i386.rpm ia64: 9803781c960202e93b07c15edfac733c wireshark-0.99.6-1.el5.ia64.rpm 8e77dc603a06d63b8e53c813d61e607b wireshark-debuginfo-0.99.6-1.el5.ia64.rpm 3711e4d1653c0aac43ee7b08f5149304 wireshark-gnome-0.99.6-1.el5.ia64.rpm ppc: 598a710138caa4c174306ba4930201d4 wireshark-0.99.6-1.el5.ppc.rpm b636439b3c01926fd707162d5c902084 wireshark-debuginfo-0.99.6-1.el5.ppc.rpm 7560565717c181cf210eab9438ae5f29 wireshark-gnome-0.99.6-1.el5.ppc.rpm s390x: 25ac5e44a7a5dcd87c77292999b2501c wireshark-0.99.6-1.el5.s390x.rpm aae09261c552e0c87883df3c155ce2f8 wireshark-debuginfo-0.99.6-1.el5.s390x.rpm 2238fbab472c7f05b7b3ac801f8652dc wireshark-gnome-0.99.6-1.el5.s390x.rpm x86_64: a28ed04bd22158d7cf68bc71589b82c4 wireshark-0.99.6-1.el5.x86_64.rpm 7141bfcf3751bed8454c1b9f3204d8cd wireshark-debuginfo-0.99.6-1.el5.x86_64.rpm 8fc46b79d4d74c5434b5a673c38d80d0 wireshark-gnome-0.99.6-1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3393 http://www.wireshark.org/docs/relnotes/wireshark-0.99.6.html http://www.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHMeddXlSAg2UNWIIRApCRAJ0T5tzQkF53VoziLRZxIaZ3cIAXlwCgpP00 hI0+23jOUk5MK2Sa3wQ8uoM= =73ne - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRzJcmSh9+71yA2DNAQKAhAP/chH3IaY/B7VcvCivhTa6nExFUpZhJ3eL QQ33R+niMmTUumYg1fWFpsbc22ftmRATT+UzPuw/3kCKUcURGTAaMdYrC/B3UiBD FAa+21oZmGvItiwcwNbtwH/uJt3LAVzhiH3Jfk8n3vzPyuxhkdiK2/iHipBSn49x 5eR+aAuRujc= =6+sT -----END PGP SIGNATURE-----