RHSA-2010:0360 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: wireshark security update

Type/Severity

Security Advisory: Moderate

Topic

Updated wireshark packages that fix several security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.

An invalid pointer dereference flaw was found in the Wireshark SMB and SMB2
dissectors. If Wireshark read a malformed packet off a network or opened a
malicious dump file, it could crash or, possibly, execute arbitrary code as
the user running Wireshark. (CVE-2009-4377)

Several buffer overflow flaws were found in the Wireshark LWRES dissector.
If Wireshark read a malformed packet off a network or opened a malicious
dump file, it could crash or, possibly, execute arbitrary code as the user
running Wireshark. (CVE-2010-0304)

Several denial of service flaws were found in Wireshark. Wireshark could
crash or stop responding if it read a malformed packet off a network, or
opened a malicious dump file. (CVE-2009-2560, CVE-2009-2562, CVE-2009-2563,
CVE-2009-3550, CVE-2009-3829)

Users of Wireshark should upgrade to these updated packages, which contain
Wireshark version 1.0.11, and resolve these issues. All running instances
of Wireshark must be restarted for the update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux Server - Extended Update Support 4.8 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 4.8 ia64
Red Hat Enterprise Linux Server - Extended Update Support 4.8 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 512987 - CVE-2009-2562 Wireshark: Integer overflow in the AFS dissector
BZ - 512992 - CVE-2009-2563 Wireshark: Null-ptr dereference in the InfiniBand dissector
BZ - 513008 - CVE-2009-2560 Wireshark: various flaws in a) RADIUS, b) Bluetooth L2CAP, c) MIOP dissectors (DoS)
BZ - 531260 - CVE-2009-3550 Wireshark: NULL pointer dereference in the DCERPC over SMB packet disassembly
BZ - 532479 - CVE-2009-3829 wireshark: unsigned integer wrap vulnerability in ERF reader (VU#676492)
BZ - 549578 - CVE-2009-4377 wireshark: invalid pointer dereference in SMB/SMB2 dissectors
BZ - 559793 - CVE-2010-0304 wireshark: crash in LWRES dissector

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
wireshark-1.0.11-1.el5_5.5.src.rpm	SHA-256: 625580a27af83237225c53dc9ce1e2d6d2f0d70fd0ebb137fddc4e65e2207c50
x86_64
wireshark-1.0.11-1.el5_5.5.x86_64.rpm	SHA-256: d7ada8f0813258497fe664a75474b6559df1323c4acc32ec78d213dc4b9cfe80
wireshark-gnome-1.0.11-1.el5_5.5.x86_64.rpm	SHA-256: 1dd69a0407116c58b69cc6ca88afd9c5bcfb21f88a2231b3223998b640d587d3
ia64
wireshark-1.0.11-1.el5_5.5.ia64.rpm	SHA-256: 10a9df38d76f412b041d178973fa989cf68503960fde174e32c6b1d732b10b1b
wireshark-gnome-1.0.11-1.el5_5.5.ia64.rpm	SHA-256: 4b66ffa43daf5d5550d7f77df27f0f0e93fe19c9bf9e0671832fa694d61a7def
i386
wireshark-1.0.11-1.el5_5.5.i386.rpm	SHA-256: 7461c6487e7b6f12894db308171a6a53dc33ae6e051c7e9d175f03f529e570e4
wireshark-gnome-1.0.11-1.el5_5.5.i386.rpm	SHA-256: 0d9c8eefa1bf219946cd9cadea8a9c3fbf4e2bf8f404a28c523ed6228e220ecb

Red Hat Enterprise Linux Server 4

SRPM
wireshark-1.0.11-1.el4_8.5.src.rpm	SHA-256: 6903bf1e7985c5d689a281ae547a9270a218c0db5e51a139697fc75e841a7f9e
x86_64
wireshark-1.0.11-1.el4_8.5.x86_64.rpm	SHA-256: a92f777ee9ba742babc68ea4f9f48391a863921b2042fe4d4a82c2c7d42bef5a
wireshark-1.0.11-1.el4_8.5.x86_64.rpm	SHA-256: a92f777ee9ba742babc68ea4f9f48391a863921b2042fe4d4a82c2c7d42bef5a
wireshark-gnome-1.0.11-1.el4_8.5.x86_64.rpm	SHA-256: 1f19ce1c5f0fa14b15d828a6a9af627170bdc60757682bc5885a66b8f824b2db
wireshark-gnome-1.0.11-1.el4_8.5.x86_64.rpm	SHA-256: 1f19ce1c5f0fa14b15d828a6a9af627170bdc60757682bc5885a66b8f824b2db
ia64
wireshark-1.0.11-1.el4_8.5.ia64.rpm	SHA-256: b502341e060f3ff3f3c0c9a01e7548ef06793e39d154c604a7c3f7bd394e0621
wireshark-1.0.11-1.el4_8.5.ia64.rpm	SHA-256: b502341e060f3ff3f3c0c9a01e7548ef06793e39d154c604a7c3f7bd394e0621
wireshark-gnome-1.0.11-1.el4_8.5.ia64.rpm	SHA-256: a4bdd20d30705f382a817e9574dbb40420fa156700167492f78d8b0e2489e26f
wireshark-gnome-1.0.11-1.el4_8.5.ia64.rpm	SHA-256: a4bdd20d30705f382a817e9574dbb40420fa156700167492f78d8b0e2489e26f
i386
wireshark-1.0.11-1.el4_8.5.i386.rpm	SHA-256: 815addb3c3b875ee47ee1455b861b263052d630cd6628c988d949f75a916e3f9
wireshark-1.0.11-1.el4_8.5.i386.rpm	SHA-256: 815addb3c3b875ee47ee1455b861b263052d630cd6628c988d949f75a916e3f9
wireshark-gnome-1.0.11-1.el4_8.5.i386.rpm	SHA-256: 6da5353b0c1e3a3254f5a73909079d46453ba681177953d4549c9227b9aafd5d
wireshark-gnome-1.0.11-1.el4_8.5.i386.rpm	SHA-256: 6da5353b0c1e3a3254f5a73909079d46453ba681177953d4549c9227b9aafd5d

Red Hat Enterprise Linux Server - Extended Update Support 4.8

SRPM
wireshark-1.0.11-1.el4_8.5.src.rpm	SHA-256: 6903bf1e7985c5d689a281ae547a9270a218c0db5e51a139697fc75e841a7f9e
x86_64
wireshark-1.0.11-1.el4_8.5.x86_64.rpm	SHA-256: a92f777ee9ba742babc68ea4f9f48391a863921b2042fe4d4a82c2c7d42bef5a
wireshark-1.0.11-1.el4_8.5.x86_64.rpm	SHA-256: a92f777ee9ba742babc68ea4f9f48391a863921b2042fe4d4a82c2c7d42bef5a
wireshark-gnome-1.0.11-1.el4_8.5.x86_64.rpm	SHA-256: 1f19ce1c5f0fa14b15d828a6a9af627170bdc60757682bc5885a66b8f824b2db
wireshark-gnome-1.0.11-1.el4_8.5.x86_64.rpm	SHA-256: 1f19ce1c5f0fa14b15d828a6a9af627170bdc60757682bc5885a66b8f824b2db
ia64
wireshark-1.0.11-1.el4_8.5.ia64.rpm	SHA-256: b502341e060f3ff3f3c0c9a01e7548ef06793e39d154c604a7c3f7bd394e0621
wireshark-1.0.11-1.el4_8.5.ia64.rpm	SHA-256: b502341e060f3ff3f3c0c9a01e7548ef06793e39d154c604a7c3f7bd394e0621
wireshark-gnome-1.0.11-1.el4_8.5.ia64.rpm	SHA-256: a4bdd20d30705f382a817e9574dbb40420fa156700167492f78d8b0e2489e26f
wireshark-gnome-1.0.11-1.el4_8.5.ia64.rpm	SHA-256: a4bdd20d30705f382a817e9574dbb40420fa156700167492f78d8b0e2489e26f
i386
wireshark-1.0.11-1.el4_8.5.i386.rpm	SHA-256: 815addb3c3b875ee47ee1455b861b263052d630cd6628c988d949f75a916e3f9
wireshark-1.0.11-1.el4_8.5.i386.rpm	SHA-256: 815addb3c3b875ee47ee1455b861b263052d630cd6628c988d949f75a916e3f9
wireshark-gnome-1.0.11-1.el4_8.5.i386.rpm	SHA-256: 6da5353b0c1e3a3254f5a73909079d46453ba681177953d4549c9227b9aafd5d
wireshark-gnome-1.0.11-1.el4_8.5.i386.rpm	SHA-256: 6da5353b0c1e3a3254f5a73909079d46453ba681177953d4549c9227b9aafd5d

Red Hat Enterprise Linux Workstation 5

SRPM
wireshark-1.0.11-1.el5_5.5.src.rpm	SHA-256: 625580a27af83237225c53dc9ce1e2d6d2f0d70fd0ebb137fddc4e65e2207c50
x86_64
wireshark-1.0.11-1.el5_5.5.x86_64.rpm	SHA-256: d7ada8f0813258497fe664a75474b6559df1323c4acc32ec78d213dc4b9cfe80
wireshark-gnome-1.0.11-1.el5_5.5.x86_64.rpm	SHA-256: 1dd69a0407116c58b69cc6ca88afd9c5bcfb21f88a2231b3223998b640d587d3
i386
wireshark-1.0.11-1.el5_5.5.i386.rpm	SHA-256: 7461c6487e7b6f12894db308171a6a53dc33ae6e051c7e9d175f03f529e570e4
wireshark-gnome-1.0.11-1.el5_5.5.i386.rpm	SHA-256: 0d9c8eefa1bf219946cd9cadea8a9c3fbf4e2bf8f404a28c523ed6228e220ecb

Red Hat Enterprise Linux Workstation 4

SRPM
wireshark-1.0.11-1.el4_8.5.src.rpm	SHA-256: 6903bf1e7985c5d689a281ae547a9270a218c0db5e51a139697fc75e841a7f9e
x86_64
wireshark-1.0.11-1.el4_8.5.x86_64.rpm	SHA-256: a92f777ee9ba742babc68ea4f9f48391a863921b2042fe4d4a82c2c7d42bef5a
wireshark-gnome-1.0.11-1.el4_8.5.x86_64.rpm	SHA-256: 1f19ce1c5f0fa14b15d828a6a9af627170bdc60757682bc5885a66b8f824b2db
ia64
wireshark-1.0.11-1.el4_8.5.ia64.rpm	SHA-256: b502341e060f3ff3f3c0c9a01e7548ef06793e39d154c604a7c3f7bd394e0621
wireshark-gnome-1.0.11-1.el4_8.5.ia64.rpm	SHA-256: a4bdd20d30705f382a817e9574dbb40420fa156700167492f78d8b0e2489e26f
i386
wireshark-1.0.11-1.el4_8.5.i386.rpm	SHA-256: 815addb3c3b875ee47ee1455b861b263052d630cd6628c988d949f75a916e3f9
wireshark-gnome-1.0.11-1.el4_8.5.i386.rpm	SHA-256: 6da5353b0c1e3a3254f5a73909079d46453ba681177953d4549c9227b9aafd5d

Red Hat Enterprise Linux Desktop 5

SRPM
wireshark-1.0.11-1.el5_5.5.src.rpm	SHA-256: 625580a27af83237225c53dc9ce1e2d6d2f0d70fd0ebb137fddc4e65e2207c50
x86_64
wireshark-1.0.11-1.el5_5.5.x86_64.rpm	SHA-256: d7ada8f0813258497fe664a75474b6559df1323c4acc32ec78d213dc4b9cfe80
i386
wireshark-1.0.11-1.el5_5.5.i386.rpm	SHA-256: 7461c6487e7b6f12894db308171a6a53dc33ae6e051c7e9d175f03f529e570e4

Red Hat Enterprise Linux Desktop 4

SRPM
wireshark-1.0.11-1.el4_8.5.src.rpm	SHA-256: 6903bf1e7985c5d689a281ae547a9270a218c0db5e51a139697fc75e841a7f9e
x86_64
wireshark-1.0.11-1.el4_8.5.x86_64.rpm	SHA-256: a92f777ee9ba742babc68ea4f9f48391a863921b2042fe4d4a82c2c7d42bef5a
wireshark-gnome-1.0.11-1.el4_8.5.x86_64.rpm	SHA-256: 1f19ce1c5f0fa14b15d828a6a9af627170bdc60757682bc5885a66b8f824b2db
i386
wireshark-1.0.11-1.el4_8.5.i386.rpm	SHA-256: 815addb3c3b875ee47ee1455b861b263052d630cd6628c988d949f75a916e3f9
wireshark-gnome-1.0.11-1.el4_8.5.i386.rpm	SHA-256: 6da5353b0c1e3a3254f5a73909079d46453ba681177953d4549c9227b9aafd5d

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
wireshark-1.0.11-1.el5_5.5.src.rpm	SHA-256: 625580a27af83237225c53dc9ce1e2d6d2f0d70fd0ebb137fddc4e65e2207c50
s390x
wireshark-1.0.11-1.el5_5.5.s390x.rpm	SHA-256: 7bf61c7f34bd32d8111edb69910bbeb260b60e78be6b86ae30e1eafe6906657e
wireshark-gnome-1.0.11-1.el5_5.5.s390x.rpm	SHA-256: 55e00ef2c853caaa0061d971c8979b4b1c405b8257a0a45ba3bcefd12b4feed7

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
wireshark-1.0.11-1.el4_8.5.src.rpm	SHA-256: 6903bf1e7985c5d689a281ae547a9270a218c0db5e51a139697fc75e841a7f9e
s390x
wireshark-1.0.11-1.el4_8.5.s390x.rpm	SHA-256: 0fb9fc9a8d3545cb9e77e0697af5274737056cab0f2b3f13cad635416c30ea8d
wireshark-gnome-1.0.11-1.el4_8.5.s390x.rpm	SHA-256: 433b3e6492ac35793e2c7f025cf6ab19fd0731358fb7f756ab560954e134e73d
s390
wireshark-1.0.11-1.el4_8.5.s390.rpm	SHA-256: 154fa888f9579613c2611316a1d51eb4fd914307af18ff73b69a09135a42ec27
wireshark-gnome-1.0.11-1.el4_8.5.s390.rpm	SHA-256: 00590d1e8ed07591fff4cae1c6bb3dcdd4e6827153b9eaae40867326ab8f74c7

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8

SRPM
wireshark-1.0.11-1.el4_8.5.src.rpm	SHA-256: 6903bf1e7985c5d689a281ae547a9270a218c0db5e51a139697fc75e841a7f9e
s390x
wireshark-1.0.11-1.el4_8.5.s390x.rpm	SHA-256: 0fb9fc9a8d3545cb9e77e0697af5274737056cab0f2b3f13cad635416c30ea8d
wireshark-gnome-1.0.11-1.el4_8.5.s390x.rpm	SHA-256: 433b3e6492ac35793e2c7f025cf6ab19fd0731358fb7f756ab560954e134e73d
s390
wireshark-1.0.11-1.el4_8.5.s390.rpm	SHA-256: 154fa888f9579613c2611316a1d51eb4fd914307af18ff73b69a09135a42ec27
wireshark-gnome-1.0.11-1.el4_8.5.s390.rpm	SHA-256: 00590d1e8ed07591fff4cae1c6bb3dcdd4e6827153b9eaae40867326ab8f74c7

Red Hat Enterprise Linux for Power, big endian 5

SRPM
wireshark-1.0.11-1.el5_5.5.src.rpm	SHA-256: 625580a27af83237225c53dc9ce1e2d6d2f0d70fd0ebb137fddc4e65e2207c50
ppc
wireshark-1.0.11-1.el5_5.5.ppc.rpm	SHA-256: fea4291a7f917e3a51e2c981d21d2b71d42f648f8c485e25451bd3c6091c0640
wireshark-gnome-1.0.11-1.el5_5.5.ppc.rpm	SHA-256: 6c9a6f481065b739598100843a43de3649c131219653ae95982a4d5e518d6cf4

Red Hat Enterprise Linux for Power, big endian 4

SRPM
wireshark-1.0.11-1.el4_8.5.src.rpm	SHA-256: 6903bf1e7985c5d689a281ae547a9270a218c0db5e51a139697fc75e841a7f9e
ppc
wireshark-1.0.11-1.el4_8.5.ppc.rpm	SHA-256: c5f7f2b4b67ef45d88fb776d65fec487e45b06c46ef7a8b8de5555924e1e8379
wireshark-gnome-1.0.11-1.el4_8.5.ppc.rpm	SHA-256: 5e844d812cffffef6e69a5bf354e7864fc03d60accb413c284fa3c72f39c48cc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8

SRPM
wireshark-1.0.11-1.el4_8.5.src.rpm	SHA-256: 6903bf1e7985c5d689a281ae547a9270a218c0db5e51a139697fc75e841a7f9e
ppc
wireshark-1.0.11-1.el4_8.5.ppc.rpm	SHA-256: c5f7f2b4b67ef45d88fb776d65fec487e45b06c46ef7a8b8de5555924e1e8379
wireshark-gnome-1.0.11-1.el4_8.5.ppc.rpm	SHA-256: 5e844d812cffffef6e69a5bf354e7864fc03d60accb413c284fa3c72f39c48cc

Red Hat Enterprise Linux Server from RHUI 5

SRPM
wireshark-1.0.11-1.el5_5.5.src.rpm	SHA-256: 625580a27af83237225c53dc9ce1e2d6d2f0d70fd0ebb137fddc4e65e2207c50
x86_64
wireshark-1.0.11-1.el5_5.5.x86_64.rpm	SHA-256: d7ada8f0813258497fe664a75474b6559df1323c4acc32ec78d213dc4b9cfe80
wireshark-gnome-1.0.11-1.el5_5.5.x86_64.rpm	SHA-256: 1dd69a0407116c58b69cc6ca88afd9c5bcfb21f88a2231b3223998b640d587d3
i386
wireshark-1.0.11-1.el5_5.5.i386.rpm	SHA-256: 7461c6487e7b6f12894db308171a6a53dc33ae6e051c7e9d175f03f529e570e4
wireshark-gnome-1.0.11-1.el5_5.5.i386.rpm	SHA-256: 0d9c8eefa1bf219946cd9cadea8a9c3fbf4e2bf8f404a28c523ed6228e220ecb

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.