Security Advisory Moderate: wireshark security update

Advisory: RHSA-2009:0313-1
Type: Security Advisory
Severity: Moderate
Issued on: 2009-03-04
Last updated on: 2009-03-04
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.7.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.7.z)
Red Hat Enterprise Linux EUS (v. 5.3.z server)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20090313.xml
CVEs (cve.mitre.org): CVE-2008-4680
CVE-2008-4681
CVE-2008-4682
CVE-2008-4683
CVE-2008-4684
CVE-2008-4685
CVE-2008-5285
CVE-2008-6472
CVE-2009-0599
CVE-2009-0600

Details

Updated wireshark packages that fix several security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.

Multiple buffer overflow flaws were found in Wireshark. If Wireshark read
a malformed packet off a network or opened a malformed dump file, it could
crash or, possibly, execute arbitrary code as the user running Wireshark.
(CVE-2008-4683, CVE-2009-0599)

Several denial of service flaws were found in Wireshark. Wireshark could
crash or stop responding if it read a malformed packet off a network, or
opened a malformed dump file. (CVE-2008-4680, CVE-2008-4681, CVE-2008-4682,
CVE-2008-4684, CVE-2008-4685, CVE-2008-5285, CVE-2009-0600)

Users of wireshark should upgrade to these updated packages, which contain
Wireshark version 1.0.6, and resolve these issues. All running instances of
Wireshark must be restarted for the update to take effect.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
wireshark-1.0.6-2.el5_3.src.rpm
File outdated by:  RHSA-2009:1100		     fd5477424dfcbbbbaab978025006aa48
 
IA-32:
wireshark-gnome-1.0.6-2.el5_3.i386.rpm
File outdated by:  RHSA-2009:1100		     2e2aa062f28e73caa009f22541014323
 
x86_64:
wireshark-gnome-1.0.6-2.el5_3.x86_64.rpm
File outdated by:  RHSA-2009:1100		     e32b111c9068c8f7d437f59b6cda8eb3
 
Red Hat Desktop (v. 3)
SRPMS:
wireshark-1.0.6-EL3.3.src.rpm
File outdated by:  RHSA-2009:1100		     ead942925f4ff98d99db22122f5da0d0
 
IA-32:
wireshark-1.0.6-EL3.3.i386.rpm
File outdated by:  RHSA-2009:1100		     453d30a52cc40596028a99570f158a26
wireshark-gnome-1.0.6-EL3.3.i386.rpm
File outdated by:  RHSA-2009:1100		     7669c137873d4b91b80dbbd52e08c233
 
x86_64:
wireshark-1.0.6-EL3.3.x86_64.rpm
File outdated by:  RHSA-2009:1100		     271108c932293c85de8924c6d734318c
wireshark-gnome-1.0.6-EL3.3.x86_64.rpm
File outdated by:  RHSA-2009:1100		     f5895a3d7c06fbc90d3cc9c20f9b8948
 
Red Hat Desktop (v. 4)
SRPMS:
wireshark-1.0.6-2.el4_7.src.rpm
File outdated by:  RHSA-2009:1100		     6c953f136b4e921fdf0657582778d2fc
 
IA-32:
wireshark-1.0.6-2.el4_7.i386.rpm
File outdated by:  RHSA-2009:1100		     fc8d002656882f3d8cd687ba2b4e19ce
wireshark-gnome-1.0.6-2.el4_7.i386.rpm
File outdated by:  RHSA-2009:1100		     05589c036f9c400f700c7526e44f9cba
 
x86_64:
wireshark-1.0.6-2.el4_7.x86_64.rpm
File outdated by:  RHSA-2009:1100		     fabbca06d35d3646d73117c184c43b5d
wireshark-gnome-1.0.6-2.el4_7.x86_64.rpm
File outdated by:  RHSA-2009:1100		     9892f84231d60ca30fd894507066fa3f
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
wireshark-1.0.6-2.el5_3.src.rpm
File outdated by:  RHSA-2009:1100		     fd5477424dfcbbbbaab978025006aa48
 
IA-32:
wireshark-1.0.6-2.el5_3.i386.rpm
File outdated by:  RHSA-2009:1100		     44814228eea51a1886c3f2474815007a
wireshark-gnome-1.0.6-2.el5_3.i386.rpm
File outdated by:  RHSA-2009:1100		     2e2aa062f28e73caa009f22541014323
 
IA-64:
wireshark-1.0.6-2.el5_3.ia64.rpm
File outdated by:  RHSA-2009:1100		     f14aef7ed9ffb90fe050ef3ef47599e9
wireshark-gnome-1.0.6-2.el5_3.ia64.rpm
File outdated by:  RHSA-2009:1100		     5a7c5c5459e6fe55e77ce7c2362fd650
 
PPC:
wireshark-1.0.6-2.el5_3.ppc.rpm
File outdated by:  RHSA-2009:1100		     3c1d8b8ec172f9a434e3bd3298d453a9
wireshark-gnome-1.0.6-2.el5_3.ppc.rpm
File outdated by:  RHSA-2009:1100		     9dd0e666c828b44faacf7b1f45198899
 
s390x:
wireshark-1.0.6-2.el5_3.s390x.rpm
File outdated by:  RHSA-2009:1100		     6194ba673401207d87be67b7eb08d54a
wireshark-gnome-1.0.6-2.el5_3.s390x.rpm
File outdated by:  RHSA-2009:1100		     f8bf244939c836a18b8831e830aa5564
 
x86_64:
wireshark-1.0.6-2.el5_3.x86_64.rpm
File outdated by:  RHSA-2009:1100		     8c5d0ddfa0e36379f59f21f5a79d4acd
wireshark-gnome-1.0.6-2.el5_3.x86_64.rpm
File outdated by:  RHSA-2009:1100		     e32b111c9068c8f7d437f59b6cda8eb3
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
wireshark-1.0.6-EL3.3.src.rpm
File outdated by:  RHSA-2009:1100		     ead942925f4ff98d99db22122f5da0d0
 
IA-32:
wireshark-1.0.6-EL3.3.i386.rpm
File outdated by:  RHSA-2009:1100		     453d30a52cc40596028a99570f158a26
wireshark-gnome-1.0.6-EL3.3.i386.rpm
File outdated by:  RHSA-2009:1100		     7669c137873d4b91b80dbbd52e08c233
 
IA-64:
wireshark-1.0.6-EL3.3.ia64.rpm
File outdated by:  RHSA-2009:1100		     d5270b613cdf6b27aa28873e98b0dff5
wireshark-gnome-1.0.6-EL3.3.ia64.rpm
File outdated by:  RHSA-2009:1100		     6663ba8def01c3cc4a5be4511d502d4d
 
PPC:
wireshark-1.0.6-EL3.3.ppc.rpm
File outdated by:  RHSA-2009:1100		     127539d7fd6bb1d25ab9f500ffa89774
wireshark-gnome-1.0.6-EL3.3.ppc.rpm
File outdated by:  RHSA-2009:1100		     28715172dc2b95b4743091724f44e286
 
s390:
wireshark-1.0.6-EL3.3.s390.rpm
File outdated by:  RHSA-2009:1100		     dea37c747f0da7204c48f42a3b01ad07
wireshark-gnome-1.0.6-EL3.3.s390.rpm
File outdated by:  RHSA-2009:1100		     22bba8224caf29e8d93b9c1d6852971c
 
s390x:
wireshark-1.0.6-EL3.3.s390x.rpm
File outdated by:  RHSA-2009:1100		     1b1bdbfeeb8a9ea5e658f57432ce6361
wireshark-gnome-1.0.6-EL3.3.s390x.rpm
File outdated by:  RHSA-2009:1100		     50fd04090063d7d9c4396d9f9dece599
 
x86_64:
wireshark-1.0.6-EL3.3.x86_64.rpm
File outdated by:  RHSA-2009:1100		     271108c932293c85de8924c6d734318c
wireshark-gnome-1.0.6-EL3.3.x86_64.rpm
File outdated by:  RHSA-2009:1100		     f5895a3d7c06fbc90d3cc9c20f9b8948
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
wireshark-1.0.6-2.el4_7.src.rpm
File outdated by:  RHSA-2009:1100		     6c953f136b4e921fdf0657582778d2fc
 
IA-32:
wireshark-1.0.6-2.el4_7.i386.rpm
File outdated by:  RHSA-2009:1100		     fc8d002656882f3d8cd687ba2b4e19ce
wireshark-gnome-1.0.6-2.el4_7.i386.rpm
File outdated by:  RHSA-2009:1100		     05589c036f9c400f700c7526e44f9cba
 
IA-64:
wireshark-1.0.6-2.el4_7.ia64.rpm
File outdated by:  RHSA-2009:1100		     20c10ea4f2c08cc8d0c3c50b37e58ede
wireshark-gnome-1.0.6-2.el4_7.ia64.rpm
File outdated by:  RHSA-2009:1100		     bb294e921c8654bcec0da059490dbf33
 
PPC:
wireshark-1.0.6-2.el4_7.ppc.rpm
File outdated by:  RHSA-2009:1100		     86f2301c8b582604907ca9c9f397ef4a
wireshark-gnome-1.0.6-2.el4_7.ppc.rpm
File outdated by:  RHSA-2009:1100		     3bde0fee6bb883478fc183541248fc3e
 
s390:
wireshark-1.0.6-2.el4_7.s390.rpm
File outdated by:  RHSA-2009:1100		     eae313f4277ba73ecdb4635981cc6a53
wireshark-gnome-1.0.6-2.el4_7.s390.rpm
File outdated by:  RHSA-2009:1100		     f535e8230a8513c59a9c71a4d485e204
 
s390x:
wireshark-1.0.6-2.el4_7.s390x.rpm
File outdated by:  RHSA-2009:1100		     2296ff9d644d45c17592bb0eb3153a22
wireshark-gnome-1.0.6-2.el4_7.s390x.rpm
File outdated by:  RHSA-2009:1100		     86113cefbe1ac3e672026635caad1778
 
x86_64:
wireshark-1.0.6-2.el4_7.x86_64.rpm
File outdated by:  RHSA-2009:1100		     fabbca06d35d3646d73117c184c43b5d
wireshark-gnome-1.0.6-2.el4_7.x86_64.rpm
File outdated by:  RHSA-2009:1100		     9892f84231d60ca30fd894507066fa3f
 
Red Hat Enterprise Linux AS (v. 4.7.z)
SRPMS:
wireshark-1.0.6-2.el4_7.src.rpm
File outdated by:  RHSA-2009:1100		     6c953f136b4e921fdf0657582778d2fc
 
IA-32:
wireshark-1.0.6-2.el4_7.i386.rpm     fc8d002656882f3d8cd687ba2b4e19ce
wireshark-gnome-1.0.6-2.el4_7.i386.rpm     05589c036f9c400f700c7526e44f9cba
 
IA-64:
wireshark-1.0.6-2.el4_7.ia64.rpm     20c10ea4f2c08cc8d0c3c50b37e58ede
wireshark-gnome-1.0.6-2.el4_7.ia64.rpm     bb294e921c8654bcec0da059490dbf33
 
PPC:
wireshark-1.0.6-2.el4_7.ppc.rpm     86f2301c8b582604907ca9c9f397ef4a
wireshark-gnome-1.0.6-2.el4_7.ppc.rpm     3bde0fee6bb883478fc183541248fc3e
 
s390:
wireshark-1.0.6-2.el4_7.s390.rpm     eae313f4277ba73ecdb4635981cc6a53
wireshark-gnome-1.0.6-2.el4_7.s390.rpm     f535e8230a8513c59a9c71a4d485e204
 
s390x:
wireshark-1.0.6-2.el4_7.s390x.rpm     2296ff9d644d45c17592bb0eb3153a22
wireshark-gnome-1.0.6-2.el4_7.s390x.rpm     86113cefbe1ac3e672026635caad1778
 
x86_64:
wireshark-1.0.6-2.el4_7.x86_64.rpm     fabbca06d35d3646d73117c184c43b5d
wireshark-gnome-1.0.6-2.el4_7.x86_64.rpm     9892f84231d60ca30fd894507066fa3f
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
wireshark-1.0.6-2.el5_3.src.rpm
File outdated by:  RHSA-2009:1100		     fd5477424dfcbbbbaab978025006aa48
 
IA-32:
wireshark-1.0.6-2.el5_3.i386.rpm
File outdated by:  RHSA-2009:1100		     44814228eea51a1886c3f2474815007a
 
x86_64:
wireshark-1.0.6-2.el5_3.x86_64.rpm
File outdated by:  RHSA-2009:1100		     8c5d0ddfa0e36379f59f21f5a79d4acd
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
wireshark-1.0.6-EL3.3.src.rpm
File outdated by:  RHSA-2009:1100		     ead942925f4ff98d99db22122f5da0d0
 
IA-32:
wireshark-1.0.6-EL3.3.i386.rpm
File outdated by:  RHSA-2009:1100		     453d30a52cc40596028a99570f158a26
wireshark-gnome-1.0.6-EL3.3.i386.rpm
File outdated by:  RHSA-2009:1100		     7669c137873d4b91b80dbbd52e08c233
 
IA-64:
wireshark-1.0.6-EL3.3.ia64.rpm
File outdated by:  RHSA-2009:1100		     d5270b613cdf6b27aa28873e98b0dff5
wireshark-gnome-1.0.6-EL3.3.ia64.rpm
File outdated by:  RHSA-2009:1100		     6663ba8def01c3cc4a5be4511d502d4d
 
x86_64:
wireshark-1.0.6-EL3.3.x86_64.rpm
File outdated by:  RHSA-2009:1100		     271108c932293c85de8924c6d734318c
wireshark-gnome-1.0.6-EL3.3.x86_64.rpm
File outdated by:  RHSA-2009:1100		     f5895a3d7c06fbc90d3cc9c20f9b8948
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
wireshark-1.0.6-2.el4_7.src.rpm
File outdated by:  RHSA-2009:1100		     6c953f136b4e921fdf0657582778d2fc
 
IA-32:
wireshark-1.0.6-2.el4_7.i386.rpm
File outdated by:  RHSA-2009:1100		     fc8d002656882f3d8cd687ba2b4e19ce
wireshark-gnome-1.0.6-2.el4_7.i386.rpm
File outdated by:  RHSA-2009:1100		     05589c036f9c400f700c7526e44f9cba
 
IA-64:
wireshark-1.0.6-2.el4_7.ia64.rpm
File outdated by:  RHSA-2009:1100		     20c10ea4f2c08cc8d0c3c50b37e58ede
wireshark-gnome-1.0.6-2.el4_7.ia64.rpm
File outdated by:  RHSA-2009:1100		     bb294e921c8654bcec0da059490dbf33
 
x86_64:
wireshark-1.0.6-2.el4_7.x86_64.rpm
File outdated by:  RHSA-2009:1100		     fabbca06d35d3646d73117c184c43b5d
wireshark-gnome-1.0.6-2.el4_7.x86_64.rpm
File outdated by:  RHSA-2009:1100		     9892f84231d60ca30fd894507066fa3f
 
Red Hat Enterprise Linux ES (v. 4.7.z)
SRPMS:
wireshark-1.0.6-2.el4_7.src.rpm
File outdated by:  RHSA-2009:1100		     6c953f136b4e921fdf0657582778d2fc
 
IA-32:
wireshark-1.0.6-2.el4_7.i386.rpm     fc8d002656882f3d8cd687ba2b4e19ce
wireshark-gnome-1.0.6-2.el4_7.i386.rpm     05589c036f9c400f700c7526e44f9cba
 
IA-64:
wireshark-1.0.6-2.el4_7.ia64.rpm     20c10ea4f2c08cc8d0c3c50b37e58ede
wireshark-gnome-1.0.6-2.el4_7.ia64.rpm     bb294e921c8654bcec0da059490dbf33
 
x86_64:
wireshark-1.0.6-2.el4_7.x86_64.rpm     fabbca06d35d3646d73117c184c43b5d
wireshark-gnome-1.0.6-2.el4_7.x86_64.rpm     9892f84231d60ca30fd894507066fa3f
 
Red Hat Enterprise Linux EUS (v. 5.3.z server)
SRPMS:
wireshark-1.0.6-2.el5_3.src.rpm
File outdated by:  RHSA-2009:1100		     fd5477424dfcbbbbaab978025006aa48
 
IA-32:
wireshark-1.0.6-2.el5_3.i386.rpm
File outdated by:  RHSA-2009:1100		     44814228eea51a1886c3f2474815007a
wireshark-gnome-1.0.6-2.el5_3.i386.rpm
File outdated by:  RHSA-2009:1100		     2e2aa062f28e73caa009f22541014323
 
IA-64:
wireshark-1.0.6-2.el5_3.ia64.rpm
File outdated by:  RHSA-2009:1100		     f14aef7ed9ffb90fe050ef3ef47599e9
wireshark-gnome-1.0.6-2.el5_3.ia64.rpm
File outdated by:  RHSA-2009:1100		     5a7c5c5459e6fe55e77ce7c2362fd650
 
PPC:
wireshark-1.0.6-2.el5_3.ppc.rpm
File outdated by:  RHSA-2009:1100		     3c1d8b8ec172f9a434e3bd3298d453a9
wireshark-gnome-1.0.6-2.el5_3.ppc.rpm
File outdated by:  RHSA-2009:1100		     9dd0e666c828b44faacf7b1f45198899
 
s390x:
wireshark-1.0.6-2.el5_3.s390x.rpm
File outdated by:  RHSA-2009:1100		     6194ba673401207d87be67b7eb08d54a
wireshark-gnome-1.0.6-2.el5_3.s390x.rpm
File outdated by:  RHSA-2009:1100		     f8bf244939c836a18b8831e830aa5564
 
x86_64:
wireshark-1.0.6-2.el5_3.x86_64.rpm
File outdated by:  RHSA-2009:1100		     8c5d0ddfa0e36379f59f21f5a79d4acd
wireshark-gnome-1.0.6-2.el5_3.x86_64.rpm
File outdated by:  RHSA-2009:1100		     e32b111c9068c8f7d437f59b6cda8eb3
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
wireshark-1.0.6-EL3.3.src.rpm
File outdated by:  RHSA-2009:1100		     ead942925f4ff98d99db22122f5da0d0
 
IA-32:
wireshark-1.0.6-EL3.3.i386.rpm
File outdated by:  RHSA-2009:1100		     453d30a52cc40596028a99570f158a26
wireshark-gnome-1.0.6-EL3.3.i386.rpm
File outdated by:  RHSA-2009:1100		     7669c137873d4b91b80dbbd52e08c233
 
IA-64:
wireshark-1.0.6-EL3.3.ia64.rpm
File outdated by:  RHSA-2009:1100		     d5270b613cdf6b27aa28873e98b0dff5
wireshark-gnome-1.0.6-EL3.3.ia64.rpm
File outdated by:  RHSA-2009:1100		     6663ba8def01c3cc4a5be4511d502d4d
 
x86_64:
wireshark-1.0.6-EL3.3.x86_64.rpm
File outdated by:  RHSA-2009:1100		     271108c932293c85de8924c6d734318c
wireshark-gnome-1.0.6-EL3.3.x86_64.rpm
File outdated by:  RHSA-2009:1100		     f5895a3d7c06fbc90d3cc9c20f9b8948
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
wireshark-1.0.6-2.el4_7.src.rpm
File outdated by:  RHSA-2009:1100		     6c953f136b4e921fdf0657582778d2fc
 
IA-32:
wireshark-1.0.6-2.el4_7.i386.rpm
File outdated by:  RHSA-2009:1100		     fc8d002656882f3d8cd687ba2b4e19ce
wireshark-gnome-1.0.6-2.el4_7.i386.rpm
File outdated by:  RHSA-2009:1100		     05589c036f9c400f700c7526e44f9cba
 
IA-64:
wireshark-1.0.6-2.el4_7.ia64.rpm
File outdated by:  RHSA-2009:1100		     20c10ea4f2c08cc8d0c3c50b37e58ede
wireshark-gnome-1.0.6-2.el4_7.ia64.rpm
File outdated by:  RHSA-2009:1100		     bb294e921c8654bcec0da059490dbf33
 
x86_64:
wireshark-1.0.6-2.el4_7.x86_64.rpm
File outdated by:  RHSA-2009:1100		     fabbca06d35d3646d73117c184c43b5d
wireshark-gnome-1.0.6-2.el4_7.x86_64.rpm
File outdated by:  RHSA-2009:1100		     9892f84231d60ca30fd894507066fa3f
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

468166 - CVE-2008-4680 wireshark: DoS (app crash or abort) via malformed USB Request Block (URB).
468167 - CVE-2008-4681 wireshark: DoS (app crash or abort) in Bluetooth RFCOMM dissector via unknown packets
468169 - CVE-2008-4682 wireshark: DoS (app abort) via a malformed .ncf file with an unknown/unexpected packet type
468171 - CVE-2008-4683 wireshark: DoS (app crash or abort) in Bluetooth ACL dissector via a packet with an invalid length
468174 - CVE-2008-4684 wireshark: DoS (app crash) via certain series of packets by enabling the (1) PRP or (2) MATE post dissector
468175 - CVE-2008-4685 wireshark: DoS (app crash or abort) in Q.931 dissector via certain packets
472737 - CVE-2008-5285 wireshark: DoS (infinite loop) in SMTP dissector via large SMTP request
485888 - CVE-2009-0599 wireshark: buffer overflows in NetScreen snoop file reader
485889 - CVE-2009-0600 wireshark: denial of service (application crash) via a crafted Tektronix K12 text capture file


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4681
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4683
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0600
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/