Security Advisory Moderate: wireshark security update

Advisory: RHSA-2009:1100-1
Type: Security Advisory
Severity: Moderate
Issued on: 2009-06-15
Last updated on: 2009-06-15
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.8.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.8.z)
Red Hat Enterprise Linux EUS (v. 5.3.z server)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20091100.xml
CVEs (cve.mitre.org): CVE-2009-1210
CVE-2009-1268
CVE-2009-1269
CVE-2009-1829

Details

Updated wireshark packages that fix several security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.

A format string flaw was found in Wireshark. If Wireshark read a malformed
packet off a network or opened a malicious dump file, it could crash or,
possibly, execute arbitrary code as the user running Wireshark. (CVE-2009-1210)

Several denial of service flaws were found in Wireshark. Wireshark could
crash or stop responding if it read a malformed packet off a network, or
opened a malicious dump file. (CVE-2009-1268, CVE-2009-1269, CVE-2009-1829)

Users of wireshark should upgrade to these updated packages, which contain
Wireshark version 1.0.8, and resolve these issues. All running instances of
Wireshark must be restarted for the update to take effect.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
wireshark-1.0.8-1.el5_3.1.src.rpm     e111c625c0f7368db8fd93e27c1efa3e
 
IA-32:
wireshark-gnome-1.0.8-1.el5_3.1.i386.rpm     a4a5cb0fc95f3380ff25e455a9d53229
 
x86_64:
wireshark-gnome-1.0.8-1.el5_3.1.x86_64.rpm     e5c280accbe9fb9379ea736512fede47
 
Red Hat Desktop (v. 3)
SRPMS:
wireshark-1.0.8-EL3.1.src.rpm     0facdf008bf25354ab295e9c3176f867
 
IA-32:
wireshark-1.0.8-EL3.1.i386.rpm     fe05378628f4aaf7356dab3c63692a09
wireshark-gnome-1.0.8-EL3.1.i386.rpm     c9e4a56b45f96af05c61eace747f3ea7
 
x86_64:
wireshark-1.0.8-EL3.1.x86_64.rpm     37c9251edc8b7f3e9060fd06d4e26616
wireshark-gnome-1.0.8-EL3.1.x86_64.rpm     6023406d5a8983cfcc8824952f068bf3
 
Red Hat Desktop (v. 4)
SRPMS:
wireshark-1.0.8-1.el4_8.1.src.rpm     01b239503351fb92a96cc72e70de4cdc
 
IA-32:
wireshark-1.0.8-1.el4_8.1.i386.rpm     f672fbe1eeb0f8707b6864c73b7f6f59
wireshark-gnome-1.0.8-1.el4_8.1.i386.rpm     f0f587586ae5e1d07e32c4d283b3101e
 
x86_64:
wireshark-1.0.8-1.el4_8.1.x86_64.rpm     5e2a2284a5346ed16f3b7a764a481a7b
wireshark-gnome-1.0.8-1.el4_8.1.x86_64.rpm     5134ac902f12aa799b2c9ba8525eb353
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
wireshark-1.0.8-1.el5_3.1.src.rpm     e111c625c0f7368db8fd93e27c1efa3e
 
IA-32:
wireshark-1.0.8-1.el5_3.1.i386.rpm     c142b4f3815bb4f258a213b0fbd54d51
wireshark-gnome-1.0.8-1.el5_3.1.i386.rpm     a4a5cb0fc95f3380ff25e455a9d53229
 
IA-64:
wireshark-1.0.8-1.el5_3.1.ia64.rpm     1616129ae38121e206811e356d3385ab
wireshark-gnome-1.0.8-1.el5_3.1.ia64.rpm     64ab633c74e912884646178b357f8aab
 
PPC:
wireshark-1.0.8-1.el5_3.1.ppc.rpm     bd3988fd978f7fe9fd873d1c5b17c60f
wireshark-gnome-1.0.8-1.el5_3.1.ppc.rpm     bffc5515dc95390463e76735b9c8dadc
 
s390x:
wireshark-1.0.8-1.el5_3.1.s390x.rpm     259edd1747776d371465104276f9f8bd
wireshark-gnome-1.0.8-1.el5_3.1.s390x.rpm     86e84c2c35c98b1a0feaaa1a66b8cbd7
 
x86_64:
wireshark-1.0.8-1.el5_3.1.x86_64.rpm     16cddcfedb6a53768dbaa1db10061def
wireshark-gnome-1.0.8-1.el5_3.1.x86_64.rpm     e5c280accbe9fb9379ea736512fede47
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
wireshark-1.0.8-EL3.1.src.rpm     0facdf008bf25354ab295e9c3176f867
 
IA-32:
wireshark-1.0.8-EL3.1.i386.rpm     fe05378628f4aaf7356dab3c63692a09
wireshark-gnome-1.0.8-EL3.1.i386.rpm     c9e4a56b45f96af05c61eace747f3ea7
 
IA-64:
wireshark-1.0.8-EL3.1.ia64.rpm     73121abe23d3c04b70ea536acdb50a74
wireshark-gnome-1.0.8-EL3.1.ia64.rpm     1fc446072174910f4c369b9569ec5662
 
PPC:
wireshark-1.0.8-EL3.1.ppc.rpm     1b6cecd31c9e12a09b657dd128750642
wireshark-gnome-1.0.8-EL3.1.ppc.rpm     b9dc1afe71de0e3b10df41ee182e29ad
 
s390:
wireshark-1.0.8-EL3.1.s390.rpm     e22410e4ae179ef163afb1124d05a533
wireshark-gnome-1.0.8-EL3.1.s390.rpm     027dccfbb56ac598ce36474f6b653a22
 
s390x:
wireshark-1.0.8-EL3.1.s390x.rpm     802855aa6238563da9bfdc10381f933d
wireshark-gnome-1.0.8-EL3.1.s390x.rpm     3c46737484970b91b24f03fd7fa8234b
 
x86_64:
wireshark-1.0.8-EL3.1.x86_64.rpm     37c9251edc8b7f3e9060fd06d4e26616
wireshark-gnome-1.0.8-EL3.1.x86_64.rpm     6023406d5a8983cfcc8824952f068bf3
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
wireshark-1.0.8-1.el4_8.1.src.rpm     01b239503351fb92a96cc72e70de4cdc
 
IA-32:
wireshark-1.0.8-1.el4_8.1.i386.rpm     f672fbe1eeb0f8707b6864c73b7f6f59
wireshark-gnome-1.0.8-1.el4_8.1.i386.rpm     f0f587586ae5e1d07e32c4d283b3101e
 
IA-64:
wireshark-1.0.8-1.el4_8.1.ia64.rpm     c105aff3c5e5caeb9ef94aa7acb3da4d
wireshark-gnome-1.0.8-1.el4_8.1.ia64.rpm     406d50c8534c61334819c32a56af51ee
 
PPC:
wireshark-1.0.8-1.el4_8.1.ppc.rpm     6db943284c045bae1cb6b28f04339daa
wireshark-gnome-1.0.8-1.el4_8.1.ppc.rpm     7554a0a235cefe8beb3f5e9fb455f838
 
s390:
wireshark-1.0.8-1.el4_8.1.s390.rpm     1fafefe32512bf91e5f34822a6e1092e
wireshark-gnome-1.0.8-1.el4_8.1.s390.rpm     5009b2bbd31474d897819b1c97d5c0cc
 
s390x:
wireshark-1.0.8-1.el4_8.1.s390x.rpm     140273ca1700f6def643ce1a9026acf7
wireshark-gnome-1.0.8-1.el4_8.1.s390x.rpm     6917f4727bfdd846d9de3cf8f5be0284
 
x86_64:
wireshark-1.0.8-1.el4_8.1.x86_64.rpm     5e2a2284a5346ed16f3b7a764a481a7b
wireshark-gnome-1.0.8-1.el4_8.1.x86_64.rpm     5134ac902f12aa799b2c9ba8525eb353
 
Red Hat Enterprise Linux AS (v. 4.8.z)
SRPMS:
wireshark-1.0.8-1.el4_8.1.src.rpm     01b239503351fb92a96cc72e70de4cdc
 
IA-32:
wireshark-1.0.8-1.el4_8.1.i386.rpm     f672fbe1eeb0f8707b6864c73b7f6f59
wireshark-gnome-1.0.8-1.el4_8.1.i386.rpm     f0f587586ae5e1d07e32c4d283b3101e
 
IA-64:
wireshark-1.0.8-1.el4_8.1.ia64.rpm     c105aff3c5e5caeb9ef94aa7acb3da4d
wireshark-gnome-1.0.8-1.el4_8.1.ia64.rpm     406d50c8534c61334819c32a56af51ee
 
PPC:
wireshark-1.0.8-1.el4_8.1.ppc.rpm     6db943284c045bae1cb6b28f04339daa
wireshark-gnome-1.0.8-1.el4_8.1.ppc.rpm     7554a0a235cefe8beb3f5e9fb455f838
 
s390:
wireshark-1.0.8-1.el4_8.1.s390.rpm     1fafefe32512bf91e5f34822a6e1092e
wireshark-gnome-1.0.8-1.el4_8.1.s390.rpm     5009b2bbd31474d897819b1c97d5c0cc
 
s390x:
wireshark-1.0.8-1.el4_8.1.s390x.rpm     140273ca1700f6def643ce1a9026acf7
wireshark-gnome-1.0.8-1.el4_8.1.s390x.rpm     6917f4727bfdd846d9de3cf8f5be0284
 
x86_64:
wireshark-1.0.8-1.el4_8.1.x86_64.rpm     5e2a2284a5346ed16f3b7a764a481a7b
wireshark-gnome-1.0.8-1.el4_8.1.x86_64.rpm     5134ac902f12aa799b2c9ba8525eb353
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
wireshark-1.0.8-1.el5_3.1.src.rpm     e111c625c0f7368db8fd93e27c1efa3e
 
IA-32:
wireshark-1.0.8-1.el5_3.1.i386.rpm     c142b4f3815bb4f258a213b0fbd54d51
 
x86_64:
wireshark-1.0.8-1.el5_3.1.x86_64.rpm     16cddcfedb6a53768dbaa1db10061def
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
wireshark-1.0.8-EL3.1.src.rpm     0facdf008bf25354ab295e9c3176f867
 
IA-32:
wireshark-1.0.8-EL3.1.i386.rpm     fe05378628f4aaf7356dab3c63692a09
wireshark-gnome-1.0.8-EL3.1.i386.rpm     c9e4a56b45f96af05c61eace747f3ea7
 
IA-64:
wireshark-1.0.8-EL3.1.ia64.rpm     73121abe23d3c04b70ea536acdb50a74
wireshark-gnome-1.0.8-EL3.1.ia64.rpm     1fc446072174910f4c369b9569ec5662
 
x86_64:
wireshark-1.0.8-EL3.1.x86_64.rpm     37c9251edc8b7f3e9060fd06d4e26616
wireshark-gnome-1.0.8-EL3.1.x86_64.rpm     6023406d5a8983cfcc8824952f068bf3
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
wireshark-1.0.8-1.el4_8.1.src.rpm     01b239503351fb92a96cc72e70de4cdc
 
IA-32:
wireshark-1.0.8-1.el4_8.1.i386.rpm     f672fbe1eeb0f8707b6864c73b7f6f59
wireshark-gnome-1.0.8-1.el4_8.1.i386.rpm     f0f587586ae5e1d07e32c4d283b3101e
 
IA-64:
wireshark-1.0.8-1.el4_8.1.ia64.rpm     c105aff3c5e5caeb9ef94aa7acb3da4d
wireshark-gnome-1.0.8-1.el4_8.1.ia64.rpm     406d50c8534c61334819c32a56af51ee
 
x86_64:
wireshark-1.0.8-1.el4_8.1.x86_64.rpm     5e2a2284a5346ed16f3b7a764a481a7b
wireshark-gnome-1.0.8-1.el4_8.1.x86_64.rpm     5134ac902f12aa799b2c9ba8525eb353
 
Red Hat Enterprise Linux ES (v. 4.8.z)
SRPMS:
wireshark-1.0.8-1.el4_8.1.src.rpm     01b239503351fb92a96cc72e70de4cdc
 
IA-32:
wireshark-1.0.8-1.el4_8.1.i386.rpm     f672fbe1eeb0f8707b6864c73b7f6f59
wireshark-gnome-1.0.8-1.el4_8.1.i386.rpm     f0f587586ae5e1d07e32c4d283b3101e
 
IA-64:
wireshark-1.0.8-1.el4_8.1.ia64.rpm     c105aff3c5e5caeb9ef94aa7acb3da4d
wireshark-gnome-1.0.8-1.el4_8.1.ia64.rpm     406d50c8534c61334819c32a56af51ee
 
x86_64:
wireshark-1.0.8-1.el4_8.1.x86_64.rpm     5e2a2284a5346ed16f3b7a764a481a7b
wireshark-gnome-1.0.8-1.el4_8.1.x86_64.rpm     5134ac902f12aa799b2c9ba8525eb353
 
Red Hat Enterprise Linux EUS (v. 5.3.z server)
SRPMS:
wireshark-1.0.8-1.el5_3.1.src.rpm     e111c625c0f7368db8fd93e27c1efa3e
 
IA-32:
wireshark-1.0.8-1.el5_3.1.i386.rpm     c142b4f3815bb4f258a213b0fbd54d51
wireshark-gnome-1.0.8-1.el5_3.1.i386.rpm     a4a5cb0fc95f3380ff25e455a9d53229
 
IA-64:
wireshark-1.0.8-1.el5_3.1.ia64.rpm     1616129ae38121e206811e356d3385ab
wireshark-gnome-1.0.8-1.el5_3.1.ia64.rpm     64ab633c74e912884646178b357f8aab
 
PPC:
wireshark-1.0.8-1.el5_3.1.ppc.rpm     bd3988fd978f7fe9fd873d1c5b17c60f
wireshark-gnome-1.0.8-1.el5_3.1.ppc.rpm     bffc5515dc95390463e76735b9c8dadc
 
s390x:
wireshark-1.0.8-1.el5_3.1.s390x.rpm     259edd1747776d371465104276f9f8bd
wireshark-gnome-1.0.8-1.el5_3.1.s390x.rpm     86e84c2c35c98b1a0feaaa1a66b8cbd7
 
x86_64:
wireshark-1.0.8-1.el5_3.1.x86_64.rpm     16cddcfedb6a53768dbaa1db10061def
wireshark-gnome-1.0.8-1.el5_3.1.x86_64.rpm     e5c280accbe9fb9379ea736512fede47
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
wireshark-1.0.8-EL3.1.src.rpm     0facdf008bf25354ab295e9c3176f867
 
IA-32:
wireshark-1.0.8-EL3.1.i386.rpm     fe05378628f4aaf7356dab3c63692a09
wireshark-gnome-1.0.8-EL3.1.i386.rpm     c9e4a56b45f96af05c61eace747f3ea7
 
IA-64:
wireshark-1.0.8-EL3.1.ia64.rpm     73121abe23d3c04b70ea536acdb50a74
wireshark-gnome-1.0.8-EL3.1.ia64.rpm     1fc446072174910f4c369b9569ec5662
 
x86_64:
wireshark-1.0.8-EL3.1.x86_64.rpm     37c9251edc8b7f3e9060fd06d4e26616
wireshark-gnome-1.0.8-EL3.1.x86_64.rpm     6023406d5a8983cfcc8824952f068bf3
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
wireshark-1.0.8-1.el4_8.1.src.rpm     01b239503351fb92a96cc72e70de4cdc
 
IA-32:
wireshark-1.0.8-1.el4_8.1.i386.rpm     f672fbe1eeb0f8707b6864c73b7f6f59
wireshark-gnome-1.0.8-1.el4_8.1.i386.rpm     f0f587586ae5e1d07e32c4d283b3101e
 
IA-64:
wireshark-1.0.8-1.el4_8.1.ia64.rpm     c105aff3c5e5caeb9ef94aa7acb3da4d
wireshark-gnome-1.0.8-1.el4_8.1.ia64.rpm     406d50c8534c61334819c32a56af51ee
 
x86_64:
wireshark-1.0.8-1.el4_8.1.x86_64.rpm     5e2a2284a5346ed16f3b7a764a481a7b
wireshark-gnome-1.0.8-1.el4_8.1.x86_64.rpm     5134ac902f12aa799b2c9ba8525eb353
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

493973 - CVE-2009-1210 wireshark: format string in PROFINET dissector
495119 - CVE-2009-1268 Wireshark CHAP dissector crash
495121 - CVE-2009-1269 Wireshark Tektronix .rf5 file crash
501929 - CVE-2009-1829 wireshark: PCNFSD dissector crash


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1829
http://www.redhat.com/security/updates/classification/#moderate
http://www.wireshark.org/security/wnpa-sec-2009-02.html
http://www.wireshark.org/security/wnpa-sec-2009-03.html

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/