Updated wireshark packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5.Red Hat Product Security has rated this update as having Moderate securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

Wireshark is a network protocol analyzer. It is used to capture and browsethe traffic running on a computer network.Multiple flaws were found in Wireshark. If Wireshark read a malformedpacket off a network or opened a malicious dump file, it could crash or,possibly, execute arbitrary code as the user running Wireshark.(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)Several denial of service flaws were found in Wireshark. Wireshark couldcrash or stop responding if it read a malformed packet off a network, oropened a malicious dump file. (CVE-2014-6421, CVE-2014-6422, CVE-2014-6423,CVE-2014-6425, CVE-2014-6428)All wireshark users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. All running instancesof Wireshark must be restarted for the update to take effect.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/articles/11258RHEL Desktop Workstation (v. 5 client)

SRPMS:
wireshark-1.0.15-7.el5_11.src.rpm
    MD5: a909a67af3a1da490f8514372839839fSHA-256: 1a85789f0daea4a917e8257e7bd903738641676f118fcab7bd2c6e8953c61109
 
IA-32:
wireshark-debuginfo-1.0.15-7.el5_11.i386.rpm
    MD5: 3830faef4a6e4ec8ccbf7aaeae72b6afSHA-256: 69c60a002470930d3840098dc7af6521259aa11b8b8a01799e86e538d6ee9cbe
wireshark-gnome-1.0.15-7.el5_11.i386.rpm
    MD5: 53ca406666f66e606e6d0809342545edSHA-256: 5733a84739e52f3f97e6b224bd1f1f635229945f3de13b907b9abbb36b638c63
 
x86_64:
wireshark-debuginfo-1.0.15-7.el5_11.x86_64.rpm
    MD5: 7929bdbe206b4e759bac9c21b839f295SHA-256: c2b9485b57a2892c85f5d9659ebe577ff7da4ffb93927e38d14ae6c7944c9453
wireshark-gnome-1.0.15-7.el5_11.x86_64.rpm
    MD5: 66a64e9d86378b4846b7f785cdc6aaa4SHA-256: 7b8d755ddcf25d1861640aff54940222b3c00816b23437d7c39295b334a9bda3
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
wireshark-1.0.15-7.el5_11.src.rpm
    MD5: a909a67af3a1da490f8514372839839fSHA-256: 1a85789f0daea4a917e8257e7bd903738641676f118fcab7bd2c6e8953c61109
 
IA-32:
wireshark-1.0.15-7.el5_11.i386.rpm
    MD5: 2e52b9b61bb566098616b786ff3ceafcSHA-256: 7999421cd2d9f4ac15ba8c0d60c3f02c957530b9a038a0942b502267537e5407
wireshark-debuginfo-1.0.15-7.el5_11.i386.rpm
    MD5: 3830faef4a6e4ec8ccbf7aaeae72b6afSHA-256: 69c60a002470930d3840098dc7af6521259aa11b8b8a01799e86e538d6ee9cbe
wireshark-gnome-1.0.15-7.el5_11.i386.rpm
    MD5: 53ca406666f66e606e6d0809342545edSHA-256: 5733a84739e52f3f97e6b224bd1f1f635229945f3de13b907b9abbb36b638c63
 
IA-64:
wireshark-1.0.15-7.el5_11.ia64.rpm
    MD5: a7c7e90390a827140a0b723de50282a0SHA-256: e17979b7c806c2e19f2b23a51917ede60ca60d051f0115be90b98a0ad24f5219
wireshark-debuginfo-1.0.15-7.el5_11.ia64.rpm
    MD5: 8d492f72a6c0f48c70c2d1b45f8a2f9aSHA-256: 34523a8d100e9874d64f0d9b0a031f238f3295d6fe0bef5c4233babb4be5f513
wireshark-gnome-1.0.15-7.el5_11.ia64.rpm
    MD5: 94a77af588d4ad1965591b9abb8ce528SHA-256: d105eb3056c862e0ec80eefc46bd62bc598d545d788fb5076ab69298db55d2d7
 
PPC:
wireshark-1.0.15-7.el5_11.ppc.rpm
    MD5: c20fc79e8fb4b1abe45b57914af95bbcSHA-256: d3e62d232a8f6d8000f9aa8ac0453f482c7901eafe323a055bdc3fdb187c9e3a
wireshark-debuginfo-1.0.15-7.el5_11.ppc.rpm
    MD5: da1a02e2f18630a90e97e74a77084e1dSHA-256: 7ff361dfdb5e211c6b23165adc4cc0db0e58dffb17c96e302a85d611a591fc42
wireshark-gnome-1.0.15-7.el5_11.ppc.rpm
    MD5: e5217fa322d22b33fbd3b322c98f34d8SHA-256: d36b41873c5607651c0e08a60d1b499453d2dad263f6bcb6af9dcc5e2d858a21
 
s390x:
wireshark-1.0.15-7.el5_11.s390x.rpm
    MD5: c9c8710d512d00dc9b034dfa0bd93a0fSHA-256: 9a7b8dcf5d748b8a47557b9e0c6890ed834715b1c447526f97b5bc40051aef36
wireshark-debuginfo-1.0.15-7.el5_11.s390x.rpm
    MD5: 767cee25cc1f89666ddd3a3af04bbf7bSHA-256: 0b08b50e7f1b511c54c6a2c43be3c5605cdad726bb4fa6e08b046471ea894d67
wireshark-gnome-1.0.15-7.el5_11.s390x.rpm
    MD5: bce108b3af7a96aee526ef11d261ef9eSHA-256: 7ba33d99a45c4ef1a2f8e0eb317ad3246758ea005e58892f16ed723c85690c07
 
x86_64:
wireshark-1.0.15-7.el5_11.x86_64.rpm
    MD5: 2774a25ef763e45ccac545bbf4d540a0SHA-256: 3622158f5d40620075946daa9ec8634a934348370359a83c8b58bcf4947f1f74
wireshark-debuginfo-1.0.15-7.el5_11.x86_64.rpm
    MD5: 7929bdbe206b4e759bac9c21b839f295SHA-256: c2b9485b57a2892c85f5d9659ebe577ff7da4ffb93927e38d14ae6c7944c9453
wireshark-gnome-1.0.15-7.el5_11.x86_64.rpm
    MD5: 66a64e9d86378b4846b7f785cdc6aaa4SHA-256: 7b8d755ddcf25d1861640aff54940222b3c00816b23437d7c39295b334a9bda3
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
wireshark-1.0.15-7.el5_11.src.rpm
    MD5: a909a67af3a1da490f8514372839839fSHA-256: 1a85789f0daea4a917e8257e7bd903738641676f118fcab7bd2c6e8953c61109
 
IA-32:
wireshark-1.0.15-7.el5_11.i386.rpm
    MD5: 2e52b9b61bb566098616b786ff3ceafcSHA-256: 7999421cd2d9f4ac15ba8c0d60c3f02c957530b9a038a0942b502267537e5407
wireshark-debuginfo-1.0.15-7.el5_11.i386.rpm
    MD5: 3830faef4a6e4ec8ccbf7aaeae72b6afSHA-256: 69c60a002470930d3840098dc7af6521259aa11b8b8a01799e86e538d6ee9cbe
 
x86_64:
wireshark-1.0.15-7.el5_11.x86_64.rpm
    MD5: 2774a25ef763e45ccac545bbf4d540a0SHA-256: 3622158f5d40620075946daa9ec8634a934348370359a83c8b58bcf4947f1f74
wireshark-debuginfo-1.0.15-7.el5_11.x86_64.rpm
    MD5: 7929bdbe206b4e759bac9c21b839f295SHA-256: c2b9485b57a2892c85f5d9659ebe577ff7da4ffb93927e38d14ae6c7944c9453
 
(The unlinked packages above are only available from the Red Hat Network)
1142602 – CVE-2014-6429 CVE-2014-6430 CVE-2014-6431 CVE-2014-6432 wireshark: DOS Sniffer file parser flaw (wnpa-sec-2014-19)1142603 – CVE-2014-6428 wireshark: SES dissector crash (wnpa-sec-2014-18)1142608 – CVE-2014-6425 wireshark: CUPS dissector crash (wnpa-sec-2014-15)1142610 – CVE-2014-6423 wireshark: MEGACO dissector infinite loop (wnpa-sec-2014-13)1142611 – CVE-2014-6421 CVE-2014-6422 wireshark: RTP dissector crash (wnpa-sec-2014-12)

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply