Vous êtes ici: index » cert » avis

Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés

Date : Thu, 07 Mar 2013 10:55:55 +0100
Type : VULN
Sujet : CERT-Renater : 2013/VULN101 (Wireshark : New versions of Wireshark fix several security vulnerabilities)
====================================================================
                           CERT-Renater

               Note d'Information No. 2013/VULN101
_____________________________________________________________________

DATE                : 07/03/2013

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Wireshark versions 1.8.x, 1.6.x
                                   prior to 1.8.6, 1.6.14.

======================================================================
http://www.wireshark.org/lists/wireshark-announce/201303/msg00000.html
http://www.wireshark.org/lists/wireshark-announce/201303/msg00001.html
______________________________________________________________________

I'm proud to announce the release of Wireshark 1.8.6.

What is Wireshark?

   Wireshark is the world's most popular network protocol analyzer.
   It is used for troubleshooting, analysis, development and
   education.

What's New

  Bug Fixes

   The following vulnerabilities have been fixed.

     o wnpa-sec-2013-10

       The TCP dissector could crash. (Bug 8274)

       Versions affected: 1.8.0 to 1.8.5.

       CVE-2013-2475

     o wnpa-sec-2013-11

       The HART/IP dissectory could go into an infinite loop. (Bug
       8360)

       Versions affected: 1.8.0 to 1.8.5.

       CVE-2013-2476

     o wnpa-sec-2013-12

       The CSN.1 dissector could crash. Discovered by Laurent Butti.
       (Bug 8383)

       Versions affected: 1.8.0 to 1.8.5.

       CVE-2013-2477

     o wnpa-sec-2013-13

       The MS-MMS dissector could crash. Discovered by Laurent Butti.
       (Bug 8382)

       Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.

       CVE-2013-2478

     o wnpa-sec-2013-14

       The MPLS Echo dissector could go into an infinite loop.
       Discovered by Laurent Butti. (Bug 8039)

       Versions affected: 1.8.0 to 1.8.5.

       CVE-2013-2479

     o wnpa-sec-2013-15

       The RTPS and RTPS2 dissectors could crash. Discovered by
       Alyssa Milburn. (Bug 8332)

       Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.

       CVE-2013-2480

     o wnpa-sec-2013-16

       The Mount dissector could crash. Discovered by Alyssa Milburn.
       (Bug 8335)

       Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.

       CVE-2013-2481

     o wnpa-sec-2013-17

       The AMPQ dissector could go into an infinite loop. Discovered
       by Moshe Kaplan. (Bug 8337)

       Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.

       CVE-2013-2482

     o wnpa-sec-2013-18

       The ACN dissector could attempt to divide by zero. Discovered
       by Alyssa Milburn. (Bug 8340)

       Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.

       CVE-2013-2483

     o wnpa-sec-2013-19

       The CIMD dissector could crash. Discovered by Moshe Kaplan.
       (Bug 8346)

       Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.

       CVE-2013-2484

     o wnpa-sec-2013-20

       The FCSP dissector could go into an infinite loop. Discovered
       by Moshe Kaplan. (Bug 8359)

       Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.

       CVE-2013-2485

     o wnpa-sec-2013-21

       The RELOAD dissector could go into an infinite loop.
       Discovered by Even Jensen. (Bug 8364)

       Versions affected: 1.8.0 to 1.8.5.

       CVE-2013-2486

       CVE-2013-2487

     o wnpa-sec-2013-22

       The DTLS dissector could crash. Discovered by Laurent Butti.
       (Bug 8380)

       Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.

       CVE-2013-2488

   The following bugs have been fixed:

     o Lua pinfo.cols.protocol not holding value in postdissector.
       (Bug 6020)

     o data combined via ssl_desegment_app_data not visible via
       "Follow SSL Stream" only decrypted ssl data tabs. (Bug 6434)

     o HTTP application/json-rpc should be decoded/shown as
       application/json. (Bug 7939)

     o Maximum value of 802.11-2012 Duration field should be 32767.
       (Bug 8056)

     o Voice RTP player crash if player is closed while playing. (Bug
       8065)

     o Display Filter Macros crash. (Bug 8073)

     o RRC RadioBearerSetup message decoding issue. (Bug 8290)

     o R-click filters add ! in front of field when choosing "apply
       as filter>selected". (Bug 8297)

     o BACnet - Loop Object - Setpoint-Reference property does not
       decode correctly. (Bug 8306)

     o WMM TSPEC Element Parsing is not done is wrong due to a wrong
       switch case number. (Bug 8320)

     o Incorrect RTP statistics (Lost Packets indication not ok).
       (Bug 8321)

     o Registering ieee802154 dissector for IEEE802.15.4 frames
       inside Linux SLL frames. (Bug 8325)

     o Version Field is skipped while parsing WMM_TSPEC causing wrong
       dissecting (1 byte offset missing) of all fields in the TSPEC.
       (Bug 8330)

     o [BACnet] UCS-2 strings longer than 127 characters do not
       decode correctly. (Bug 8331)

     o Malformed IEEE80211 frame triggers DISSECTOR_ASSERT. (Bug
       8345)

     o Decoding of GSM MAP SMS Diagnostics. (Bug 8378)

     o Incorrect packet length displayed for Flight Message Transfer
       Protocol (FMTP). (Bug 8407)

     o Netflow dissector flowDurationMicroseconds nanosecond
       conversion wrong. (Bug 8410)

     o BE (3) AC is wrongly named as "Video" in (qos_acs). (Bug 8432)

  New and Updated Features

   There are no new features in this release.

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   ACN, AMQP, ASN.1 PER, BACnet, CIMD, CSN.1, DOCSIS TLVs, DTLS,
   FCSP, FMP/NOTIFY, FMTP, GSM MAP SMS, HART/IP, IEEE 802.11, IEEE
   802.15.4, JSON, Linux SLL, LTE RRC, Mount, MPLS Echo, Netflow,
   RELOAD, RSL, RTP, RTPS, RTPS2, SABP, SIP, SSL, TCP

  New and Updated Capture File Support

   No new or updated capture file support.

Getting Wireshark

   Wireshark source code and installation packages are available from
   http://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages.
   You can usually install or upgrade Wireshark using the package
   management system specific to that platform. A list of third-party
   packages can be found on the download page on the Wireshark web
   site.

File Locations

   Wireshark and TShark look in several different locations for
   preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
   These locations vary from platform to platform. You can use
   About→Folders to find the default locations on your system.

Known Problems

   Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

   The BER dissector might infinitely loop. (Bug 1516)

   Capture filters aren't applied when capturing from named pipes.
   (Bug 1814)

   Filtering tshark captures with display filters (-R) no longer
   works. (Bug 2234)

   The 64-bit Windows installer does not support Kerberos decryption.
   (Win64 development page)

   Application crash when changing real-time option. (Bug 4035)

   Hex pane display issue after startup. (Bug 4056)

   Packet list rows are oversized. (Bug 4357)

   Summary pane selected frame highlighting not maintained. (Bug
   4445)

   Wireshark and TShark will display incorrect delta times in some
   cases. (Bug 4985)

Getting Help

   Community support is available on Wireshark's Q&A site and on the
   wireshark-users mailing list. Subscription information and
   archives for all of Wireshark's mailing lists can be found on the
   web site.

   Official Wireshark training and certification are available from
   Wireshark University.

Frequently Asked Questions

   A complete FAQ is available on the Wireshark web site.


Digests

wireshark-1.8.6.tar.bz2: 24250787 bytes
MD5(wireshark-1.8.6.tar.bz2)17361e701936c72f7f18f857059b944
SHA1(wireshark-1.8.6.tar.bz2)51ed901b5e07cceb1373f3368f739be8f1e827
RIPEMD160(wireshark-1.8.6.tar.bz2)!688bef39816cc81d596205eefc5a067e5d6c25

Wireshark-win64-1.8.6.exe: 26847472 bytes
MD5(Wireshark-win64-1.8.6.exe)Ýd3d98096538e357e2dd0d6cd04ed6b
SHA1(Wireshark-win64-1.8.6.exe)
042dce029072dfcb8f52f49aa0c84bfb6d8a69
RIPEMD160(Wireshark-win64-1.8.6.exe)&56bf18e3131da2b64feeb4d91c687768fe6f1f

Wireshark-win32-1.8.6.exe: 21173600 bytes
MD5(Wireshark-win32-1.8.6.exe):0de374fc4979001727bfa5fc19d3c5
SHA1(Wireshark-win32-1.8.6.exe)¾d78fb3c51cfec9914bf46f6257da2541407d5c
RIPEMD160(Wireshark-win32-1.8.6.exe)æcb0e40236093f5bf45909d1c306b64b0b99264

Wireshark-1.8.6.u3p: 28607931 bytes
MD5(Wireshark-1.8.6.u3p)ú19996f6c69f68d011565b2c49c27b3
SHA1(Wireshark-1.8.6.u3p)â9efab380c4da61b25678c764403719b0088875
RIPEMD160(Wireshark-1.8.6.u3p)cb4634b95e8b08387711fab79f674d1dcae4b4

WiresharkPortable-1.8.6.paf.exe: 22184584 bytes
MD5(WiresharkPortable-1.8.6.paf.exe) 9a4ab23ffff08685d0ef42a0dc0f09
SHA1(WiresharkPortable-1.8.6.paf.exe)öf39ee3b202488ce3c48521692599a458c024e0
RIPEMD160(WiresharkPortable-1.8.6.paf.exe)ha2dcf651c661499717a0f6c2abacabca48d94e

Wireshark 1.8.6 Intel 32.dmg: 22122012 bytes
MD5(Wireshark 1.8.6 Intel 32.dmg)Ab1249c0e0bdf0d851a816d20e01c12
SHA1(Wireshark 1.8.6 Intel
32.dmg)Øeaf89fd2fdf13f47aaa9a25c1587a760534635
RIPEMD160(Wireshark 1.8.6 Intel
32.dmg)Ìadbdadddfd19991a6c7af9d2643a343fb3db75

Wireshark 1.8.6 PPC 32.dmg: 22934708 bytes
MD5(Wireshark 1.8.6 PPC 32.dmg)é556eeacd50ddb4e70c9e5f98c442fa
SHA1(Wireshark 1.8.6 PPC 32.dmg)¨c8b2f6fb659b20ef2ae7785a2b5646f33c7ff5
RIPEMD160(Wireshark 1.8.6 PPC
32.dmg){6a0e6161c1fb1d31caf7a6b5007cd38fce62f6

Wireshark 1.8.6 Intel 64.dmg: 21799059 bytes
MD5(Wireshark 1.8.6 Intel 64.dmg)&5318dd55f4fd3dca228d9afc9348fe
SHA1(Wireshark 1.8.6 Intel
64.dmg)G5ae0f50e65399a9a16c8266e505e8d9b27d308
RIPEMD160(Wireshark 1.8.6 Intel
64.dmg)(1386411018db57322e04c6c24927e9a7a774e7

patch-wireshark-1.8.5-to-1.8.6.diff.bz2: 385614 bytes
MD5(patch-wireshark-1.8.5-to-1.8.6.diff.bz2)61fcdfaf6d17d40cbe961951c1133e
SHA1(patch-wireshark-1.8.5-to-1.8.6.diff.bz2)d53194b13de978d950394734ab7302f6d0394a
RIPEMD160(patch-wireshark-1.8.5-to-1.8.6.diff.bz2)µ42539170925e88b52940ca41b65be1d0167a7c
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlE30VEACgkQpw8IXSHylJqnxwCgkPXuAnxLwFyB12J3DS2IGbpI
W+EAoIXKuWojXWk9V/cnXfRDMN10czqK
=PYH/
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm proud to announce the release of Wireshark 1.6.14.

What is Wireshark?

   Wireshark is the world's most popular network protocol analyzer.
   It is used for troubleshooting, analysis, development and
   education.

What's New

  Bug Fixes

   The following vulnerability has been fixed.

     o wnpa-sec-2012-32

       The sFlow dissector could go into an infinite loop. (Bug 7789)

       Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.13.

       CVE-2012-6054

     o wnpa-sec-2012-33

       The SCTP dissector could go into an infinite loop. (Bug 7802)

       Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.13.

       CVE-2012-6056

     o wnpa-sec-2013-13

       The MS-MMS dissector could crash. Discovered by Laurent Butti.
       (Bug 8382)

       Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.

       CVE-2013-2478

     o wnpa-sec-2013-15

       The RTPS and RTPS2 dissectors could crash. Discovered by
       Alyssa Milburn. (Bug 8332)

       Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.

       CVE-2013-2480

     o wnpa-sec-2013-16

       The Mount dissector could crash. Discovered by Alyssa Milburn.
       (Bug 8335)

       Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.

       CVE-2013-2481

     o wnpa-sec-2013-17

       The AMPQ dissector could go into an infinite loop. Discovered
       by Moshe Kaplan. (Bug 8337)

       Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.

       CVE-2013-2482

     o wnpa-sec-2013-18

       The ACN dissector could attempt to divide by zero. Discovered
       by Alyssa Milburn. (Bug 8340)

       Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.

       CVE-2013-2483

     o wnpa-sec-2013-19

       The CIMD dissector could crash. Discovered by Moshe Kaplan.
       (Bug 8346)

       Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.

       CVE-2013-2484

     o wnpa-sec-2013-20

       The FCSP dissector could go into an infinite loop. Discovered
       by Moshe Kaplan. (Bug 8359)

       Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.

       CVE-2013-2485

     o wnpa-sec-2013-22

       The DTLS dissector could crash. Discovered by Laurent Butti.
       (Bug 8380)

       Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.

       CVE-2013-2488

   The following bugs have been fixed:

     o Lua pinfo.cols.protocol not holding value in postdissector.
       (Bug 6020)

     o Data combined via ssl_desegment_app_data not visible via
       "Follow SSL Stream" only decrypted ssl data tabs. (Bug 6434)

     o HTTP application/json-rpc should be decoded/shown as
       application/json. (Bug 7939)

     o WMM TSPEC Element Parsing is not done is wrong due to a wrong
       switch case number. (Bug 8320)

     o [BACnet] UCS-2 strings longer than 127 characters do not
       decode correctly. (Bug 8331)

     o Netflow dissector flowDurationMicroseconds nanosecond
       conversion wrong. (Bug 8410)

     o BE (3) AC is wrongly named as "Video" in (qos_acs). (Bug 8432)

  New and Updated Features

   There are no new features in this release.

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   ACN, AMQP, BACnet, CIMD, DOCSIS TLVs, DTLS, FCSP, FMP/NOTIFY, IEEE
   802.11, JSON, Mount, MS-MMS, Netflow, RTPS, RTPS2, SIP, SSL

  New and Updated Capture File Support

   No new or updated capture file support.

Getting Wireshark

   Wireshark source code and installation packages are available from
   http://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages.
   You can usually install or upgrade Wireshark using the package
   management system specific to that platform. A list of third-party
   packages can be found on the download page on the Wireshark web
   site.

File Locations

   Wireshark and TShark look in several different locations for
   preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
   These locations vary from platform to platform. You can use
   About→Folders to find the default locations on your system.

Known Problems

   Wireshark might make your system disassociate from a wireless
   network on OS X 10.4. (Bug 1315)

   Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

   The BER dissector might infinitely loop. (Bug 1516)

   Capture filters aren't applied when capturing from named pipes.
   (Bug 1814)

   Filtering tshark captures with display filters (-R) no longer
   works. (Bug 2234)

   The 64-bit Windows installer does not ship with libsmi. (Win64
   development page)

   "Closing File!" Dialog Hangs. (Bug 3046)

   Application crash when changing real-time option. (Bug 4035)

   Hex pane display issue after startup. (Bug 4056)

   Packet list rows are oversized. (Bug 4357)

   Summary pane selected frame highlighting not maintained. (Bug
   4445)

   Wireshark and TShark will display incorrect delta times when
   displayed as a custom column. (Bug 4985)

Getting Help

   Community support is available on Wireshark's Q&A site and on the
   wireshark-users mailing list. Subscription information and
   archives for all of Wireshark's mailing lists can be found on the
   web site.

   Official Wireshark training and certification are available from
   Wireshark University.

Frequently Asked Questions

   A complete FAQ is available on the Wireshark web site.


Digests

wireshark-1.6.14.tar.bz2: 22121915 bytes
MD5(wireshark-1.6.14.tar.bz2)81e1b9db6f240d4f995eeebbf520fa
SHA1(wireshark-1.6.14.tar.bz2)¼e7993968ab1227b6492584cadf93faf7807965
RIPEMD160(wireshark-1.6.14.tar.bz2)77b3c61d6d73db6cb9e61ab29c468aab9b6c3b

wireshark-win32-1.6.14.exe: 19894582 bytes
MD5(wireshark-win32-1.6.14.exe)ð08f1f72022387379d54d3f08551d98
SHA1(wireshark-win32-1.6.14.exe)©3a4ef14881e4a740959331e5eb9dd1c3a7d069
RIPEMD160(wireshark-win32-1.6.14.exe)ü42f39d650e531c30f0498d1c6903a638dcb4d8

wireshark-win64-1.6.14.exe: 23016951 bytes
MD5(wireshark-win64-1.6.14.exe)J02eeeb3e831324ee12987f4f418ae9
SHA1(wireshark-win64-1.6.14.exe)§0c60ffa6a78fdddb694f51580fe82ab98c04e1
RIPEMD160(wireshark-win64-1.6.14.exe)ad4e36a8b49ad0158afb1c63c0f22453717f4d

wireshark-1.6.14.u3p: 26773823 bytes
MD5(wireshark-1.6.14.u3p)”4ee685c491b7c44cdbc613dcb0dad1
SHA1(wireshark-1.6.14.u3p)e993854226e7e7d9cdef0fd2c455237e60c570d
RIPEMD160(wireshark-1.6.14.u3p)x52c4f68144704c6e74e4bdb2d7f94fa448ae30

WiresharkPortable-1.6.14.paf.exe: 20666928 bytes
MD5(WiresharkPortable-1.6.14.paf.exe)1154ea5c12484a3d1837ca15d0b24d
SHA1(WiresharkPortable-1.6.14.paf.exe)ƒ54156a481832a0ffb4927f38b9a8ca1cb9d6de
RIPEMD160(WiresharkPortable-1.6.14.paf.exe)°03934bc22c0a7c426c50c21a889c090b9ed938

Wireshark 1.6.14 Intel 64.dmg: 20374433 bytes
MD5(Wireshark 1.6.14 Intel 64.dmg)Ë0bc1e8bcf44373f2d0b62d508ae468
SHA1(Wireshark 1.6.14 Intel
64.dmg)f3ba96b3b298eb3ceb063ee08de795ef348494
RIPEMD160(Wireshark 1.6.14 Intel
64.dmg)Þb7f23841fd903072256472c2ae959ac2d3c51c

Wireshark 1.6.14 Intel 32.dmg: 20570644 bytes
MD5(Wireshark 1.6.14 Intel 32.dmg)zab194d9d13003e6d1676b059542dc4
SHA1(Wireshark 1.6.14 Intel
32.dmg)396f2f1dd9cc58b8d180077639b69538ef1197
RIPEMD160(Wireshark 1.6.14 Intel
32.dmg)2db7764844b9642aa37d8f7e85163c509fa1e74

Wireshark 1.6.14 PPC 32.dmg: 21289314 bytes
MD5(Wireshark 1.6.14 PPC 32.dmg)öf50ec9b7be659b1ad4844128c8db88
SHA1(Wireshark 1.6.14 PPC 32.dmg)Ða6b932236ad7d223d69dae566dcad64089ec7e
RIPEMD160(Wireshark 1.6.14 PPC
32.dmg)»9e8a3b4bdbab4268cb4274cfb01d4e11a0316b

patch-wireshark-1.6.13-to-1.6.14.diff.bz2: 348802 bytes
MD5(patch-wireshark-1.6.13-to-1.6.14.diff.bz2)/c00d82d6e7cb65dc67f5b9145129e6
SHA1(patch-wireshark-1.6.13-to-1.6.14.diff.bz2)÷a8f9d7598b55b116f4e7e1d897462df5fee7d9
RIPEMD160(patch-wireshark-1.6.13-to-1.6.14.diff.bz2).7e09985e270026c47c8d552116dcf269fba8b0


======================================================================

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================

[An attachment of type application/pkcs7-signature was included here]