Subject: | |
From: | |
Reply To: | |
Date: | Wed, 1 Oct 2008 15:25:40 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Moderate: wireshark security update
Issue date: 2008-10-01
CVE Names: CVE-2008-1070 CVE-2008-1071 CVE-2008-1072
CVE-2008-1561 CVE-2008-1562 CVE-2008-1563
CVE-2008-3137 CVE-2008-3138 CVE-2008-3141
CVE-2008-3145 CVE-2008-3146 CVE-2008-3932
CVE-2008-3933 CVE-2008-3934
Multiple buffer overflow flaws were found in Wireshark. If Wireshark read
a malformed packet off a network, it could crash or, possibly, execute
arbitrary code as the user running Wireshark. (CVE-2008-3146)
Several denial of service flaws were found in Wireshark. Wireshark could
crash or stop responding if it read a malformed packet off a network, or
opened a malformed dump file. (CVE-2008-1070, CVE-2008-1071, CVE-2008-1072,
CVE-2008-1561, CVE-2008-1562, CVE-2008-1563, CVE-2008-3137, CVE-2008-3138,
CVE-2008-3141, CVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934)
Additionally, this update changes the default Pluggable Authentication
Modules (PAM) configuration to always prompt for the root password before
each start of Wireshark. This avoids unintentionally running Wireshark with
root privileges.
SL 3.0.x
SRPMS:
wireshark-1.0.3-EL3.3.src.rpm
i386:
wireshark-1.0.3-EL3.3.i386.rpm
wireshark-gnome-1.0.3-EL3.3.i386.rpm
x86_64:
wireshark-1.0.3-EL3.3.x86_64.rpm
wireshark-gnome-1.0.3-EL3.3.x86_64.rpm
SL 4.x
SRPMS:
wireshark-1.0.3-3.el4_7.src.rpm
i386:
wireshark-1.0.3-3.el4_7.i386.rpm
wireshark-gnome-1.0.3-3.el4_7.i386.rpm
x86_64:
wireshark-1.0.3-3.el4_7.x86_64.rpm
wireshark-gnome-1.0.3-3.el4_7.x86_64.rpm
SL 5.x
SRPMS:
wireshark-1.0.3-4.el5_2.src.rpm
i386:
wireshark-1.0.3-4.el5_2.i386.rpm
wireshark-gnome-1.0.3-4.el5_2.i386.rpm
x86_64:
wireshark-1.0.3-4.el5_2.x86_64.rpm
wireshark-gnome-1.0.3-4.el5_2.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|