 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Tue, 22 Mar 2011 14:24:58 -0500 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Moderate: wireshark security update
Issue date: 2011-03-21
CVE Names: CVE-2011-0444 CVE-2011-0538 CVE-2011-0713
CVE-2011-1139 CVE-2011-1140 CVE-2011-1141
A heap-based buffer overflow flaw was found in the Wireshark MAC-LTE
dissector. If Wireshark read a malformed packet off a network or opened
a malicious dump file, it could crash or, possibly, execute arbitrary
code as the user running Wireshark. (CVE-2011-0444)
A heap-based buffer overflow flaw was found in the way Wireshark
processed signaling traces generated by the Gammu utility on Nokia DCT3
phones running in Netmonitor mode. If Wireshark opened a
specially-crafted capture file, it could crash or, possibly, execute
arbitrary code as the user running Wireshark. (CVE-2011-0713)
Several denial of service flaws were found in Wireshark. Wireshark could
crash or stop responding if it read a malformed packet off a network, or
opened a malicious dump file. (CVE-2011-0538, CVE-2011-1139,
CVE-2011-1140, CVE-2011-1141)
Users of Wireshark should upgrade to these updated packages, which
contain Wireshark version 1.2.15, and resolve these issues. All running
instances of Wireshark must be restarted for the update to take effect.
SL 6.x
SRPMS:
wireshark-1.2.15-1.el6_0.1.src.rpm
i386:
wireshark-1.2.15-1.el6_0.1.i686.rpm
wireshark-devel-1.2.15-1.el6_0.1.i686.rpm
wireshark-gnome-1.2.15-1.el6_0.1.i686.rpm
x86_64:
wireshark-1.2.15-1.el6_0.1.i686.rpm
wireshark-1.2.15-1.el6_0.1.x86_64.rpm
wireshark-devel-1.2.15-1.el6_0.1.i686.rpm
wireshark-devel-1.2.15-1.el6_0.1.x86_64.rpm
wireshark-gnome-1.2.15-1.el6_0.1.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|
