Synopsis: Moderate: wireshark security, bug fix, and
enhancement update
Issue Date: 2013-01-08
CVE Numbers: CVE-2011-1959
CVE-2011-2175
CVE-2011-1958
CVE-2011-2698
CVE-2011-4102
CVE-2012-0041
CVE-2012-0042
CVE-2012-0066
CVE-2012-0067
CVE-2012-4285
CVE-2012-4289
CVE-2012-4291
CVE-2012-4290
--
A heap-based buffer overflow flaw was found in the way Wireshark handled
Endace
ERF (Extensible Record Format) capture files. If Wireshark opened a
specially-
crafted ERF capture file, it could crash or, possibly, execute arbitrary
code
as the user running Wireshark. (CVE-2011-4102)
Several denial of service flaws were found in Wireshark. Wireshark could
crash
or stop responding if it read a malformed packet off a network, or opened a
malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175,
CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067,
CVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291)
This update also fixes the following bugs:
* When Wireshark starts with the X11 protocol being tunneled through an SSH
connection, it automatically prepares its capture filter to omit the SSH
packets. If the SSH connection was to a link-local IPv6 address including an
interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed this
address erroneously, constructed an incorrect capture filter and refused to
capture packets. The "Invalid capture filter" message was displayed.
With this
update, parsing of link-local IPv6 addresses is fixed and Wireshark
correctly
prepares a capture filter to omit SSH packets over a link-local IPv6
connection.
* Previously, Wireshark's column editing dialog malformed column names when
they were selected. With this update, the dialog is fixed and no longer
breaks
column names.
* Previously, TShark, the console packet analyzer, did not properly
analyze the
exit code of Dumpcap, Wireshark's packet capturing back end. As a result,
TShark returned exit code 0 when Dumpcap failed to parse its command-line
arguments. In this update, TShark correctly propagates the Dumpcap exit code
and returns a non-zero exit code when Dumpcap fails.
* Previously, the TShark "-s" (snapshot length) option worked only for a
value
greater than 68 bytes. If a lower value was specified, TShark captured
just 68
bytes of incoming packets. With this update, the "-s" option is fixed
and sizes
lower than 68 bytes work as expected.
This update also adds the following enhancement:
* In this update, support for the "NetDump" protocol was added.
All running instances of Wireshark must be restarted for the update to take
effect.
--
SL5
x86_64
wireshark-1.0.15-5.el5.x86_64.rpm
wireshark-debuginfo-1.0.15-5.el5.x86_64.rpm
wireshark-gnome-1.0.15-5.el5.x86_64.rpm
i386
wireshark-1.0.15-5.el5.i386.rpm
wireshark-debuginfo-1.0.15-5.el5.i386.rpm
wireshark-gnome-1.0.15-5.el5.i386.rpm
- Scientific Linux Development Team
|