Synopsis: Moderate: wireshark security update Issue date: 2008-10-01 CVE Names: CVE-2008-1070 CVE-2008-1071 CVE-2008-1072 CVE-2008-1561 CVE-2008-1562 CVE-2008-1563 CVE-2008-3137 CVE-2008-3138 CVE-2008-3141 CVE-2008-3145 CVE-2008-3146 CVE-2008-3932 CVE-2008-3933 CVE-2008-3934 Multiple buffer overflow flaws were found in Wireshark. If Wireshark read a malformed packet off a network, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2008-3146) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malformed dump file. (CVE-2008-1070, CVE-2008-1071, CVE-2008-1072, CVE-2008-1561, CVE-2008-1562, CVE-2008-1563, CVE-2008-3137, CVE-2008-3138, CVE-2008-3141, CVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934) Additionally, this update changes the default Pluggable Authentication Modules (PAM) configuration to always prompt for the root password before each start of Wireshark. This avoids unintentionally running Wireshark with root privileges. SL 3.0.x SRPMS: wireshark-1.0.3-EL3.3.src.rpm i386: wireshark-1.0.3-EL3.3.i386.rpm wireshark-gnome-1.0.3-EL3.3.i386.rpm x86_64: wireshark-1.0.3-EL3.3.x86_64.rpm wireshark-gnome-1.0.3-EL3.3.x86_64.rpm SL 4.x SRPMS: wireshark-1.0.3-3.el4_7.src.rpm i386: wireshark-1.0.3-3.el4_7.i386.rpm wireshark-gnome-1.0.3-3.el4_7.i386.rpm x86_64: wireshark-1.0.3-3.el4_7.x86_64.rpm wireshark-gnome-1.0.3-3.el4_7.x86_64.rpm SL 5.x SRPMS: wireshark-1.0.3-4.el5_2.src.rpm i386: wireshark-1.0.3-4.el5_2.i386.rpm wireshark-gnome-1.0.3-4.el5_2.i386.rpm x86_64: wireshark-1.0.3-4.el5_2.x86_64.rpm wireshark-gnome-1.0.3-4.el5_2.x86_64.rpm -Connie Sieh -Troy Dawson