Synopsis: Moderate: wireshark security update Issue date: 2009-03-04 CVE Names: CVE-2008-4680 CVE-2008-4681 CVE-2008-4682 CVE-2008-4683 CVE-2008-4684 CVE-2008-4685 CVE-2008-5285 CVE-2009-0599 CVE-2009-0600 Multiple buffer overflow flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malformed dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2008-4683, CVE-2009-0599) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malformed dump file. (CVE-2008-4680, CVE-2008-4681, CVE-2008-4682,CVE-2008-4684, CVE-2008-4685, CVE-2008-5285, CVE-2009-0600) All running instances of Wireshark must be restarted for the update to take effect. SL 3.0.x SRPMS: wireshark-1.0.6-EL3.3.src.rpm i386: wireshark-1.0.6-EL3.3.i386.rpm wireshark-gnome-1.0.6-EL3.3.i386.rpm x86_64: wireshark-1.0.6-EL3.3.x86_64.rpm wireshark-gnome-1.0.6-EL3.3.x86_64.rpm SL 4.x SRPMS: wireshark-1.0.6-2.el4_7.src.rpm i386: wireshark-1.0.6-2.el4_7.i386.rpm wireshark-gnome-1.0.6-2.el4_7.i386.rpm x86_64: wireshark-1.0.6-2.el4_7.x86_64.rpm wireshark-gnome-1.0.6-2.el4_7.x86_64.rpm SL 5.x SRPMS: wireshark-1.0.6-2.el5_3.src.rpm i386: wireshark-1.0.6-2.el5_3.i386.rpm wireshark-gnome-1.0.6-2.el5_3.i386.rpm x86_64: wireshark-1.0.6-2.el5_3.x86_64.rpm wireshark-gnome-1.0.6-2.el5_3.x86_64.rpm -Connie Sieh -Troy Dawson