Synopsis: Moderate: wireshark security update Issue date: 2010-11-30 CVE Names: CVE-2010-3445 CVE-2010-4300 A heap-based buffer overflow flaw was found in the Wireshark Local Download Sharing Service (LDSS) dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-4300) A denial of service flaw was found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445) All running instances of Wireshark must be restarted for the update to take effect. SL 6.x SRPMS: wireshark-1.2.13-1.el6_0.1.src.rpm i386: wireshark-1.2.13-1.el6_0.1.i686.rpm wireshark-devel-1.2.13-1.el6_0.1.i686.rpm wireshark-gnome-1.2.13-1.el6_0.1.i686.rpm x86_64: wireshark-1.2.13-1.el6_0.1.i686.rpm wireshark-1.2.13-1.el6_0.1.x86_64.rpm wireshark-devel-1.2.13-1.el6_0.1.i686.rpm wireshark-devel-1.2.13-1.el6_0.1.x86_64.rpm wireshark-gnome-1.2.13-1.el6_0.1.x86_64.rpm -Connie Sieh -Troy Dawson