[Frugalware-security] [ FSA-725 ] wireshark

Miklos Vajna vmiklos at frugalware.org
Tue Jun 7 01:00:53 CEST 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-725

Date: 2011-06-07
Package: wireshark
Vulnerable versions: <= 1.4.6-1nexon1
Unaffected versions: >= 1.4.7-1nexon1
Related bugreport: http://bugs.frugalware.org/task/4510
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1956
			http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1957
			http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1958
			http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1959
			http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2174
			http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2175

Description
===========

Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service).
1) An error in the DICOM dissector can be exploited to cause an infinite loop when processing certain malformed packets.
2) An error when processing a Diameter dictionary file can be exploited to cause the process to crash.
3) An error when processing a snoop file can be exploited to cause the process to crash.
4) An error when processing compressed capture data can be exploited to cause the process to crash.
5) An error when processing a Visual Networks file can be exploited to cause the process to crash.
6) An error in the "desegment_tcp()" function (epan/dissectors/packet-tcp.c) when handling certain TCP segments can be exploited to dereference a NULL pointer and crash the process.

Updated Packages
================

Check if you have wireshark installed:

	# pacman-g2 -Q wireshark

If found, then you should upgrade to the latest version:

	# pacman-g2 -Sy wireshark

Availability
============

The latest revision of this advisory is available at
http://frugalware.org/security/725

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iEYEARECAAYFAk3tXCUACgkQZ7NElSD1VhnBiQCgj9rM8WWNKNj/3mqD0QUeWqzf
P1gAoIvWVcAUegVY38uPTdLKGhZbKg3E
=ipYd
-----END PGP SIGNATURE-----

More information about the Frugalware-security mailing list