Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 10: FEDORA-2009-7998 Critical: Wireshark DoS Threat

fedora
Calendar Grey December 4, 2009
Dist Fedora Esm H88
Addressing multiple issues in Wireshark for Fedora 10. Refer to the update documentation and advisory links for comprehensive insights.
Rebased to 1.2.x, fixing several security flaws, see the security advisory for details: https://www.wireshark.org/security/wnpa-sec-2009-04.html

Summary

Wireshark is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering

library, contains command-line utilities, contains plugins and

documentation for wireshark. A graphical user interface is packaged

separately to GTK+ package.

Update Information:

Rebased to 1.2.x, fixing several security flaws, see the security advisory for details: https://www.wireshark.org/security/wnpa-sec-2009-04.html

Topics%20covered

Topics Covered

security advisory Fedora DoS network analyzer security flaw Wireshark

Change Log

* Wed Jul 22 2009 Radek Vokal 1.2.1-1 - upgrade to 1.2.1 - fixes several security flaws - https://www.wireshark.org/docs/relnotes/wireshark-1.2.1.html * Fri May 22 2009 Radek Vokal 1.0.8-1 - upgrade to 1.0.8 - several security vulnerabilities have been fixed - CVE-2009-1210 CVE-2009-1268 CVE-2009-1269 * Fri Apr 10 2009 Radek Vokal 1.0.7-1 - upgrade to 1.0.7 - Several security vulnerabilities have been fixed (Profinet, CPHAP and LDAP dissectors could crash) * Tue Feb 17 2009 Radek Vokal 1.0.6-1 - add netdump2 support - fix SELinux issues, remove pie patch - upgrade to 1.0.6 * Sun Feb 15 2009 Steve Dickson - 1.0.5-2 - NFSv4.1: Add support for backchannel decoding * Mon Dec 15 2008 Radek Vokal 1.0.5-1 - upgrade to 1.0.5 * Thu Nov 13 2008 Radek Vokál 1.0.4-1 - upgrade to 1.0.4 - varios minor security flaws were fixed

References


[ 1 ] Bug #512953 - CVE-2009-2559 Wireshark-1.2.0: DoS (crash) due array index error in IPMI dissector https://bugzilla.redhat.com/show_bug.cgi?id=512953 [ 2 ] Bug #513008 - CVE-2009-2560 Wireshark: Null-ptr dereference in the RADIUS dissector https://bugzilla.redhat.com/show_bug.cgi?id=513008 [ 3 ] Bug #513033 - CVE-2009-2561 Wireshark: Dos (excessive CPU and memory use) via large amount of tree items in the sFlow dissector https://bugzilla.redhat.com/show_bug.cgi?id=513033 [ 4 ] Bug #512987 - CVE-2009-2562 Wireshark: Integer overflow in the AFS dissector https://bugzilla.redhat.com/show_bug.cgi?id=512987 [ 5 ] Bug #512992 - CVE-2009-2563 Wireshark: Null-ptr dereference in the InfiniBand dissector https://bugzilla.redhat.com/show_bug.cgi?id=512992

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update wireshark' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: wireshark
Product: Fedora 10
Version: 1.2.1
Release: 1.fc10
URL: https://www.wireshark.org/
Summary: Network traffic analyzer

Topics%20covered

Topics Covered

security advisory Fedora DoS network analyzer security flaw Wireshark

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here