Gentoo: GLSA-201110-02: Wireshark: Multiple vulnerabilities
Summary
Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details.
Resolution
All Wireshark users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.4.9"
References
[ 1 ] CVE-2010-2283 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2283 [ 2 ] CVE-2010-2284 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2284 [ 3 ] CVE-2010-2285 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2285 [ 4 ] CVE-2010-2286 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2286 [ 5 ] CVE-2010-2287 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2287 [ 6 ] CVE-2010-2992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2992 [ 7 ] CVE-2010-2993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2993 [ 8 ] CVE-2010-2994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2994 [ 9 ] CVE-2010-2995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2995 [ 10 ] CVE-2010-3133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3133 [ 11 ] CVE-2010-3445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3445 [ 12 ] CVE-2010-4300 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4300 [ 13 ] CVE-2010-4301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4301 [ 14 ] CVE-2010-4538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4538 [ 15 ] CVE-2011-0024 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0024 [ 16 ] CVE-2011-0444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0444 [ 17 ] CVE-2011-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0445 [ 18 ] CVE-2011-0538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0538 [ 19 ] CVE-2011-0713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0713 [ 20 ] CVE-2011-1138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1138 [ 21 ] CVE-2011-1139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1139 [ 22 ] CVE-2011-1140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1140 [ 23 ] CVE-2011-1141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1141 [ 24 ] CVE-2011-1142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1142 [ 25 ] CVE-2011-1143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1143 [ 26 ] CVE-2011-1590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1590 [ 27 ] CVE-2011-1591 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1591 [ 28 ] CVE-2011-1592 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1592 [ 29 ] CVE-2011-1956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1956 [ 30 ] CVE-2011-1957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1957 [ 31 ] CVE-2011-1958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1958 [ 32 ] CVE-2011-1959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1959 [ 33 ] CVE-2011-2174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2174 [ 34 ] CVE-2011-2175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2175 [ 35 ] CVE-2011-2597 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2597 [ 36 ] CVE-2011-2698 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2698 [ 37 ] CVE-2011-3266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3266 [ 38 ] CVE-2011-3360 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3360 [ 39 ] CVE-2011-3482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3482 [ 40 ] CVE-2011-3483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3483
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201110-02
Concerns
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
![Dist Gentoo](/images/distros/dist-gentoo.png)
Synopsis
Multiple vulnerabilities in Wireshark allow for the remote execution of arbitrary code, or a Denial of Service condition.
Background
Wireshark is a versatile network protocol analyzer.
Affected Packages
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/wireshark < 1.4.9 >= 1.4.9
Impact
===== A remote attacker could send specially crafted packets on a network being monitored by Wireshark, entice a user to open a malformed packet trace file using Wireshark, or deploy a specially crafted Lua script for use by Wireshark, possibly resulting in the execution of arbitrary code, or a Denial of Service condition.
Workaround
There is no known workaround at this time.