SciLinux: CVE-2009-2560 Moderate: wireshark SL3.x, SL4.x,
Summary
An invalid pointer dereference flaw was found in the Wireshark SMB andSMB2 dissectors. If Wireshark read a malformed packet off a network oropened a malicious dump file, it could crash or, possibly, executearbitrary code as the user running Wireshark. (CVE-2009-4377)Several buffer overflow flaws were found in the Wireshark LWRESdissector. If Wireshark read a malformed packet off a network or openeda malicious dump file, it could crash or, possibly, execute arbitrarycode as the user running Wireshark. (CVE-2010-0304)Several denial of service flaws were found in Wireshark. Wireshark couldcrash or stop responding if it read a malformed packet off a network, oropened a malicious dump file. (CVE-2009-2560, CVE-2009-2562,CVE-2009-2563, CVE-2009-3550, CVE-2009-3829)All running instances of Wireshark must be restarted for the update totake effect.Note: libsmi was added to SL4 and SL5 because it was a new dependencyfor wireshark and older versions of SL4 and SL5 did not have libsmi.SL 3.0.xSRPMS:wireshark-1.0.11-EL3.6.src.rpmi386:wireshark-1.0.11-EL3.6.i386.rpmwireshark-gnome-1.0.11-EL3.6.i386.rpmx86_64:wireshark-1.0.11-EL3.6.x86_64.rpmwireshark-gnome-1.0.11-EL3.6.x86_64.rpm