Scientific Linux 6.x: CVE-2010-3445 Moderate: Wireshark Security Update

Date: Thu, 3 Mar 2011 16:28:58 -0600
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Moderate: wireshark on SL6.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Moderate: wireshark security update
Issue date:	2010-11-30
CVE Names:	CVE-2010-3445 CVE-2010-4300

A heap-based buffer overflow flaw was found in the Wireshark Local
Download Sharing Service (LDSS) dissector. If Wireshark read a malformed
packet off a network or opened a malicious dump file, it could crash or,
possibly, execute arbitrary code as the user running Wireshark.
(CVE-2010-4300)

A denial of service flaw was found in Wireshark. Wireshark could crash
or stop responding if it read a malformed packet off a network, or
opened a malicious dump file. (CVE-2010-3445)

All running instances of Wireshark must be restarted for the update to
take effect.

SL 6.x

 SRPMS:
wireshark-1.2.13-1.el6_0.1.src.rpm
 i386:
wireshark-1.2.13-1.el6_0.1.i686.rpm
wireshark-devel-1.2.13-1.el6_0.1.i686.rpm
wireshark-gnome-1.2.13-1.el6_0.1.i686.rpm
 x86_64:
wireshark-1.2.13-1.el6_0.1.i686.rpm
wireshark-1.2.13-1.el6_0.1.x86_64.rpm
wireshark-devel-1.2.13-1.el6_0.1.i686.rpm
wireshark-devel-1.2.13-1.el6_0.1.x86_64.rpm
wireshark-gnome-1.2.13-1.el6_0.1.x86_64.rpm

-Connie Sieh
-Troy Dawson