Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Scientific Linux: Moderate Advisory for Wireshark Security Issues

Scientific Large Esm H446
Moderate: wireshark security, bug fix, and
Date: Wed, 16 Jan 2013 16:10:20 -0600
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Organization: Fermilab
Subject: Security ERRATA Moderate: wireshark on SL5.x i386/x86_64
MIME-Version: 1.0

Synopsis: Moderate: wireshark security, bug fix, and
enhancement update
Issue Date: 2013-01-08
CVE Numbers: CVE-2011-1959
 CVE-2011-2175
 CVE-2011-1958
 CVE-2011-2698
 CVE-2011-4102
 CVE-2012-0041
 CVE-2012-0042
 CVE-2012-0066
 CVE-2012-0067
 CVE-2012-4285
 CVE-2012-4289
 CVE-2012-4291
 CVE-2012-4290
--

A heap-based buffer overflow flaw was found in the way Wireshark handled
Endace
ERF (Extensible Record Format) capture files. If Wireshark opened a
specially-
crafted ERF capture file, it could crash or, possibly, execute arbitrary
code
as the user running Wireshark. (CVE-2011-4102)

Several denial of service flaws were found in Wireshark. Wireshark could
crash
or stop responding if it read a malformed packet off a network, or opened a
malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175,
CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067,
CVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291)

This update also fixes the following bugs:

* When Wireshark starts with the X11 protocol being tunneled through an SSH
connection, it automatically prepares its capture filter to omit the SSH
packets. If the SSH connection was to a link-local IPv6 address including an
interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed this
address erroneously, constructed an incorrect capture filter and refused to
capture packets. The "Invalid capture filter" message was displayed.
With this
update, parsing of link-local IPv6 addresses is fixed and Wireshark
correctly
prepares a capture filter to omit SSH packets over a link-local IPv6
connection.

* Previously, Wireshark's column editing dialog malformed column names when
they were selected. With this update, the dialog is fixed and no longer
breaks
column names.

* Previously, TShark, the console packet analyzer, did not properly
analyze the
exit code of Dumpcap, Wireshark's packet capturing back end. As a result,
TShark returned exit code 0 when Dumpcap failed to parse its command-line
arguments. In this update, TShark correctly propagates the Dumpcap exit code
and returns a non-zero exit code when Dumpcap fails.

* Previously, the TShark "-s" (snapshot length) option worked only for a
value
greater than 68 bytes. If a lower value was specified, TShark captured
just 68
bytes of incoming packets. With this update, the "-s" option is fixed
and sizes
lower than 68 bytes work as expected.

This update also adds the following enhancement:

* In this update, support for the "NetDump" protocol was added.

All running instances of Wireshark must be restarted for the update to take
effect.
--

SL5
 x86_64
 wireshark-1.0.15-5.el5.x86_64.rpm
 wireshark-debuginfo-1.0.15-5.el5.x86_64.rpm
 wireshark-gnome-1.0.15-5.el5.x86_64.rpm
 i386
 wireshark-1.0.15-5.el5.i386.rpm
 wireshark-debuginfo-1.0.15-5.el5.i386.rpm
 wireshark-gnome-1.0.15-5.el5.i386.rpm

- Scientific Linux Development Team
Your message here