Subject: [DSA 2395-1] wireshark security update
Newsgroups: gmane.linux.debian.user.security.announce
Date: 2012-01-27 18:10:35 GMT (15 weeks, 4 days, 21 hours and 29 minutes ago)
------------------------------------------------------------------------- Debian Security Advisory DSA-2395-1 security <at> debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 27, 2012 http://www.debian.org/security/faq ------------------------------------------------------------------------- Package : wireshark Vulnerability : buffer underflow Problem type : remote Debian-specific: no CVE ID : CVE-2011-3483 CVE-2012-0041 CVE-2012-0042 CVE-2012-0066 CVE-2012-0067 CVE-2012-0068 Laurent Butti discovered a buffer underflow in the LANalyzer dissector of the Wireshark network traffic analyzer, which could lead to the execution of arbitrary code (CVE-2012-0068) This update also addresses several bugs, which can lead to crashes of Wireshark. These are not treated as security issues, but are fixed nonetheless if security updates are scheduled: CVE-2011-3483, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066 and CVE-2012-0067. For the stable distribution (squeeze), this problem has been fixed in version 1.2.11-6+squeeze6. For the unstable distribution (sid), this problem has been fixed in version 1.6.5-1. We recommend that you upgrade your wireshark packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce <at> lists.debian.org