Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Pat Riehecky <riehecky-13hema8v3vg <at> public.gmane.org>
Subject: Security ERRATA Moderate: wireshark on SL5.x i386/x86_64
Newsgroups: gmane.linux.scientific.errata
Date: Wednesday 16th January 2013 22:10:20 UTC (over 3 years ago)
Synopsis:          Moderate: wireshark security, bug fix, and 
enhancement update
Issue Date:        2013-01-08
CVE Numbers:       CVE-2011-1959
                    CVE-2011-2175
                    CVE-2011-1958
                    CVE-2011-2698
                    CVE-2011-4102
                    CVE-2012-0041
                    CVE-2012-0042
                    CVE-2012-0066
                    CVE-2012-0067
                    CVE-2012-4285
                    CVE-2012-4289
                    CVE-2012-4291
                    CVE-2012-4290
--

A heap-based buffer overflow flaw was found in the way Wireshark handled 
Endace
ERF (Extensible Record Format) capture files. If Wireshark opened a 
specially-
crafted ERF capture file, it could crash or, possibly, execute arbitrary 
code
as the user running Wireshark. (CVE-2011-4102)

Several denial of service flaws were found in Wireshark. Wireshark could 
crash
or stop responding if it read a malformed packet off a network, or opened a
malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175,
CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067,
CVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291)

This update also fixes the following bugs:

* When Wireshark starts with the X11 protocol being tunneled through an SSH
connection, it automatically prepares its capture filter to omit the SSH
packets. If the SSH connection was to a link-local IPv6 address including
an
interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed this
address erroneously, constructed an incorrect capture filter and refused to
capture packets. The "Invalid capture filter" message was displayed. 
With this
update, parsing of link-local IPv6 addresses is fixed and Wireshark 
correctly
prepares a capture filter to omit SSH packets over a link-local IPv6
connection.

* Previously, Wireshark's column editing dialog malformed column names when
they were selected. With this update, the dialog is fixed and no longer 
breaks
column names.

* Previously, TShark, the console packet analyzer, did not properly 
analyze the
exit code of Dumpcap, Wireshark's packet capturing back end. As a result,
TShark returned exit code 0 when Dumpcap failed to parse its command-line
arguments. In this update, TShark correctly propagates the Dumpcap exit
code
and returns a non-zero exit code when Dumpcap fails.

* Previously, the TShark "-s" (snapshot length) option worked only for a 
value
greater than 68 bytes. If a lower value was specified, TShark captured 
just 68
bytes of incoming packets. With this update, the "-s" option is fixed 
and sizes
lower than 68 bytes work as expected.

This update also adds the following enhancement:

* In this update, support for the "NetDump" protocol was added.

All running instances of Wireshark must be restarted for the update to take
effect.
--

SL5
   x86_64
     wireshark-1.0.15-5.el5.x86_64.rpm
     wireshark-debuginfo-1.0.15-5.el5.x86_64.rpm
     wireshark-gnome-1.0.15-5.el5.x86_64.rpm
   i386
     wireshark-1.0.15-5.el5.i386.rpm
     wireshark-debuginfo-1.0.15-5.el5.i386.rpm
     wireshark-gnome-1.0.15-5.el5.i386.rpm

- Scientific Linux Development Team
 
CD: 3ms