Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[gentoo-announce] [ GLSA 201110-02 ] Wireshark: Multiple vulnerabilities

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Gentoo Linux Security Advisory GLSA 201110-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

http://security.gentoo.org/

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Severity: Normal

Title: Wireshark: Multiple vulnerabilities

Date: October 09, 2011

Bugs: #323859, #330479, #339401, #346191, #350551, #354197,

#357237, #363895, #369683, #373961, #381551, #383823, #386179

ID: 201110-02

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Synopsis

========

 

Multiple vulnerabilities in Wireshark allow for the remote execution of

arbitrary code, or a Denial of Service condition.

 

Background

==========

 

Wireshark is a versatile network protocol analyzer.

 

Affected packages

=================

 

-------------------------------------------------------------------

Package / Vulnerable / Unaffected

-------------------------------------------------------------------

1 net-analyzer/wireshark < 1.4.9 >= 1.4.9

 

Description

===========

 

Multiple vulnerabilities have been discovered in Wireshark. Please

review the CVE identifiers referenced below for details.

 

Impact

======

 

A remote attacker could send specially crafted packets on a network

being monitored by Wireshark, entice a user to open a malformed packet

trace file using Wireshark, or deploy a specially crafted Lua script

for use by Wireshark, possibly resulting in the execution of arbitrary

code, or a Denial of Service condition.

 

Workaround

==========

 

There is no known workaround at this time.

 

Resolution

==========

 

All Wireshark users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.4.9"

 

References

==========

 

[ 1 ] CVE-2010-2283

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2283

[ 2 ] CVE-2010-2284

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2284

[ 3 ] CVE-2010-2285

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2285

[ 4 ] CVE-2010-2286

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2286

[ 5 ] CVE-2010-2287

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2287

[ 6 ] CVE-2010-2992

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2992

[ 7 ] CVE-2010-2993

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2993

[ 8 ] CVE-2010-2994

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2994

[ 9 ] CVE-2010-2995

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2995

[ 10 ] CVE-2010-3133

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3133

[ 11 ] CVE-2010-3445

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3445

[ 12 ] CVE-2010-4300

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4300

[ 13 ] CVE-2010-4301

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4301

[ 14 ] CVE-2010-4538

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4538

[ 15 ] CVE-2011-0024

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0024

[ 16 ] CVE-2011-0444

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0444

[ 17 ] CVE-2011-0445

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0445

[ 18 ] CVE-2011-0538

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0538

[ 19 ] CVE-2011-0713

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0713

[ 20 ] CVE-2011-1138

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1138

[ 21 ] CVE-2011-1139

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1139

[ 22 ] CVE-2011-1140

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1140

[ 23 ] CVE-2011-1141

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1141

[ 24 ] CVE-2011-1142

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1142

[ 25 ] CVE-2011-1143

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1143

[ 26 ] CVE-2011-1590

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1590

[ 27 ] CVE-2011-1591

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1591

[ 28 ] CVE-2011-1592

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1592

[ 29 ] CVE-2011-1956

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1956

[ 30 ] CVE-2011-1957

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1957

[ 31 ] CVE-2011-1958

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1958

[ 32 ] CVE-2011-1959

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1959

[ 33 ] CVE-2011-2174

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2174

[ 34 ] CVE-2011-2175

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2175

[ 35 ] CVE-2011-2597

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2597

[ 36 ] CVE-2011-2698

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2698

[ 37 ] CVE-2011-3266

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3266

[ 38 ] CVE-2011-3360

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3360

[ 39 ] CVE-2011-3482

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3482

[ 40 ] CVE-2011-3483

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3483

 

Availability

============

 

This GLSA and any updates to it are available for viewing at

the Gentoo Security Website:

 

http://security.gentoo.org/glsa/glsa-201110-02.xml

 

Concerns?

=========

 

Security is a primary focus of Gentoo Linux and ensuring the

confidentiality and security of our users' machines is of utmost

importance to us. Any security concerns should be addressed to

security ( -at -) gentoo.org or alternatively, you may file a bug at

https://bugs.gentoo.org.

 

License

=======

 

Copyright 2011 Gentoo Foundation, Inc; referenced text

belongs to its owner(s).

 

The contents of this document are licensed under the

Creative Commons - Attribution / Share Alike license.

 

http://creativecommons.org/licenses/by-sa/2.5

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×