| |||||||||||||||||||
Pardus alert 2011-77 (wireshark)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-77 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-05-26 Severity: 4 Type: Remote ------------------------------------------------------------------------ Summary ======= Multible vulnerabilities have been fixed in wireshark, which allow attackers to cause a denial of service or to execute arbitrary code. Description =========== CVE-2011-1590: The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. CVE-2011-1591: Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file. Affected packages: Pardus 2009: wireshark, all before 1.4.4-43-20 Pardus 2011: wireshark, all before 1.4.6-44-p11 Resolution ========== There are update(s) for wireshark. You can update them via Package Manager or with a single command from console: Pardus 2009: pisi up wireshark Pardus 2011: pisi up wireshark References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=17829 ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||