Fedora alert FEDORA-2009-7998 (wireshark)
| From: | updates@fedoraproject.org | |
| To: | fedora-package-announce@redhat.com | |
| Subject: | [SECURITY] Fedora 10 Update: wireshark-1.2.1-1.fc10 | |
| Date: | Fri, 04 Dec 2009 23:39:12 +0000 | |
| Message-ID: | <20091204233912.B44FA10F84E@bastion2.fedora.phx.redhat.com> | |
| Archive‑link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-7998 2009-07-24 18:57:26 -------------------------------------------------------------------------------- Name : wireshark Product : Fedora 10 Version : 1.2.1 Release : 1.fc10 URL : http://www.wireshark.org/ Summary : Network traffic analyzer Description : Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package. -------------------------------------------------------------------------------- Update Information: Rebased to 1.2.x, fixing several security flaws, see the security advisory for details: http://www.wireshark.org/security/wnpa-sec-2009-04.html -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 22 2009 Radek Vokal <rvokal@redhat.com> 1.2.1-1 - upgrade to 1.2.1 - fixes several security flaws - http://www.wireshark.org/docs/relnotes/wireshark-1.2.1.html * Fri May 22 2009 Radek Vokal <rvokal@redhat.com> 1.0.8-1 - upgrade to 1.0.8 - several security vulnerabilities have been fixed - CVE-2009-1210 CVE-2009-1268 CVE-2009-1269 * Fri Apr 10 2009 Radek Vokal <rvokal@redhat.com> 1.0.7-1 - upgrade to 1.0.7 - Several security vulnerabilities have been fixed (Profinet, CPHAP and LDAP dissectors could crash) * Tue Feb 17 2009 Radek Vokal <rvokal@redhat.com> 1.0.6-1 - add netdump2 support - fix SELinux issues, remove pie patch - upgrade to 1.0.6 * Sun Feb 15 2009 Steve Dickson <steved@redhat.com> - 1.0.5-2 - NFSv4.1: Add support for backchannel decoding * Mon Dec 15 2008 Radek Vokal <rvokal@redhat.com> 1.0.5-1 - upgrade to 1.0.5 * Thu Nov 13 2008 Radek Vokál <rvokal@redhat.com> 1.0.4-1 - upgrade to 1.0.4 - varios minor security flaws were fixed -------------------------------------------------------------------------------- References: [ 1 ] Bug #512953 - CVE-2009-2559 Wireshark-1.2.0: DoS (crash) due array index error in IPMI dissector https://bugzilla.redhat.com/show_bug.cgi?id=512953 [ 2 ] Bug #513008 - CVE-2009-2560 Wireshark: Null-ptr dereference in the RADIUS dissector https://bugzilla.redhat.com/show_bug.cgi?id=513008 [ 3 ] Bug #513033 - CVE-2009-2561 Wireshark: Dos (excessive CPU and memory use) via large amount of tree items in the sFlow dissector https://bugzilla.redhat.com/show_bug.cgi?id=513033 [ 4 ] Bug #512987 - CVE-2009-2562 Wireshark: Integer overflow in the AFS dissector https://bugzilla.redhat.com/show_bug.cgi?id=512987 [ 5 ] Bug #512992 - CVE-2009-2563 Wireshark: Null-ptr dereference in the InfiniBand dissector https://bugzilla.redhat.com/show_bug.cgi?id=512992 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update wireshark' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-ann...