------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-21 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2011-01-31
Severity: 3
Type: Remote
------------------------------------------------------------------------
Summary
=======
Multiple vulnerabilities have been fixed in wireshark.
Description
===========
CVE-2011-0444:
Buffer overflow in the MAC-LTE dissector
(epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and
1.4.0 through 1.4.2 allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a large number of RARs.
CVE-2011-0445:
The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote
attackers to cause a denial of service (assertion failure) via crafted
packets, as demonstrated by fuzz-2010-12-30-28473.pcap.
CVE-2010-4538:
There's a buffer overflow in ENTTEC DMX Data RLE, leading to crashes and
potential code execution.
Affected packages:
Pardus 2009:
wireshark, all before 1.4.3-39-16
Resolution
==========
There are update(s) for wireshark. You can update them via Package
Manager or with a single command from console:
pisi up wireshark
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=16221
* http://bugs.pardus.org.tr/show_bug.cgi?id=16000
* https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5539
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0444
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0445
------------------------------------------------------------------------
_______________________________________________
Pardus-Security mailing list
Pardus-Security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security
