oss-sec mailing list archives

Wireshark 1.2.16 / 1.4.5

From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Mon, 18 Apr 2011 15:56:01 +0530

Hi,

I noticed that new wireshark versions 1.2.16/1.4.5 were released on
14th/15th April 2011 and some of issues fixed appear to have security impact

1. Use of un-initialised variables:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5793
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5754
Patch: http://anonsvn.wireshark.org/viewvc?revision=36608&view=revision
Versions affected: 1.2.0 to 1.2.15 and 1.4.0 to 1.4.4

2. Buffer overflow in DECT dissector
The advisory does not list the bug number or the relevant patch.

3. Crash in NFS dissector
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5209
Versions affected: 1.4.0 to 1.4.4.
This affects Windows only.

http://www.wireshark.org/security/wnpa-sec-2011-05.html
http://www.wireshark.org/security/wnpa-sec-2011-06.html


-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team

Current thread:

Wireshark 1.2.16 / 1.4.5 Huzaifa Sidhpurwala (Apr 18)
- Re: Wireshark 1.2.16 / 1.4.5 Josh Bressers (Apr 18)