oss-sec mailing list archives
Re: Wireshark 1.2.16 / 1.4.5
From: Josh Bressers <bressers () redhat com>
Date: Mon, 18 Apr 2011 16:23:30 -0400 (EDT)
----- Original Message -----
Hi, I noticed that new wireshark versions 1.2.16/1.4.5 were released on 14th/15th April 2011 and some of issues fixed appear to have security impact 1. Use of un-initialised variables: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5793 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5754 Patch: http://anonsvn.wireshark.org/viewvc?revision=36608&view=revision Versions affected: 1.2.0 to 1.2.15 and 1.4.0 to 1.4.4
Please use CVE-2011-1590
2. Buffer overflow in DECT dissector The advisory does not list the bug number or the relevant patch.
Please use CVE-2011-1591
3. Crash in NFS dissector https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5209 Versions affected: 1.4.0 to 1.4.4. This affects Windows only. http://www.wireshark.org/security/wnpa-sec-2011-05.html http://www.wireshark.org/security/wnpa-sec-2011-06.html
Please use CVE-2011-1592 Thanks. -- JB
Current thread:
- Wireshark 1.2.16 / 1.4.5 Huzaifa Sidhpurwala (Apr 18)
- Re: Wireshark 1.2.16 / 1.4.5 Josh Bressers (Apr 18)