Date: Mon, 18 Apr 2011 16:23:30 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: Wireshark 1.2.16 / 1.4.5 ----- Original Message ----- > Hi, > > I noticed that new wireshark versions 1.2.16/1.4.5 were released on > 14th/15th April 2011 and some of issues fixed appear to have security > impact > > 1. Use of un-initialised variables: > https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5793 > https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5754 > Patch: > http://anonsvn.wireshark.org/viewvc?revision=36608&view=revision > Versions affected: 1.2.0 to 1.2.15 and 1.4.0 to 1.4.4 Please use CVE-2011-1590 > > 2. Buffer overflow in DECT dissector > The advisory does not list the bug number or the relevant patch. Please use CVE-2011-1591 > > 3. Crash in NFS dissector > https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5209 > Versions affected: 1.4.0 to 1.4.4. > This affects Windows only. > > http://www.wireshark.org/security/wnpa-sec-2011-05.html > http://www.wireshark.org/security/wnpa-sec-2011-06.html > Please use CVE-2011-1592 Thanks. -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ