Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 18 Apr 2011 16:23:30 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: Wireshark 1.2.16 / 1.4.5

----- Original Message -----
> Hi,
> 
> I noticed that new wireshark versions 1.2.16/1.4.5 were released on
> 14th/15th April 2011 and some of issues fixed appear to have security
> impact
> 
> 1. Use of un-initialised variables:
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5793
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5754
> Patch:
> http://anonsvn.wireshark.org/viewvc?revision=36608&view=revision
> Versions affected: 1.2.0 to 1.2.15 and 1.4.0 to 1.4.4

Please use CVE-2011-1590

> 
> 2. Buffer overflow in DECT dissector
> The advisory does not list the bug number or the relevant patch.

Please use CVE-2011-1591

> 
> 3. Crash in NFS dissector
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5209
> Versions affected: 1.4.0 to 1.4.4.
> This affects Windows only.
> 
> http://www.wireshark.org/security/wnpa-sec-2011-05.html
> http://www.wireshark.org/security/wnpa-sec-2011-06.html
> 

Please use CVE-2011-1592

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ