Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 1 Jun 2011 16:23:23 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple
 DoS issues

----- Original Message -----
> I didn't see any CVE's in the Wireshark Bug tracking/advisory nor could I
> find these in the Red Hat Bugzilla (but I'm guessing as a CNA they have
> CVE #'s assigned?)
> 
> Wireshark 1.2.17 fixes the following vulnerabilities:
> 
> Large/infinite loop in the DICOM dissector. (Bug 5876)
> Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
CVE-2011-1957

> 
> Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered
> that a corrupted Diameter dictionary file could crash Wireshark.
> Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
CVE-2011-1958

> 
> Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered
> that a corrupted snoop file could crash Wireshark. (Bug 5912)
> Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
CVE-2011-1959

> 
> David Maciejak of Fortinet's FortiGuard Labs discovered that malformed
> compressed capture data could crash Wireshark. (Bug 5908)
> Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
CVE-2011-2174

> 
> Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered
> that a corrupted Visual Networks file could crash Wireshark. (Bug
> 5934)
> Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
CVE-2011-2175

> 
> 
> http://www.wireshark.org/security/wnpa-sec-2011-07.html
> http://www.wireshark.org/security/wnpa-sec-2011-08.html
> 

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.