- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Wireshark: Multiple vulnerabilities Date: October 09, 2011 Bugs: #323859, #330479, #339401, #346191, #350551, #354197, #357237, #363895, #369683, #373961, #381551, #383823, #386179 ID: 201110-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in Wireshark allow for the remote execution of arbitrary code, or a Denial of Service condition. Background ========== Wireshark is a versatile network protocol analyzer. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/wireshark < 1.4.9 >= 1.4.9 Description =========== Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could send specially crafted packets on a network being monitored by Wireshark, entice a user to open a malformed packet trace file using Wireshark, or deploy a specially crafted Lua script for use by Wireshark, possibly resulting in the execution of arbitrary code, or a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Wireshark users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.4.9" References ========== [ 1 ] CVE-2010-2283 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2283 [ 2 ] CVE-2010-2284 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2284 [ 3 ] CVE-2010-2285 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2285 [ 4 ] CVE-2010-2286 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2286 [ 5 ] CVE-2010-2287 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2287 [ 6 ] CVE-2010-2992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2992 [ 7 ] CVE-2010-2993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2993 [ 8 ] CVE-2010-2994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2994 [ 9 ] CVE-2010-2995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2995 [ 10 ] CVE-2010-3133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3133 [ 11 ] CVE-2010-3445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3445 [ 12 ] CVE-2010-4300 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4300 [ 13 ] CVE-2010-4301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4301 [ 14 ] CVE-2010-4538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4538 [ 15 ] CVE-2011-0024 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0024 [ 16 ] CVE-2011-0444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0444 [ 17 ] CVE-2011-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0445 [ 18 ] CVE-2011-0538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0538 [ 19 ] CVE-2011-0713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0713 [ 20 ] CVE-2011-1138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1138 [ 21 ] CVE-2011-1139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1139 [ 22 ] CVE-2011-1140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1140 [ 23 ] CVE-2011-1141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1141 [ 24 ] CVE-2011-1142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1142 [ 25 ] CVE-2011-1143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1143 [ 26 ] CVE-2011-1590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1590 [ 27 ] CVE-2011-1591 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1591 [ 28 ] CVE-2011-1592 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1592 [ 29 ] CVE-2011-1956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1956 [ 30 ] CVE-2011-1957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1957 [ 31 ] CVE-2011-1958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1958 [ 32 ] CVE-2011-1959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1959 [ 33 ] CVE-2011-2174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2174 [ 34 ] CVE-2011-2175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2175 [ 35 ] CVE-2011-2597 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2597 [ 36 ] CVE-2011-2698 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2698 [ 37 ] CVE-2011-3266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3266 [ 38 ] CVE-2011-3360 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3360 [ 39 ] CVE-2011-3482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3482 [ 40 ] CVE-2011-3483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3483 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@xxxxxxxxxx or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/