Overview Repositories Revisions Requests Users Attributes Meta
wireshark 1.6.2 security update fixing multiple issues

This update of wireshark fixes the following
vulnerabilities:

- CVE-2011-3266: Wireshark IKE dissector vulnerability
- CVE-2011-3360: Wireshark Lua script execution
vulnerability
- CVE-2011-3483: Wireshark buffer exception handling
vulnerability
- CVE-2011-2597: Lucent/Ascend file parser susceptible to
infinite loop
- CVE-2011-2698: ANSI MAP dissector susceptible to infinite
loop
- CVE-2011-1957: Large/infinite loop in the DICOM dissector
- CVE-2011-1959: A corrupted snoop file could crash
Wireshark
- CVE-2011-2174: Malformed compressed capture data could
crash Wireshark
- CVE-2011-2175: A corrupted Visual Networks file could
crash Wireshark
- CVE-2011-1958: dereferene a NULL pointer if we had a
corrupted Diameter dictionary

Fixed bugs
bnc#718032
VUL-0: wireshark 1.6.2 security update
bnc#697516
VUL-1: wireshark: version 1.2.17 fixes multiple vulnerabilities
bnc#706728
VUL-1: wireshark: new updates fix two DoS issues
CVE#CVE-2011-3266
The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE
CVE#CVE-2011-3360
Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory.
CVE#CVE-2011-3483
Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception handling vulnerability."
CVE#CVE-2011-2597
The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets.
CVE#CVE-2011-2698
Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packe
CVE#CVE-2011-1957
The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (infinite loop) via an invalid PDU length.
CVE#CVE-2011-1959
The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large length va
CVE#CVE-2011-2174
Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a packet with malformed data that uses zlib comp
CVE#CVE-2011-2175
Integer underflow in the visual_read function in wiretap/visual.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a malformed Visual Networks file that triggers a heap-ba
CVE#CVE-2011-1958
Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file.
Selected Binaries
openSUSE Build Service is sponsored by
Places