wireshark: security update to 1.4.11
This update fixes the following security issues:
- 741187: multiple file parser vulnerabilities
(CVE-2012-0041)
- 741188: RLC dissector buffer overflow (CVE-2012-0043)
- 741190: NULL pointer vulnerabilities (CVE-2012-0042)
- CVE-2012-0066: DoS due to too large buffer alloc request
- CVE-2012-0067: DoS due to integer underflow and too large
buffer alloc. request
- CVE-2012-0068: memory corruption due to buffer underflow
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 5742
Fixed bugs
bnc#741187
VUL-1: CVE-2012-0041: wireshark: multiple file parser vulnerabilities
bnc#741188
VUL-0: CVE-2012-0043: wireshark: RLC dissector buffer overflow
bnc#741190
VUL-1: CVE-2012-0042: wireshark: NULL pointer vulnerabilities
CVE#CVE-2012-0041
The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file.
CVE#CVE-2012-0043
Buffer overflow in the reassemble_message function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) or possibly execute ar
CVE#CVE-2012-0042
Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to
CVE#CVE-2012-0066
Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file.
CVE#CVE-2012-0067
wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file.
CVE#CVE-2012-0068
The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell catpure file containing a record that is too small.
