Wireshark 0.99.4 will be fixing several security issues: CVE-2006-5468 > * NULL point dereference > The HTTP dissector could dereference a null pointer. > Fixed in r19022, r19153 > Bug IDs: 1050, 1079 > Versions affected: 0.99.3. CVE-2006-5469 > The WBXML dissector could crash. > Fixed in r19560 > Bug IDs: 1134 > Versions affected: 0.10.11 to 0.99.3. CVE-2006-5470 > * OOB memory read > The LDAP dissector (and possibly others) could crash. > Fixed in r19154 > Bug IDs: 1079 > Versions affected: 0.99.3. CVE-2006-4805 > * Basic DoS (it crashes, that's it) > The XOT dissector could attempt to allocate a large amount of > memory and crash. > Fixed in r19365 > Bug IDs: 1133 > Versions affected: 0.9.8 to 0.99.3. CVE-2006-4574 > * Single byte \0 overflow written onto the heap > The MIME Multipart dissector was susceptible to an off-by-one error. > Fixed in r19566 > Bug IDs: 1135 > Versions affected: 0.10.1 to 0.99.3.
These issues also affect RHEL2.1 and RHEL3
release is planned for Monday Oct 30.
Due to a type, CVE-2006-5470 is now CVE-2006-5740.
Lifting embargo
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2006-0726.html