Upstream wireshark versions 1.0.13 and 1.2.8 fix a flaw in the DOCSIS dissector. This dissector used incorrect format string specified when printing certain values (%s was used to print numeric values, causing numeric value to be used as pointer), which could cause wireshark to crash or create garbaged output. Upstream advisories: 1.0.13 http://www.wireshark.org/security/wnpa-sec-2010-03.html 1.2.8 http://www.wireshark.org/security/wnpa-sec-2010-04.html Upstream bug reports: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4644 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4646 Upstream commits: http://anonsvn.wireshark.org/viewvc?view=rev&revision=32396 http://anonsvn.wireshark.org/viewvc?view=rev&revision=32398 http://anonsvn.wireshark.org/viewvc?view=rev&revision=32400
As the impact of this flaw is limited to application crash, this rated as having low security impact and the issue may get addressed in future wireshark updates in Red Hat Enterprise Linux 3, 4 and 5.
Statement: The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2010:0625 https://rhn.redhat.com/errata/RHSA-2010-0625.html