Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2287 to the following vulnerability: Name: CVE-2010-2287 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2287 Assigned: 20100614 Reference: MLIST:[oss-security] 20100610 CVE request for new wireshark vulnerabilities Reference: URL: http://www.openwall.com/lists/oss-security/2010/06/11/1 Reference: CONFIRM: http://www.wireshark.org/security/wnpa-sec-2010-05.html Reference: CONFIRM: http://www.wireshark.org/security/wnpa-sec-2010-06.html Reference: MANDRIVA:MDVSA-2010:113 Reference: URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:113 Reference: SECUNIA:40112 Reference: URL: http://secunia.com/advisories/40112 Reference: VUPEN:ADV-2010-1418 Reference: URL: http://www.vupen.com/english/advisories/2010/1418 Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors. Upstream commits: trunk: http://anonsvn.wireshark.org/viewvc?view=rev&revision=33087 trunk: http://anonsvn.wireshark.org/viewvc?view=rev&revision=33090 trunk-1.2: http://anonsvn.wireshark.org/viewvc?view=rev&revision=33134 trunk-1.0: http://anonsvn.wireshark.org/viewvc?view=rev&revision=33149
Created wireshark tracking bugs for this issue Affects: fedora-all [bug 549580]
Upstream bug report: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4837
Additional SigComp UDVM buffer overruns were discovered, so they were not all addressed in upstream 1.0.14. These have been corrected in 1.0.15 and upstream incorrectly noted them with the same CVE name. An additional CVE name has been assigned for these additional SigComp buffer overruns (CVE-2010-2995), corrected in: http://www.wireshark.org/security/wnpa-sec-2010-07.html
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2010:0625 https://rhn.redhat.com/errata/RHSA-2010-0625.html