Wireshark failed to properly check record sizes for many packet capture file formats. It may be possible to make Wireshark crash by convincing someone to read a malformed packet trace file. This is corrected in upstream 1.4.11 and 1.6.5. This issue was found with the following file formats: 5Views: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6666 Patch: http://anonsvn.wireshark.org/viewvc?view=revision&revision=40165 i4b: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6667 Patch: http://anonsvn.wireshark.org/viewvc?view=revision&revision=40166 netmon: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6669 Patch: http://anonsvn.wireshark.org/viewvc?view=revision&revision=40168 Reference: http://www.wireshark.org/security/wnpa-sec-2012-01.html http://thread.gmane.org/gmane.comp.security.oss.general/6656/focus=6755
This issue affects the version of wireshark shipped with Fedora 15 and Fedora 16 and has been addressed in the following security advisories: https://admin.fedoraproject.org/updates/wireshark-1.4.11-1.fc15 https://admin.fedoraproject.org/updates/wireshark-1.6.5-1.fc16
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:0509 https://rhn.redhat.com/errata/RHSA-2012-0509.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:0125 https://rhn.redhat.com/errata/RHSA-2013-0125.html
Statement: (none)