Fedora Account System
Red Hat Associate
Red Hat Customer
Wireshark failed to properly check record sizes for many packet capture file formats. It may be possible to make Wireshark crash by convincing someone to read a malformed packet trace file. This is corrected in upstream 1.4.11 and 1.6.5. This issue was found with the following file formats: 5Views: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6666 Patch: http://anonsvn.wireshark.org/viewvc?view=revision&revision=40165 i4b: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6667 Patch: http://anonsvn.wireshark.org/viewvc?view=revision&revision=40166 netmon: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6669 Patch: http://anonsvn.wireshark.org/viewvc?view=revision&revision=40168 Reference: http://www.wireshark.org/security/wnpa-sec-2012-01.html http://thread.gmane.org/gmane.comp.security.oss.general/6656/focus=6755
This issue affects the version of wireshark shipped with Fedora 15 and Fedora 16 and has been addressed in the following security advisories: https://admin.fedoraproject.org/updates/wireshark-1.4.11-1.fc15 https://admin.fedoraproject.org/updates/wireshark-1.6.5-1.fc16
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:0509 https://rhn.redhat.com/errata/RHSA-2012-0509.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:0125 https://rhn.redhat.com/errata/RHSA-2013-0125.html
Statement: (none)