An integer overflow flaw leading to denial of service (application crash) was found in the way wireshark parsed files in the IPTrace capture format. It may be possible to make Wireshark crash by convincing someone to read a malformed IPTrace packet capture file. This is corrected in upstream 1.4.11 and 1.6.5. Reference: http://www.wireshark.org/security/wnpa-sec-2012-01.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668 Patch: http://anonsvn.wireshark.org/viewvc?view=revision&revision=40167
This issue affects the version of wireshark shipped with Fedora 15 and Fedora 16 and has been addressed in the following security advisories: https://admin.fedoraproject.org/updates/wireshark-1.4.11-1.fc15 https://admin.fedoraproject.org/updates/wireshark-1.6.5-1.fc16
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:0509 https://rhn.redhat.com/errata/RHSA-2012-0509.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:0125 https://rhn.redhat.com/errata/RHSA-2013-0125.html
Statement: (none)