Wireshark recently made an announcement on their website about new version launched, which also included some security fixes: Wireshark 1.10.4: http://www.wireshark.org/lists/wireshark-announce/201312/msg00000.html Quoted from their website for CVE-2013-7113: "wnpa-sec-2013-67 The BSSGP dissector could crash. Discovered by Laurent Butti. (Bug 9488: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9488) Versions affected: 1.10.0 to 1.10.3 CVE-2013-7113." References: https://bugs.gentoo.org/show_bug.cgi?id=494612
Created wireshark tracking bugs for this issue: Affects: fedora-all [bug 1044512]
Fix was backported to 1.10.3 already.
(In reply to Peter Lemenkov from comment #2) > Fix was backported to 1.10.3 That's fantastic news but doesn't mean you can close the bug. Please leave it open. This affects more than Fedora (if Fedora is fixed, feel free to note that in the _Fedora_ bug, not this one). Thanks.
External References: http://www.wireshark.org/security/wnpa-sec-2013-67.html
This only affects wireshark 1.10.x, so Red Hat Enterprise Linux 6 is not affected.
Statement: Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5 and 6.
Upstream patch: http://anonsvn.wireshark.org/viewvc?view=revision&revision=53803