It was reported that Wireshark's WCCP dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. This is reported to affect Wireshark versions 1.12.0 to 1.12.2, and 1.10.0 to 1.10.11. It is fixed in versions 1.12.3 and 1.10.12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10720 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10806 External References: https://www.wireshark.org/security/wnpa-sec-2015-01.html
Created wireshark tracking bugs for this issue: Affects: fedora-all [bug 1180168]
Upstream Patch ============== CVE-2015-0559 https://code.wireshark.org/review/gitweb?p=wireshark.git;a=patch;h=6812cfb6d64c34293500782e8573ead43233d7b9 CVE-2015-0560 https://code.wireshark.org/review/gitweb?p=wireshark.git;a=patch;h=7f8e46c6f41194c55909e052664e6f40040fe6ff
Statement: This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5, 6, and 7.