Wireshark: Multiple vulnerabilities — GLSA 201006-05

Multiple vulnerabilities were found in Wireshark.

Affected packages

Package	net-analyzer/wireshark on all architectures
Affected versions	< 1.2.8-r1
Unaffected versions	>= 1.2.8-r1

Background

Wireshark is a versatile network protocol analyzer.

Description

Multiple vulnerabilities were found in the Daintree SNA file parser, the SMB, SMB2, IPMI, and DOCSIS dissectors. For further information please consult the CVE entries referenced below.

Impact

A remote attacker could cause a Denial of Service and possibly execute arbitrary code via crafted packets or malformed packet trace files.

Workaround

There is no known workaround at this time.

Resolution

All Wireshark users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.2.8-r1"

References

CVE-2009-4376
CVE-2009-4377
CVE-2009-4378
CVE-2010-1455

Release date
June 01, 2010

Latest revision
June 01, 2010: 01

Severity
normal

Exploitable
remote

Bugzilla entries

297388
318935