Wireshark: Multiple vulnerabilities
Multiple vulnerabilities in Wireshark allow for the remote
execution of arbitrary code, or a Denial of Service condition.
wireshark
October 09, 2011
October 09, 2011: 1
323859
330479
339401
346191
350551
354197
357237
363895
369683
373961
381551
383823
386179
local, remote
1.4.9
1.4.9
Wireshark is a versatile network protocol analyzer.
Multiple vulnerabilities have been discovered in Wireshark. Please
review the CVE identifiers referenced below for details.
A remote attacker could send specially crafted packets on a network
being monitored by Wireshark, entice a user to open a malformed packet
trace file using Wireshark, or deploy a specially crafted Lua script for
use by Wireshark, possibly resulting in the execution of arbitrary code,
or a Denial of Service condition.
There is no known workaround at this time.
All Wireshark users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.4.9"
CVE-2010-2283
CVE-2010-2284
CVE-2010-2285
CVE-2010-2286
CVE-2010-2287
CVE-2010-2992
CVE-2010-2993
CVE-2010-2994
CVE-2010-2995
CVE-2010-3133
CVE-2010-3445
CVE-2010-4300
CVE-2010-4301
CVE-2010-4538
CVE-2011-0024
CVE-2011-0444
CVE-2011-0445
CVE-2011-0538
CVE-2011-0713
CVE-2011-1138
CVE-2011-1139
CVE-2011-1140
CVE-2011-1141
CVE-2011-1142
CVE-2011-1143
CVE-2011-1590
CVE-2011-1591
CVE-2011-1592
CVE-2011-1956
CVE-2011-1957
CVE-2011-1958
CVE-2011-1959
CVE-2011-2174
CVE-2011-2175
CVE-2011-2597
CVE-2011-2698
CVE-2011-3266
CVE-2011-3360
CVE-2011-3482
CVE-2011-3483
underling
a3li