Wireshark 1.0.2 fixes multiple vulnerabilities
Bug #245774 reported by
Till Ulen
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Wireshark |
Fix Released
|
Unknown
|
|||
wireshark (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: wireshark
Wireshark 1.0.1 fixes multiple security issues in the previous releases.
* The GSM SMS dissector could crash
* The PANA and KISMET dissectors could force Wireshark to quit unexpectedly
* The RTMPT dissector could crash
* The RMI dissector could disclose system memory
* The syslog dissector could crash
See the upstream advisory wnpa-sec-2008-03 at <http://
Please see the update in the comments.
Changed in wireshark: | |
status: | New → Confirmed |
Changed in wireshark: | |
status: | Unknown → Fix Released |
Changed in wireshark: | |
status: | Triaged → Fix Released |
To post a comment you must log in.
Here are the CVE numbers for the vulnerabilities fixed in Wireshark 1.0.1:
CVE-2008-3137 (GSM SMS dissector)
CVE-2008-3138 (PANA and KISMET dissectors)
CVE-2008-3139 (RTMPT dissector)
CVE-2008-3141 (RMI dissector)
CVE-2008-3140 (syslog dissector)
Wireshark 1.0.2 fixes another vulnerability: nvd.nist. gov/nvd. cfm?cvename= CVE-2008- 3145 www.wireshark. org/security/ wnpa-sec- 2008-04. html /bugs.wireshark .org/bugzilla/ show_bug. cgi?id= 2470
http://
http://
https:/