Wireshark 1.0.2 fixes multiple vulnerabilities
Bug #245774 reported by
Till Ulen
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Wireshark |
Fix Released
|
Unknown
|
|||
| wireshark (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
Binary package hint: wireshark
Wireshark 1.0.1 fixes multiple security issues in the previous releases.
* The GSM SMS dissector could crash
* The PANA and KISMET dissectors could force Wireshark to quit unexpectedly
* The RTMPT dissector could crash
* The RMI dissector could disclose system memory
* The syslog dissector could crash
See the upstream advisory wnpa-sec-2008-03 at <http://
Please see the update in the comments.
| Changed in wireshark: | |
| status: | New → Confirmed |
| Changed in wireshark: | |
| status: | Unknown → Fix Released |
Revision history for this message
| nine (niin-deactivatedaccount-deactivatedaccount) wrote | #2 |
| Changed in wireshark: | |
| importance: | Undecided → Medium |
| status: | Confirmed → Triaged |
| Changed in wireshark: | |
| status: | Triaged → Fix Released |
To post a comment you must log in.
Here are the CVE numbers for the vulnerabilities fixed in Wireshark 1.0.1:
CVE-2008-3137 (GSM SMS dissector)
CVE-2008-3138 (PANA and KISMET dissectors)
CVE-2008-3139 (RTMPT dissector)
CVE-2008-3141 (RMI dissector)
CVE-2008-3140 (syslog dissector)
Wireshark 1.0.2 fixes another vulnerability:
http://
http://
https:/