X.509 vulnerability in Wireshark version 1.2.0 to 1.2.15
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
wireshark (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: wireshark
http://
wnpa-sec-2011-05 ``It may be possible to make Wireshark crash by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.''
I really despise playing down vulnerabilities like this to "merely a DOS". The possibility that someone could subvert this to execute arbitrary code can't just be hand-waved away.
Wireshark 1.2.16 fixes this vulnerability.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: wireshark 1.2.7-1
ProcVersionSign
Uname: Linux 2.6.32-30-generic x86_64
Architecture: amd64
Date: Wed Apr 20 11:03:15 2011
InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: wireshark
Changed in wireshark (Ubuntu): | |
status: | Confirmed → Fix Released |
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https:/ /wiki.ubuntu. com/SecurityTea m/UpdateProcedu res