Description: | Description:
The remote host is missing an update to wireshark announced via advisory FEDORA-2006-860.
Wireshark is a network traffic analyzer for Unix-ish operating systems.
This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package.
Update Information:
Versions affected: 0.8.16 up to and including 0.99.0 Details Description Wireshark 0.99.2 fixes the following vulnerabilities:
* The GSM BSSMAP dissector could crash. Versions affected: 0.10.11. CVE: CVE-2006-3627
Ilja van Sprundel discovered the following vulnerabilities:
* The ANSI MAP dissector was vulnerable to a format string overflow. Versions affected: 0.10.0. CVE: CVE-2006-3628 * The Checkpoint FW-1 dissector was vulnerable to a format string overflow. Versions affected: 0.10.10. CVE: CVE-2006-3628 * The MQ dissector was vulnerable to a format string overflow. Versions affected: 0.10.4. CVE: CVE-2006-3628 * The XML dissector was vulnerable to a format string overflow. Versions affected: 0.10.13. CVE: CVE-2006-3628 * The MOUNT dissector could attempt to allocate large amounts of memory. Versions affected: 0.9.4. CVE: CVE-2006-3629 * The NCP NMAS and NDPS dissectors were susceptible to off-by-one errors. Versions affected: 0.9.7. CVE: CVE-2006-3630 * The NTP dissector was vulnerable to a format string overflow. Versions affected: 0.10.13. CVE: CVE-2006-3628 * The SSH dissector was vulnerable to an infinite loop. Versions affected: 0.9.10. CVE: CVE-2006-3631 * The NFS dissector may have been susceptible to a buffer overflow. Versions affected: 0.8.16. CVE: CVE-2006-3632
Impact It may be possible to make Ethereal crash, use up available memory, or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 0.99.2. * Wed Jul 26 2006 Radek Vokal 0.99.2-fc5.2 - fix BuildRequires * Tue Jul 25 2006 Radek Vokal 0.99.2-fc5.1 - build for FC5 * Tue Jul 18 2006 Radek Vokál 0.99.2-1 - upgrade to 0.99.2 * Wed Jul 12 2006 Jesse Keating - 0.99.2-0.pre1.1 - rebuild * Tue Jul 11 2006 Radek Vokál 0.99.2-0.pre1 - upgrade to 0.99.2pre1, fixes (#198242) * Tue Jun 13 2006 Radek Vokal 0.99.1-0.pre1 - spec file changes * Fri Jun 9 2006 Radek Vokal 0.99.1pre1-1 - initial build for Fedora Core
Solution: Apply the appropriate updates.
This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2006-860
Risk factor : Critical
CVSS Score: 10.0
|