MDVSA-2011:044 -- Mandriva wiresharkID: oval:org.secpod.oval:def:300424 | Date: (C)2012-01-07 (M)2023-12-26 |
Class: PATCH | Family: unix |
This advisory updates wireshark to the latest version , fixing several security issues: Wireshark 1.5.0, 1.4.3, and earlier frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a malformed file . Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file . wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service via a pcap-ng file that contains a large packet-length field . Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service via a crafted SMB or Connection-less LDAP packet . epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service via a long LDAP filter string or an LDAP filter string containing many elements . Stack consumption vulnerability in the dissect_ber_choice function in the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4 might allow remote attackers to cause a denial of service via vectors involving self-referential ASN.1 CHOICE values . The updated packages have been upgraded to the latest 1.2.x version and patched to correct these issues.
Platform: |
Mandriva Linux 2010.0 |
Mandriva Linux 2010.1 |