MDVSA-2011:083 -- Mandriva wiresharkID: oval:org.secpod.oval:def:301011 | Date: (C)2012-01-07 (M)2023-02-20 |
Class: PATCH | Family: unix |
This advisory updates wireshark to the latest version , fixing several security issues: The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service via a crafted .pcap file . Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file . The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service via a crafted .pcap file . The updated packages have been upgraded to the latest 1.2.x version which is not vulnerable to these issues.
Platform: |
Mandriva Linux 2010.0 |
Mandriva Linux 2010.1 |