Wireshark: Multiple vulnerabilities — GLSA 201110-02

Multiple vulnerabilities in Wireshark allow for the remote execution of arbitrary code, or a Denial of Service condition.

Affected packages

net-analyzer/wireshark on all architectures
Affected versions < 1.4.9
Unaffected versions >= 1.4.9

Background

Wireshark is a versatile network protocol analyzer.

Description

Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could send specially crafted packets on a network being monitored by Wireshark, entice a user to open a malformed packet trace file using Wireshark, or deploy a specially crafted Lua script for use by Wireshark, possibly resulting in the execution of arbitrary code, or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Wireshark users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.4.9"
 

References

Release date
October 09, 2011

Latest revision
October 09, 2011: 1

Severity
normal

Exploitable
local, remote

Bugzilla entries