Synopsis: Moderate: wireshark security update
Issue Date: 2011-01-10
CVE Numbers: CVE-2010-4538
—
Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.
An array index error, leading to a stack-based buffer overflow, was found
in the Wireshark ENTTEC dissector. If Wireshark read a malformed packet off
a network or opened a malicious dump file, it could crash or, possibly,
execute arbitrary code as the user running Wireshark. (CVE-2010-4538)
Users of Wireshark should upgrade to these updated packages, which contain
a backported patch to correct this issue. All running instances of
Wireshark must be restarted for the update to take effect.
—
SL4
x86_64
wireshark-1.0.15-1.el4_8.3.x86_64.rpm
wireshark-gnome-1.0.15-1.el4_8.3.x86_64.rpm
i386
wireshark-1.0.15-1.el4_8.3.i386.rpm
wireshark-gnome-1.0.15-1.el4_8.3.i386.rpm
SL5
x86_64
wireshark-1.0.15-1.el5_5.3.x86_64.rpm
wireshark-gnome-1.0.15-1.el5_5.3.x86_64.rpm
i386
wireshark-1.0.15-1.el5_5.3.i386.rpm
wireshark-gnome-1.0.15-1.el5_5.3.i386.rpm
SL6
x86_64
wireshark-1.2.13-1.el6_0.2.i686.rpm
wireshark-1.2.13-1.el6_0.2.x86_64.rpm
wireshark-devel-1.2.13-1.el6_0.2.i686.rpm
wireshark-devel-1.2.13-1.el6_0.2.x86_64.rpm
wireshark-gnome-1.2.13-1.el6_0.2.x86_64.rpm
i386
wireshark-1.2.13-1.el6_0.2.i686.rpm
wireshark-devel-1.2.13-1.el6_0.2.i686.rpm
wireshark-gnome-1.2.13-1.el6_0.2.i686.rpm
– Scientific Linux Development Team
