Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2009:0313
HistoryMar 04, 2009 - 11:33 p.m.

wireshark security update

2009-03-0423:33:43
CentOS Project
lists.centos.org
49

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.015 Low

EPSS

Percentile

86.6%

JSON

CentOS Errata and Security Advisory CESA-2009:0313

Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.

Multiple buffer overflow flaws were found in Wireshark. If Wireshark read
a malformed packet off a network or opened a malformed dump file, it could
crash or, possibly, execute arbitrary code as the user running Wireshark.
(CVE-2008-4683, CVE-2009-0599)

Several denial of service flaws were found in Wireshark. Wireshark could
crash or stop responding if it read a malformed packet off a network, or
opened a malformed dump file. (CVE-2008-4680, CVE-2008-4681, CVE-2008-4682,
CVE-2008-4684, CVE-2008-4685, CVE-2008-5285, CVE-2009-0600)

Users of wireshark should upgrade to these updated packages, which contain
Wireshark version 1.0.6, and resolve these issues. All running instances of
Wireshark must be restarted for the update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-April/077962.html
https://lists.centos.org/pipermail/centos-announce/2009-April/077963.html
https://lists.centos.org/pipermail/centos-announce/2009-March/077813.html
https://lists.centos.org/pipermail/centos-announce/2009-March/077814.html
https://lists.centos.org/pipermail/centos-announce/2009-March/077818.html
https://lists.centos.org/pipermail/centos-announce/2009-March/077821.html
https://lists.centos.org/pipermail/centos-announce/2009-March/077823.html
https://lists.centos.org/pipermail/centos-announce/2009-March/077826.html

Affected packages:
wireshark
wireshark-gnome

Upstream details at:
https://access.redhat.com/errata/RHSA-2009:0313

Related

nessus 24
openvas 51
redhat 1
oraclelinux 1
altlinux 1
securityvulns 6
gentoo 1
fedora 2
freebsd 2
osv 1
debian 1
ubuntucve 10
debiancve 10
cve 10
prion 10
veracode 9
nessus
nessus
Oracle Linux 3 / 4 / 5 : wireshark (ELSA-2009-0313)
2013-07-12 00:00:00
RHEL 3 / 4 / 5 : wireshark (RHSA-2009:0313)
2009-03-05 00:00:00
CentOS 3 / 4 : wireshark (CESA-2009:0313)
2009-03-05 00:00:00
openvas
openvas
RedHat Security Advisory RHSA-2009:0313
2009-03-07 00:00:00
CentOS Security Advisory CESA-2009:0313 (wireshark)
2009-03-13 00:00:00
CentOS Update for wireshark CESA-2009:0313 centos4 i386
2011-08-09 00:00:00
redhat
redhat
(RHSA-2009:0313) Moderate: wireshark security update
2009-03-04 00:00:00
oraclelinux
oraclelinux
wireshark security update
2009-03-04 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package wireshark version 1.0.4-alt1
2008-10-24 00:00:00
securityvulns
securityvulns
Wireshark sniffer multiple security vulnerabilities
2008-10-29 00:00:00
[ MDVSA-2008:215 ] wireshark
2008-10-29 00:00:00
[email protected]
2009-03-02 00:00:00
gentoo
gentoo
Wireshark: Multiple vulnerabilities
2009-06-30 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: wireshark-1.0.6-1.fc10
2009-03-05 16:35:39
[SECURITY] Fedora 9 Update: wireshark-1.0.6-1.fc9
2009-03-16 19:54:08
freebsd
freebsd
wireshark -- multiple vulnerabilities
2009-02-06 00:00:00
wireshark -- SMTP Processing Denial of Service Vulnerability
2008-11-24 00:00:00
osv
osv
wireshark - several vulnerabilities
2008-11-29 00:00:00
debian
debian
[SECURITY] [DSA 1673-1] New wireshark packages fix several vulnerabilities
2008-11-29 23:07:40
ubuntucve
ubuntucve
CVE-2008-4684
2008-10-22 00:00:00
CVE-2008-4682
2008-10-22 00:00:00
CVE-2008-4683
2008-10-22 00:00:00
debiancve
debiancve
CVE-2008-4680
2008-10-22 18:00:00
CVE-2008-4682
2008-10-22 18:00:00
CVE-2008-4683
2008-10-22 18:00:00
cve
cve
CVE-2008-4685
2008-10-22 18:00:00
CVE-2008-4683
2008-10-22 18:00:00
CVE-2008-4682
2008-10-22 18:00:00
prion
prion
Cross site request forgery (csrf)
2008-10-22 18:00:00
Authentication flaw
2008-10-22 18:00:00
Sql injection
2008-10-22 18:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:29:47
Denial Of Service (DoS)
2020-04-10 00:29:47
Denial Of Service (DoS)
2020-04-10 00:29:48

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.015 Low

EPSS

Percentile

86.6%

JSON
Related for CESA-2009:0313
nessus24openvas51redhat1oraclelinux1altlinux1securityvulns6gentoo1fedora2freebsd2osv1debian1ubuntucve10debiancve10cve10prion10veracode9