Lucene search

K
centosCentOS ProjectCESA-2011:0013
HistoryJan 27, 2011 - 9:21 a.m.

wireshark security update

2011-01-2709:21:19
CentOS Project
lists.centos.org
46

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.917 High

EPSS

Percentile

98.9%

CentOS Errata and Security Advisory CESA-2011:0013

Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.

An array index error, leading to a stack-based buffer overflow, was found
in the Wireshark ENTTEC dissector. If Wireshark read a malformed packet off
a network or opened a malicious dump file, it could crash or, possibly,
execute arbitrary code as the user running Wireshark. (CVE-2010-4538)

Users of Wireshark should upgrade to these updated packages, which contain
a backported patch to correct this issue. All running instances of
Wireshark must be restarted for the update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2011-January/079403.html
https://lists.centos.org/pipermail/centos-announce/2011-January/079404.html

Affected packages:
wireshark
wireshark-gnome

Upstream details at:
https://access.redhat.com/errata/RHSA-2011:0013

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.917 High

EPSS

Percentile

98.9%

Related for CESA-2011:0013