CentOS Errata and Security Advisory CESA-2015:2393
The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network.
Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2015-2188, CVE-2015-2189, CVE-2015-2191, CVE-2015-3810, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2014-8710, CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714, CVE-2015-0562, CVE-2015-0563, CVE-2015-0564, CVE-2015-3182, CVE-2015-6243, CVE-2015-6244, CVE-2015-6245, CVE-2015-6246, CVE-2015-6248)
The CVE-2015-3182 issue was discovered by Martin Žember of Red Hat.
The wireshark packages have been upgraded to upstream version 1.10.14, which provides a number of bug fixes and enhancements over the previous version. (BZ#1238676)
This update also fixes the following bug:
In addition, this update adds the following enhancement:
All wireshark users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. All running instances of Wireshark must be restarted for the update to take effect.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-cr-announce/2015-November/008875.html
Affected packages: wireshark wireshark-devel wireshark-gnome
Upstream details at: https://rhn.redhat.com/errata/RHSA-2015-2393.html