Debian Security Advisory DSA 2324-1 (wireshark) Network Vulnerability

Summary

The remote host is missing an update to wireshark announced via advisory DSA 2324-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202324-1

Insight

The Microsoft Vulnerability Research group discovered that insecure load path handling could lead to execution of arbitrary Lua script code. For the oldstable distribution (lenny), this problem has been fixed in version 1.0.2-3+lenny15. This build will be released shortly. For the stable distribution (squeeze), this problem has been fixed in version 1.2.11-6+squeeze4. For the unstable distribution (sid), this problem has been fixed in version 1.6.2-1. We recommend that you upgrade your wireshark packages.

Severity

Classification

CVE CVE-2011-3360

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 1052-1 (cgiirc)
Debian Security Advisory DSA 1002-1 (webcalendar)
Debian Security Advisory DSA 1070-1 (kernel-source-2.4.19,kernel-image-sparc-2.4,kernel-patch-2.4.19-mips)
Debian Security Advisory DSA 065-1 (samba)
Debian Security Advisory DSA 1049-1 (ethereal)

Take action and discover your vulnerabilities