Mandriva Update For Wireshark MDVSA-2008:242 (wireshark) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Two vulnerabilities were discovered in Wireshark. The first is a vulnerability in the SMTP dissector that could cause it to consume excessive CPU and memory via a long SMTP request (CVE-2008-5285). The second is an issue with the WLCCP dissector that could cause it to go into an infinite loop. This update also provides a patch to fix a potential freeze during capture interface selection. This update provides Wireshark 1.0.5, which is not vulnerable to these issues.

Affected

wireshark on Mandriva Linux 2008.1, Mandriva Linux 2008.1/X86_64, Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64

Severity

Classification

CVE CVE-2008-5285

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:026 (phpMyAdmin)
Mandrake Security Advisory MDVSA-2009:120 (openssl)
Mandrake Security Advisory MDVSA-2009:047-1 (vim)
Mandrake Security Advisory MDVSA-2009:094 (mysql)
Mandrake Security Advisory MDVSA-2009:170 (initscripts)

Mandriva Update for wireshark MDVSA-2008:242 (wireshark)

Take action and discover your vulnerabilities