Mandriva Update For Wireshark MDVSA-2012:125 (wireshark) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Multiple vulnerabilities was found and corrected in Wireshark: It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file (CVE-2012-4048). It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file (CVE-2012-4049). This advisory provides the latest versiona of Wireshark (1.4.14, 1.6.8) which is not vulnerable to these issues.

Affected

wireshark on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2

Severity

Classification

CVE CVE-2012-4048, CVE-2012-4049

CVSS	Base Score: 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Mandriva Update for samba MDVSA-2010:090 (samba)
Mandriva Update for avahi MDKSA-2007:185 (avahi)
Mandriva Update for vixie-cron MDKSA-2007:234 (vixie-cron)
Mandriva Update for timezone MDVA-2010:006 (timezone)
Mandriva Update for firefox MDVA-2011:008 (firefox)

Mandriva Update for wireshark MDVSA-2012:125 (wireshark)

Take action and discover your vulnerabilities