Date: Mon, 18 Apr 2011 15:56:01 +0530 From: Huzaifa Sidhpurwala <huzaifas@...hat.com> To: oss-security@...ts.openwall.com Subject: Wireshark 1.2.16 / 1.4.5 Hi, I noticed that new wireshark versions 1.2.16/1.4.5 were released on 14th/15th April 2011 and some of issues fixed appear to have security impact 1. Use of un-initialised variables: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5793 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5754 Patch: http://anonsvn.wireshark.org/viewvc?revision=36608&view=revision Versions affected: 1.2.0 to 1.2.15 and 1.4.0 to 1.4.4 2. Buffer overflow in DECT dissector The advisory does not list the bug number or the relevant patch. 3. Crash in NFS dissector https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5209 Versions affected: 1.4.0 to 1.4.4. This affects Windows only. http://www.wireshark.org/security/wnpa-sec-2011-05.html http://www.wireshark.org/security/wnpa-sec-2011-06.html -- Huzaifa Sidhpurwala / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.