MGASA-2012-0210
| Date: | August 12th, 2012 |
| Affected releases: | 2 |
Description:
Updated wireshark packages fix security vulnerabilities:
The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9,
and 1.8.x before 1.8.1 allows remote attackers to cause a denial of
service (invalid pointer dereference and application crash) via a
crafted packet, as demonstrated by a usbmon dump (CVE-2012-4048).
epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x
before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote
attackers to cause a denial of service (loop and CPU consumption) via a
crafted packet (CVE-2012-4049).
Updated Packages:
dumpcap-1.6.9-1.mga2
lib(64)wireshark1-1.6.9-1.mga2
lib(64)wireshark-devel-1.6.9-1.mga2
rawshark-1.6.9-1.mga2
tshark-1.6.9-1.mga2
wireshark-1.6.9-1.mga2
wireshark-tools-1.6.9-1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4049
http://www.wireshark.org/security/wnpa-sec-2012-11.html
http://www.wireshark.org/security/wnpa-sec-2012-12.html
http://www.wireshark.org/docs/relnotes/wireshark-1.6.9.html
http://www.wireshark.org/news/20120722.html
https://bugs.mageia.org/show_bug.cgi?id=6861
