Package: wireshark Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for wireshark.
CVE-2011-2175[0]: | Integer underflow in the visual_read function in wiretap/visual.c in | Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote | attackers to cause a denial of service (application crash) via a | malformed Visual Networks file that triggers a heap-based buffer | over-read. CVE-2011-2174[1]: | Double free vulnerability in the tvb_uncompress function in | epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 | allows remote attackers to cause a denial of service (application | crash) via a packet with malformed data that uses zlib compression. CVE-2011-1959[2]: | The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before | 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain | virtualizable buffers, which allows remote attackers to cause a denial | of service (application crash) via a large length value in a snoop | file that triggers a stack-based buffer over-read. If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2175 http://security-tracker.debian.org/tracker/CVE-2011-2175 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2174 http://security-tracker.debian.org/tracker/CVE-2011-2174 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1959 http://security-tracker.debian.org/tracker/CVE-2011-1959 -- Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
pgpbXneUQkmtR.pgp
Description: PGP signature

