Here are the CVE numbers for the vulnerabilities fixed in Wireshark 1.0.1: CVE-2008-3137 (GSM SMS dissector) CVE-2008-3138 (PANA and KISMET dissectors) CVE-2008-3139 (RTMPT dissector) CVE-2008-3141 (RMI dissector) CVE-2008-3140 (syslog dissector)
Wireshark 1.0.2 fixes another vulnerability: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3145 http://www.wireshark.org/security/wnpa-sec-2008-04.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2470 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-3137 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-3138 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-3139 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-3140 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-3141 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-3145 ** Summary changed: - Wireshark 1.0.1 fixes multiple vulnerabilities + Wireshark 1.0.2 fixes multiple vulnerabilities ** Description changed: Binary package hint: wireshark Wireshark 1.0.1 fixes multiple security issues in the previous releases. * The GSM SMS dissector could crash * The PANA and KISMET dissectors could force Wireshark to quit unexpectedly * The RTMPT dissector could crash * The RMI dissector could disclose system memory * The syslog dissector could crash See the upstream advisory wnpa-sec-2008-03 at <http://www.wireshark.org/security/wnpa-sec-2008-03.html>. - I couldn't find any CVE numbers for these problems. Please add them to - this bug if you know them. + Please see the update in the comments. -- Wireshark 1.0.2 fixes multiple vulnerabilities https://bugs.launchpad.net/bugs/245774 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
