Pardus: 2010-93: Wireshark: Multiple Vulnerabilities
Posted by Benjamin D. Thomas   
Multiple vulnerabilities have been fixed in Wireshark
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-93            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-06-30
  Severity: 3
      Type: Remote
------------------------------------------------------------------------

Summary
======
Multiple vulnerabilities have been fixed in Wireshark


Description
==========
CVE-2010-2283:

The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through
1.2.8 allows remote attackers to cause a denial of service (NULL pointer
dereference) via unknown vectors.



CVE-2010-2284:

Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through
1.0.13 and 1.2.0 through 1.2.8 has unknown  impact  and  remote  attack
vectors.



CVE-2010-2285:

The SMB PIPE dissector in Wireshark 0.8.20  through  1.0.13  and  1.2.0
through 1.2.8 allows remote attackers to cause a denial of service (NULL
pointer dereference) via unknown vectors.



CVE-2010-2286:

The  SigComp Universal  Decompressor  Virtual  Machine  dissector   in
Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8  allows  remote
attackers to cause a denial of  service  (infinite  loop)  via  unknown
vectors.



CVE-2010-2287:

Buffer overflow in the SigComp Universal Decompressor  Virtual  Machine
dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has
unknown impact and remote attack vectors.


Affected packages:

  Pardus 2009:
    wireshark, all before 1.2.9-35-12


Resolution
=========
There are update(s) for wireshark. You  can  update  them  via  Package
Manager or with a single command from console:

    pisi up wireshark

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id474

------------------------------------------------------------------------