Pardus: 2011-107: wireshark: Multiple
Posted by Benjamin D. Thomas   
A vulnerability has been fixed in wireshark
------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-107           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-08-04
      Type: Remote
------------------------------------------------------------------------

Summary
======
A vulnerability has been fixed in wireshark


Description
==========
CVE-2011-2597:

The Lucent/Ascend file parser in Wireshark 1.2.x before  1.2.18,  1.4.x
through 1.4.7, and 1.6.0 allows remote attackers to cause a  denial  of
service (infinite loop) via malformed packets.



CVE-2011-2698:

An infinite loop was found in the way  ANSI  A  Interface  (IS-634/IOS)
dissector of the Wireshark network traffic analyzer  processed  certain
ANSI A MAP capture files. If Wireshark read a malformed  packet  off  a
network or opened a malicious

packet capture file, it could lead  to  denial  of  service  (Wireshark
hang).



Affected packages:

  Pardus 2009:
    wireshark, all before 1.4.8-46-23


Resolution
=========
There are update(s) for wireshark. You  can  update  them  via  Package
Manager or with a single command from console:

    pisi up wireshark

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id775

------------------------------------------------------------------------