U radu programskog paketa Wireshark uočeni su sigurnosni nedostaci koje zlonamjerni korisnici mogu iskoristiti za izvođenje napada uskraćivanjem usluge (DoS).
Paket:
wireshark 1.x
Operacijski sustavi:
Fedora 17
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
lokalno/udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
Izvorni ID preporuke:
FEDORA-2012-5214
Izvor:
Fedora
Problem:
Nedostaci su uzrokovani pogreškama u ANSI A i MP2T disektorima i pcap i pcap-ng analizatorima datoteka.
Posljedica:
Napadačima omogućuju izvođenje DoS napada.
Rješenje:
Korisnicima ranjivog paketa preporuča se instalacija nadogradnje.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-5214
2012-04-02 17:41:05
--------------------------------------------------------------------------------
Name : wireshark
Product : Fedora 17
Version : 1.6.6
Release : 2.fc17
URL : http://www.wireshark.org/
Summary : Network traffic analyzer
Description :
Wireshark is a network traffic analyzer for Unix-ish operating systems.
This package lays base for libpcap, a packet capture and filtering
library, contains command-line utilities, contains plugins and
documentation for wireshark. A graphical user interface is packaged
separately to GTK+ package.
--------------------------------------------------------------------------------
Update Information:
The following vulnerabilities have been fixed.
wnpa-sec-2012-04: The ANSI A dissector could dereference a NULL pointer and
crash. (Bug 6823)
wnpa-sec-2012-06: The pcap and pcap-ng file parsers could crash trying to read
ERF data. (Bug 6804)
wnpa-sec-2012-07: The MP2T dissector could try to allocate too much memory and
crash. (Bug 6833)
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update wireshark' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke