Mandriva Update For Wireshark MDVSA-2008:242 (wireshark) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Two vulnerabilities were discovered in Wireshark. The first is a vulnerability in the SMTP dissector that could cause it to consume excessive CPU and memory via a long SMTP request (CVE-2008-5285). The second is an issue with the WLCCP dissector that could cause it to go into an infinite loop. This update also provides a patch to fix a potential freeze during capture interface selection. This update provides Wireshark 1.0.5, which is not vulnerable to these issues.

Affected

wireshark on Mandriva Linux 2008.1, Mandriva Linux 2008.1/X86_64, Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64

Severity

Classification

CVE CVE-2008-5285
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:040 (dia)
Mandrake Security Advisory MDVSA-2009:048 (epiphany)
Mandrake Security Advisory MDVSA-2009:054 (nagios)
Mandrake Security Advisory MDVSA-2009:127 (gaim)
Mandrake Security Advisory MDVSA-2009:080 (glib2.0)

Mandriva Update for wireshark MDVSA-2008:242 (wireshark)

Take action and discover your vulnerabilities