Scientific Linux Security Update : wireshark on SL4.x, SL5.x i386/x86_64
High Nessus Plugin ID 60991
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionA heap-based buffer overflow flaw was found in Wireshark. If Wireshark opened a specially crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0024)
Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445, CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141, CVE-2011-1143)
All running instances of Wireshark must be restarted for the update to take effect.
SolutionUpdate the affected wireshark and / or wireshark-gnome packages.