In association with heise online

02 November 2011, 15:36

Wireshark updates fix vulnerabilties

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Wireshark logo The Wireshark developers have released versions 1.4.10 and 1.6.3 of the open source, cross-platform network protocol analyser. The maintenance and security updates close multiple vulnerabilities. Some of these are rated as highly critical by Secunia, and could be exploited by an attacker to cause a denial-of-service (DoS) or compromise a victim's system.

The updates address problems related to the ERF file parser that could lead to a buffer overflow and a NULL pointer dereference error in the Infiniband dissector. Versions 1.4.0 to 1.4.9 and 1.6.0 to 1.6.2 are affected. Wireshark 1.6.3 addresses a problem in the CSN.1 dissector that could be used to crash the application. The new versions also address a number of other bugs found in previous builds.

Further information about the updates, including a full list of changes, can be found in the 1.4.10 and the 1.6.3 release notes, and in the security advisories. Wireshark 1.4.10 and 1.6.3 are available to download for Windows and Mac OS X. Wireshark source code is licensed under the GPLv2.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1370490
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit