Mandriva Linux Security Advisory 2011-138 - This advisory updates wireshark to the latest version (1.6.2), fixing several security issues. Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service via a malformed packet. Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service via a malformed capture file that leads to an invalid root tvbuff, related to a buffer exception handling vulnerability. The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service via a malformed packet. The updated packages have been upgraded to the latest 1.6.x version which is not vulnerable to these issues.
1be2ff4344b88429c4b45236683821e4090a102fcfdcdb92236828617d266698