CESA-2008:0058: RHSA-2008:0058
Description
Moderate: wireshark security updateWireshark is a program for monitoring network traffic. Wireshark waspreviously known as Ethereal.Several flaws were found in Wireshark. Wireshark could crash or possiblyexecute arbitrary code as the user running Wireshark if it read a malformedpacket off the network. (CVE-2007-6112, CVE-2007-6114, CVE-2007-6115,CVE-2007-6117)Several denial of service bugs were found in Wireshark. Wireshark couldcrash or stop responding if it read a malformed packet off the network.(CVE-2007-6111, CVE-2007-6113, CVE-2007-6116, CVE-2007-6118, CVE-2007-6119,CVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441,CVE-2007-6450, CVE-2007-6451)As well, Wireshark switched from using net-snmp to libsmi, which isincluded in this errata.Users of wireshark should upgrade to these updated packages, which containWireshark version 0.99.7, and resolve these issues.
Solution(s)
- centos-upgrade-libsmi
- centos-upgrade-libsmi-devel
- centos-upgrade-wireshark
- centos-upgrade-wireshark-gnome
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center