New Wireshark packages that fix various security vulnerabilities are now
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Wireshark is a program for monitoring network traffic.
Several flaws were found in Wireshark's HTTP, WBXML, LDAP, and XOT protocol
dissectors. Wireshark could crash or stop responding if it read a malformed
packet off the network. (CVE-2006-4805, CVE-2006-5468, CVE-2006-5469,
A single NULL byte heap based buffer overflow was found in Wireshark's MIME
Multipart dissector. Wireshark could crash or possibly execute arbitrary
arbitrary code as the user running Wireshark. (CVE-2006-4574)
Users of Wireshark should upgrade to these updated packages containing
Wireshark version 0.99.4, which is not vulnerable to these issues.