Security Information / 2011 / Security Information -- DSA-2324-1 wireshark

Debian Security Advisory

DSA-2324-1 wireshark -- programming error

Date Reported:

20 Oct 2011

Affected Packages:

wireshark

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2011-3360.

More information:

The Microsoft Vulnerability Research group discovered that insecure load path handling could lead to execution of arbitrary Lua script code.

For the oldstable distribution (lenny), this problem has been fixed in version 1.0.2-3+lenny15. This build will be released shortly.

For the stable distribution (squeeze), this problem has been fixed in version 1.2.11-6+squeeze4.

For the unstable distribution (sid), this problem has been fixed in version 1.6.2-1.

We recommend that you upgrade your wireshark packages.