Wireshark updates close security holes

Sep 11, 2011


Wireshark updates close security holes

Versions 1.4.9 and 1.6.2 of Wireshark have been released. According to the developers, the maintenance and security updatesaddress a number of vulnerabilities – some of which are rated as 'highly critical' by Secunia – in the open source, cross-platform network protocol analyser. The vulnerabilities could be exploited by an attacker to, for example, cause a denial-of-service (DoS) or compromise a victim's system.

According to the security advisories, the issues include problems related to malformed IKE packets that could consume excessive resources resulting in a crash, and a bug that could lead Wireshark to run malicious Lua scripts causing the application to execute arbitrary code. Versions 1.4.0 to 1.4.8 and 1.6.0 and 1.6.1 are affected.

Other issues in the 1.6.x branch include crashing bugs in the CSN.1 dissector, the OpenSafety dissector and in the way capture files are handled. In addition to the bug fixes, protocol support has been updated. No new features have been added.

More details about the updates, including a full list of bug fixes and known problems, can be found in the 1.4.9 and 1.6.2 release notes. Wireshark binaries for Windows and Mac OS X, as well as the source code, are available todownload from the project's site. Wireshark is licensed under the GPLv2.

Source The H-Open

Leave a Reply

Your email address will not be published.


About us

IoT Gadgets is dedicated to bring you all the Internet of Things IoT news that pertains to gadgets. Simple. We love for you to join us on this journey.

Contact us: [email protected]


linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram