From $URL: Wireshark 1.2.13 fixes the following vulnerability: * Nephi Johnson of BreakingPoint discovered that the LDSS dissector could overflow a buffer. (Bug 5318) Versions affected: 1.2.0 to 1.2.12 and 1.4.0 to 1.4.1. Impact It may be possible to make Wireshark crash by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 1.2.13 or later.
Thank you for report, Tim. New version is in the tree. Arch teams, please, stabilize wireshark-1.2.13.
Stable for HPPA PPC.
amd64 ok
amd64 done. Thanks Agostino
x86 stable
alpha/ia64/sparc stable
ppc64 done
Thanks, folks. Added to existing GLSA request.
CVE-2010-4300 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4300): Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption.
This issue was resolved and addressed in GLSA 201110-02 at http://security.gentoo.org/glsa/glsa-201110-02.xml by GLSA coordinator Alex Legler (a3li).