Multiple vulnerabilities have been discovered in Wireshark which allow for Denial of Service or remote code execution.
|Package||net-analyzer/wireshark on all architectures|
|Affected versions||< 1.0.8|
|Unaffected versions||>= 1.0.8|
Wireshark is a versatile network protocol analyzer.
Multiple vulnerabilities have been discovered in Wireshark:
A remote attacker could exploit these vulnerabilities by sending specially crafted packets on a network being monitored by Wireshark or by enticing a user to read a malformed packet trace file which can trigger a Denial of Service (application crash or excessive CPU and memory usage) and possibly allow for the execution of arbitrary code with the privileges of the user running Wireshark.
There is no known workaround at this time.
All Wireshark users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.0.8"