Bug 24297

Summary: CVE-2010-3445: ASN.1 BER vulnerability
Product: Sisyphus Reporter: Vladimir Lettiev <crux>
Component: wireshark-baseAssignee: Anton Farygin <rider>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: blocker    
Priority: P3 CC: rider
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: http://www.wireshark.org/security/wnpa-sec-2010-12.html

Description Vladimir Lettiev 2010-10-14 09:50:36 MSD 
The Penetration Test Team of NCNIPC (China) discovered that the ASN.1 BER dissector was susceptible to a stack overflow. (Bug 5230) Versions affected: All previous versions up to and including 1.2.11 and 1.4.0.

Fixed in wireshark 1.4.1
Comment 1 Anton Farygin 2010-10-14 09:51:49 MSD 
Да, спасибо, я уже работаю над этим.
Comment 2 Repository Robot 2010-10-14 12:28:27 MSD 
wireshark-1.4.1-alt1 -> sisyphus:

* Thu Oct 14 2010 Anton Farygin <rider@altlinux> 1.4.1-alt1
- new version, fixed CVE-2010-3445 (closes: #24297)
- user guide updated