Description of problem: CVE-2011-3482 The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVE-2011-3360 Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. CVE-2011-3483 Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception handling vulnerability." CVE-2011-3484 The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service (loop and application crash) via a malformed packet.
Status: NEW => ASSIGNED
Cauldron wireshark package is not susceptible for these security issues, and for Mageia 1 those issues are fixed with the validated update from https://bugs.mageia.org/show_bug.cgi?id=2352
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED