14 DAY TRIAL // Wireshark developers released the 1.6.3 and the 1.4.10 versions of the popular network protocol analyzer. The latest variants come with a few security improvements that make sure users are protected against potential attacks.
One of the flaws was discovered by Red Hat's Security Response Team which pointed out a bug in the Infiniband sector that could have dereferenced a NULL pointer. They also uncovered as issue in the ERF file reader that could be exploited to cause a heap-based buffer overflow. The successful exploitation of the problem could have led to execution of arbitrary code.
Other security fixes involve an error related to an uninitialised variable in the CSN 1 dissector which could have caused a crash in the application.
To keep your device safe, make sure to update the application to the latest version.
Wireshark 1.4.7 / 1.6.3 for Linux is available for download here. Wireshark 1.6.3 for Windows is available for download here. Portable Wireshark 1.6.3 for Windows is available for download here.