Wireshark-bugs: [Wireshark-bugs] [Bug 2686] New: Wireshark uses insecure version of zlib

Date: Sat, 5 Jul 2008 11:12:04 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2686

           Summary: Wireshark uses insecure version of zlib
           Product: Wireshark
           Version: 1.0.1
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Critical
          Priority: High
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: lonedesign_2k@xxxxxxxxx


Build Information:
Version 1.0.1 (SVN Rev 25639)

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.8, with GLib 2.14.6, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with ADNS, with Lua 5.1, with GnuTLS 2.3.8, with Gcrypt 1.4.1, with MIT
Kerberos, with PortAudio V19-devel, with AirPcap.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Version in use: 1.2.2
Current release: 1.2.3 (July 18, 2005)

Fixes:

    * Eliminate a potential security vulnerability(1) when decoding invalid
compressed data
    * Eliminate a potential security vulnerability(2) when decoding specially
crafted compressed data
    * Fix a bug when decompressing dynamic blocks with no distance codes
    * Fix crc check bug in gzread() after gzungetc()
    * Do not return an error when using gzread() on an empty file

(1) http://www.kb.cert.org/vuls/id/238678
(2) http://www.kb.cert.org/vuls/id/680620

http://www.zlib.net/


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.