[Bug 855980] New: wireshark: security updates to 1.8.12 and 1.10.4
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c0 Summary: wireshark: security updates to 1.8.12 and 1.10.4 Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: All OS/Version: openSUSE 13.1 Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: Andreas.Stieger@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686; rv:26.0) Gecko/20100101 Firefox/26.0 from https://www.wireshark.org/docs/relnotes/wireshark-1.10.4.html * The SIP dissector could go into an infinite loop. wnpa-sec-2013-66 CVE-2013-7112 * The BSSGP dissector could crash. wnpa-sec-2013-67 CVE-2013-7113 * The NTLMSSP v2 dissector could crash. Discovered by Garming Sam. wnpa-sec-2013-68 CVE-2013-7114 from https://www.wireshark.org/docs/relnotes/wireshark-1.8.12.html * The SIP dissector could go into an infinite loop. wnpa-sec-2013-66 CVE-2013-7112 * The NTLMSSP v2 dissector could crash. Discovered by Garming Sam. wnpa-sec-2013-68 CVE-2013-7114 Reproducible: Didn't try -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c
Andreas Stieger
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c1
--- Comment #1 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c2
Andreas Stieger
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c3
Sebastian Krahmer
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c4
Sebastian Krahmer
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c5
--- Comment #5 from Chunyan Liu
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c
Chunyan Liu
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c6
Andreas Stieger
Accepted, although it would have been better to have separated submits for 12.2+12.3 and 13.1 because it has been updated to different versions and it makes up a cleaner PI file.
Noted. On that... 1.10.4 seems to have at least one regression, 1.10.5 has been released just now: https://www.wireshark.org/docs/relnotes/wireshark-1.10.5.html * Wireshark stops showing new packets but dumpcap keeps writing them to the temp file. * Wireshark 1.10.4 shuts down when promiscuous mode is unchecked. * Homeplug dissector bug: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address. So we can strip the 13.1 update from the running incident 2411 and make one for 13.1 only with 1.10.5? If not this can probably be included with the next maintenance or security update. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c7
--- Comment #7 from Andreas Stieger
So we can strip the 13.1 update from the running incident 2411 and make one for 13.1 only with 1.10.5?
See MR to that effect: https://build.opensuse.org/request/show/211796 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c8
Sebastian Krahmer
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c12
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c13
--- Comment #13 from Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c14
--- Comment #14 from Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c15
Andreas Stieger
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c16
--- Comment #16 from Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c17
Sebastian Krahmer
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c18
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c19
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c20
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=855980
https://bugzilla.novell.com/show_bug.cgi?id=855980#c21
--- Comment #21 from Swamp Workflow Management
participants (1)
-
bugzilla_noreply@novell.com