Mailinglist Archive: opensuse-updates (62 mails)

< Previous Next >
openSUSE-SU-2012:0558-1: moderate: update for wireshark
openSUSE Security Update: update for wireshark

Announcement ID: openSUSE-SU-2012:0558-1
Rating: moderate
References: #754474 #754476 #754477
Cross-References: CVE-2012-1593 CVE-2012-1595 CVE-2012-1596

Affected Products:
openSUSE 12.1
openSUSE 11.4

An update that fixes three vulnerabilities is now available.


Changes in wireshark:
- update to 1.4.12
- fix bnc#754474, bnc#754476, bnc#754477(fixed upstream)
- Security fixes:
- wnpa-sec-2012-04 The ANSI A dissector could
dereference a NULL pointer and crash. (Bug 6823)
- wnpa-sec-2012-06 The pcap and pcap-ng file parsers
could crash trying to read ERF data. (Bug 6804)
- wnpa-sec-2012-07 The MP2T dissector could try to
allocate too much memory and crash. (Bug 6804)
- The Windows installers now include GnuTLS 1.12.18,
which fixes several vulnerabilities.
- Bug fixes:
- Some PGM options are not parsed correctly. (Bug 5687)
- dumpcap crashes when capturing from pipe to a pcap-ng
file (e.g., when passing data from CACE Pilot to
Wireshark). (Bug 5939)
- No error for UDP/IPv6 packet with zero checksum. (Bug
- packetBB dissector bug: More than 1000000 items in
the tree -- possible infinite loop. (Bug 6687)
- Ethernet traces in K12 text format sometimes give
bogus "malformed frame" errors and other problems. (Bug
- non-IPP packets to or from port 631 are dissected as
IPP. (Bug 6765)
- IAX2 dissector reads past end of packet for unknown
IEs. (Bug 6815)
- Pcap-NG files with SHB options longer than 100 bytes
aren't recognized as pcap-NG files, and options longer than
100 bytes in other blocks aren't handled either. (Bug 6846)
- Patch to fix DTLS decryption. (Bug 6847)
- Expression... dialog is crash. (Bug 6891)
- ISAKMP : VendorID CheckPoint : Malformed Packet. (Bug
- Radiotap dissector lists a bogus "DBM TX Attenuation"
bit. (Bug 7000)
- MySQL dissector assertion. (Ask 8649) Updated
Protocol Support HTTP, ISAKMP, MySQL, PacketBB, PGM, TCP,
UDP New and Updated Capture File Support Endace ERF,

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.1:

zypper in -t patch openSUSE-2012-248

- openSUSE 11.4:

zypper in -t patch openSUSE-2012-248

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 12.1 (i586 x86_64):


- openSUSE 11.4 (i586 x86_64):



< Previous Next >
This Thread
  • No further messages