Mailinglist Archive: opensuse-updates (28 mails)

< Previous Next >
openSUSE-SU-2012:1633-1: moderate: wireshark to 1.8.4
openSUSE Security Update: wireshark to 1.8.4
______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:1633-1
Rating: moderate
References: #780669 #792005
Cross-References: CVE-2012-5592 CVE-2012-5593 CVE-2012-5594
CVE-2012-5595 CVE-2012-5596 CVE-2012-5597
CVE-2012-5598 CVE-2012-5599 CVE-2012-5600
CVE-2012-5601 CVE-2012-5602
Affected Products:
openSUSE 12.2
openSUSE 12.1
______________________________________________________________________________

An update that fixes 11 vulnerabilities is now available.

Description:

This update fixes the following issues for wireshark:

- Security update to 1.8.4:

https://www.wireshark.org/docs/relnotes/wireshark-1.8.4.html
http://seclists.org/oss-sec/2012/q4/378

CVE-2012-5592 Wireshark #1 pcap-ng hostname disclosure
(wnpa-sec-2012-30)

CVE-2012-5593 Wireshark #2 DoS (infinite loop) in the USB
dissector (wnpa-sec-2012-31)

CVE-2012-5594 Wireshark #3 DoS (infinite loop) in the sFlow
dissector (wnpa-sec-2012-32)

CVE-2012-5595 Wireshark #4 DoS (infinite loop) in the SCTP
dissector (wnpa-sec-2012-33)

CVE-2012-5596 Wireshark #5 DoS (infinite loop) in the EIGRP
dissector (wnpa-sec-2012-34)

CVE-2012-5597 Wireshark #6 DoS (crash) in the ISAKMP
dissector (wnpa-sec-2012-35)

CVE-2012-5598 Wireshark #7 DoS (infinite loop) in the iSCSI
dissector (wnpa-sec-2012-36)

CVE-2012-5599 Wireshark #8 DoS (infinite loop) in the WTP
dissector (wnpa-sec-2012-37)

CVE-2012-5600 Wireshark #9 DoS (infinite loop) in the RTCP
dissector (wnpa-sec-2012-38)

CVE-2012-5601 Wireshark #10 DoS (infinite loop) in the
3GPP2 A11 dissector (wnpa-sec-2012-39)

CVE-2012-5602 Wireshark #11 DoS (infinite loop) in the
ICMPv6 dissector (wnpa-sec-2012-40)

And also the bugfix:
- bnc#780669: change wireshark.spec BuildRequires lua-devel
to lua51-devel to fix lua-support in openSUSE 12.2


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.2:

zypper in -t patch openSUSE-2012-844

- openSUSE 12.1:

zypper in -t patch openSUSE-2012-844

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.2 (i586 x86_64):

wireshark-1.8.4-1.15.1
wireshark-debuginfo-1.8.4-1.15.1
wireshark-debugsource-1.8.4-1.15.1
wireshark-devel-1.8.4-1.15.1

- openSUSE 12.1 (i586 x86_64):

wireshark-1.8.4-3.33.1
wireshark-debuginfo-1.8.4-3.33.1
wireshark-debugsource-1.8.4-3.33.1
wireshark-devel-1.8.4-3.33.1


References:

http://support.novell.com/security/cve/CVE-2012-5592.html
http://support.novell.com/security/cve/CVE-2012-5593.html
http://support.novell.com/security/cve/CVE-2012-5594.html
http://support.novell.com/security/cve/CVE-2012-5595.html
http://support.novell.com/security/cve/CVE-2012-5596.html
http://support.novell.com/security/cve/CVE-2012-5597.html
http://support.novell.com/security/cve/CVE-2012-5598.html
http://support.novell.com/security/cve/CVE-2012-5599.html
http://support.novell.com/security/cve/CVE-2012-5600.html
http://support.novell.com/security/cve/CVE-2012-5601.html
http://support.novell.com/security/cve/CVE-2012-5602.html
https://bugzilla.novell.com/780669
https://bugzilla.novell.com/792005


< Previous Next >
This Thread
  • No further messages