openSUSE Security Update: wireshark: update to 1.8.5 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0276-1 Rating: moderate References: #801131 Cross-References: CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580 CVE-2013-1581 CVE-2013-1582 CVE-2013-1583 CVE-2013-1584 CVE-2013-1585 CVE-2013-1586 CVE-2013-1587 CVE-2013-1588 CVE-2013-1589 CVE-2013-1590 Affected Products: openSUSE 12.2 openSUSE 12.1 ______________________________________________________________________________ An update that fixes 19 vulnerabilities is now available. Description: wireshark was updated to 1.8.5 to fix bugs and security issues. Vulnerabilities fixed: * Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors wnpa-sec-2013-01 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580 CVE-2013-1581 * The CLNP dissector could crash wnpa-sec-2013-02 CVE-2013-1582 * The DTN dissector could crash wnpa-sec-2013-03 CVE-2013-1583 CVE-2013-1584 * The MS-MMC dissector (and possibly others) could crash wnpa-sec-2013-04 CVE-2013-1585 * The DTLS dissector could crash wnpa-sec-2013-05 CVE-2013-1586 * The ROHC dissector could crash wnpa-sec-2013-06 CVE-2013-1587 * The DCP-ETSI dissector could corrupt memory wnpa-sec-2013-07 CVE-2013-1588 * The Wireshark dissection engine could crash wnpa-sec-2013-08 CVE-2013-1589 * The NTLMSSP dissector could overflow a buffer wnpa-sec-2013-09 CVE-2013-1590 + Further bug fixes and updated protocol support as listed in: http://www.wireshark.org/docs/relnotes/wireshark-1.8.5.html Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-104 - openSUSE 12.1: zypper in -t patch openSUSE-2013-104 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): wireshark-1.8.5-1.19.1 wireshark-debuginfo-1.8.5-1.19.1 wireshark-debugsource-1.8.5-1.19.1 wireshark-devel-1.8.5-1.19.1 - openSUSE 12.1 (i586 x86_64): wireshark-1.8.5-3.37.1 wireshark-debuginfo-1.8.5-3.37.1 wireshark-debugsource-1.8.5-3.37.1 wireshark-devel-1.8.5-3.37.1 References: http://support.novell.com/security/cve/CVE-2013-1572.html http://support.novell.com/security/cve/CVE-2013-1573.html http://support.novell.com/security/cve/CVE-2013-1574.html http://support.novell.com/security/cve/CVE-2013-1575.html http://support.novell.com/security/cve/CVE-2013-1576.html http://support.novell.com/security/cve/CVE-2013-1577.html http://support.novell.com/security/cve/CVE-2013-1578.html http://support.novell.com/security/cve/CVE-2013-1579.html http://support.novell.com/security/cve/CVE-2013-1580.html http://support.novell.com/security/cve/CVE-2013-1581.html http://support.novell.com/security/cve/CVE-2013-1582.html http://support.novell.com/security/cve/CVE-2013-1583.html http://support.novell.com/security/cve/CVE-2013-1584.html http://support.novell.com/security/cve/CVE-2013-1585.html http://support.novell.com/security/cve/CVE-2013-1586.html http://support.novell.com/security/cve/CVE-2013-1587.html http://support.novell.com/security/cve/CVE-2013-1588.html http://support.novell.com/security/cve/CVE-2013-1589.html http://support.novell.com/security/cve/CVE-2013-1590.html https://bugzilla.novell.com/801131