Mailinglist Archive: opensuse-updates (99 mails)

< Previous Next >
openSUSE-SU-2013:0276-1: moderate: wireshark: update to 1.8.5
openSUSE Security Update: wireshark: update to 1.8.5
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:0276-1
Rating: moderate
References: #801131
Cross-References: CVE-2013-1572 CVE-2013-1573 CVE-2013-1574
CVE-2013-1575 CVE-2013-1576 CVE-2013-1577
CVE-2013-1578 CVE-2013-1579 CVE-2013-1580
CVE-2013-1581 CVE-2013-1582 CVE-2013-1583
CVE-2013-1584 CVE-2013-1585 CVE-2013-1586
CVE-2013-1587 CVE-2013-1588 CVE-2013-1589
CVE-2013-1590
Affected Products:
openSUSE 12.2
openSUSE 12.1
______________________________________________________________________________

An update that fixes 19 vulnerabilities is now available.

Description:


wireshark was updated to 1.8.5 to fix bugs and security
issues.

Vulnerabilities fixed:
* Infinite and large loops in the Bluetooth HCI, CSN.1,
DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols,
MPLS, R3, RTPS, SDP, and SIP dissectors wnpa-sec-2013-01
CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575
CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579
CVE-2013-1580 CVE-2013-1581
* The CLNP dissector could crash wnpa-sec-2013-02
CVE-2013-1582
* The DTN dissector could crash wnpa-sec-2013-03
CVE-2013-1583 CVE-2013-1584
* The MS-MMC dissector (and possibly others) could crash
wnpa-sec-2013-04 CVE-2013-1585
* The DTLS dissector could crash wnpa-sec-2013-05
CVE-2013-1586
* The ROHC dissector could crash wnpa-sec-2013-06
CVE-2013-1587
* The DCP-ETSI dissector could corrupt memory
wnpa-sec-2013-07 CVE-2013-1588
* The Wireshark dissection engine could crash
wnpa-sec-2013-08 CVE-2013-1589
* The NTLMSSP dissector could overflow a buffer
wnpa-sec-2013-09 CVE-2013-1590
+ Further bug fixes and updated protocol support as listed
in:
http://www.wireshark.org/docs/relnotes/wireshark-1.8.5.html



Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-104

- openSUSE 12.1:

zypper in -t patch openSUSE-2013-104

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.2 (i586 x86_64):

wireshark-1.8.5-1.19.1
wireshark-debuginfo-1.8.5-1.19.1
wireshark-debugsource-1.8.5-1.19.1
wireshark-devel-1.8.5-1.19.1

- openSUSE 12.1 (i586 x86_64):

wireshark-1.8.5-3.37.1
wireshark-debuginfo-1.8.5-3.37.1
wireshark-debugsource-1.8.5-3.37.1
wireshark-devel-1.8.5-3.37.1


References:

http://support.novell.com/security/cve/CVE-2013-1572.html
http://support.novell.com/security/cve/CVE-2013-1573.html
http://support.novell.com/security/cve/CVE-2013-1574.html
http://support.novell.com/security/cve/CVE-2013-1575.html
http://support.novell.com/security/cve/CVE-2013-1576.html
http://support.novell.com/security/cve/CVE-2013-1577.html
http://support.novell.com/security/cve/CVE-2013-1578.html
http://support.novell.com/security/cve/CVE-2013-1579.html
http://support.novell.com/security/cve/CVE-2013-1580.html
http://support.novell.com/security/cve/CVE-2013-1581.html
http://support.novell.com/security/cve/CVE-2013-1582.html
http://support.novell.com/security/cve/CVE-2013-1583.html
http://support.novell.com/security/cve/CVE-2013-1584.html
http://support.novell.com/security/cve/CVE-2013-1585.html
http://support.novell.com/security/cve/CVE-2013-1586.html
http://support.novell.com/security/cve/CVE-2013-1587.html
http://support.novell.com/security/cve/CVE-2013-1588.html
http://support.novell.com/security/cve/CVE-2013-1589.html
http://support.novell.com/security/cve/CVE-2013-1590.html
https://bugzilla.novell.com/801131


< Previous Next >
This Thread
  • No further messages