Mailinglist Archive: opensuse-updates (64 mails)

< Previous Next >
openSUSE-SU-2014:1249-1: moderate: wireshark: update to 1.10.10 security release
openSUSE Security Update: wireshark: update to 1.10.10 security release
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:1249-1
Rating: moderate
References: #889899 #889900 #889901 #889906 #897055
Cross-References: CVE-2014-5161 CVE-2014-5162 CVE-2014-5163
CVE-2014-5164 CVE-2014-5165 CVE-2014-6421
CVE-2014-6422 CVE-2014-6423 CVE-2014-6424
CVE-2014-6427 CVE-2014-6428 CVE-2014-6429
CVE-2014-6430 CVE-2014-6431 CVE-2014-6432

Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________

An update that fixes 15 vulnerabilities is now available.

Description:


Wireshark was update to 1.10.10 [bnc#897055]

On openSUSE 12.3, the package was upgraded to 1.10.x from 1.8.x as it was
discontinued.

This update fixes vulnerabilities in Wireshark that could allow an
attacker to crash Wireshark or make it become unresponsive by sending
specific packages onto the network or have it loaded via a capture file
while the dissectors are running. It also contains a number of other bug
fixes.
* RTP dissector crash wnpa-sec-2014-12 CVE-2014-6421 CVE-2014-6422
* MEGACO dissector infinite loop wnpa-sec-2014-13 CVE-2014-6423
* Netflow dissector crash wnpa-sec-2014-14 CVE-2014-6424
* RTSP dissector crash wnpa-sec-2014-17 CVE-2014-6427
* SES dissector crash wnpa-sec-2014-18 CVE-2014-6428
* Sniffer file parser crash wnpa-sec-2014-19 CVE-2014-6429 CVE-2014-6430
CVE-2014-6431 CVE-2014-6432
- Further bug fixes as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.10.10.html

- includes changes from 1.10.9: fixes several crashes triggered by
malformed protocol packages
- vulnerabilities fixed:
* The Catapult DCT2000 and IrDA dissectors could underrun a buffer
wnpa-sec-2014-08 CVE-2014-5161 CVE-2014-5162 (bnc#889901)
* The GSM Management dissector could crash wnpa-sec-2014-09
CVE-2014-5163 (bnc#889906)
* The RLC dissector could crash wnpa-sec-2014-10 CVE-2014-5164
(bnc#889900)
* The ASN.1 BER dissector could crash wnpa-sec-2014-11 CVE-2014-5165
(bnc#889899)
- Further bug fixes as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.10.9.html


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-566

- openSUSE 12.3:

zypper in -t patch openSUSE-2014-566

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.1 (i586 x86_64):

wireshark-1.10.10-24.1
wireshark-debuginfo-1.10.10-24.1
wireshark-debugsource-1.10.10-24.1
wireshark-devel-1.10.10-24.1

- openSUSE 12.3 (i586 x86_64):

wireshark-1.10.10-1.44.1
wireshark-debuginfo-1.10.10-1.44.1
wireshark-debugsource-1.10.10-1.44.1
wireshark-devel-1.10.10-1.44.1


References:

http://support.novell.com/security/cve/CVE-2014-5161.html
http://support.novell.com/security/cve/CVE-2014-5162.html
http://support.novell.com/security/cve/CVE-2014-5163.html
http://support.novell.com/security/cve/CVE-2014-5164.html
http://support.novell.com/security/cve/CVE-2014-5165.html
http://support.novell.com/security/cve/CVE-2014-6421.html
http://support.novell.com/security/cve/CVE-2014-6422.html
http://support.novell.com/security/cve/CVE-2014-6423.html
http://support.novell.com/security/cve/CVE-2014-6424.html
http://support.novell.com/security/cve/CVE-2014-6427.html
http://support.novell.com/security/cve/CVE-2014-6428.html
http://support.novell.com/security/cve/CVE-2014-6429.html
http://support.novell.com/security/cve/CVE-2014-6430.html
http://support.novell.com/security/cve/CVE-2014-6431.html
http://support.novell.com/security/cve/CVE-2014-6432.html
https://bugzilla.suse.com/show_bug.cgi?id=889899
https://bugzilla.suse.com/show_bug.cgi?id=889900
https://bugzilla.suse.com/show_bug.cgi?id=889901
https://bugzilla.suse.com/show_bug.cgi?id=889906
https://bugzilla.suse.com/show_bug.cgi?id=897055


< Previous Next >
This Thread
  • No further messages