[Bug 848738] New: VUL-0: wireshark: security updates to 1.8.11 and 1.10.3
https://bugzilla.novell.com/show_bug.cgi?id=848738 https://bugzilla.novell.com/show_bug.cgi?id=848738#c0 Summary: VUL-0: wireshark: security updates to 1.8.11 and 1.10.3 Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: Andreas.Stieger@gmx.de QAContact: qa-bugs@suse.de CC: Andreas.Stieger@gmx.de, abergmann@suse.com, cyliu@suse.com Depends on: 839607 Found By: --- Blocker: --- Via http://www.wireshark.org/docs/relnotes/wireshark-1.10.3.html The following vulnerabilities have been fixed. wnpa-sec-2013-61 The IEEE 802.15.4 dissector could crash. (Bug 9139) Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 CVE-2013-6336 wnpa-sec-2013-62 The NBAP dissector could crash. Discovered by Laurent Butti. (Bug 9168) Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 CVE-2013-6337 wnpa-sec-2013-63 The SIP dissector could crash. (Bug 9228) Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 CVE-2013-6338 wnpa-sec-2013-64 The OpenWire dissector could go into a large loop. Discovered by Murali. (Bug 9248) Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 CVE-2013-6339 wnpa-sec-2013-65 The TCP dissector could crash. (Bug 9263) Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 CVE-2013-6340 http://www.wireshark.org/docs/relnotes/wireshark-1.8.11.html The following vulnerabilities have been fixed. wnpa-sec-2013-61 The IEEE 802.15.4 dissector could crash. (Bug 9139) Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 CVE-2013-6336 wnpa-sec-2013-62 The NBAP dissector could crash. Discovered by Laurent Butti. (Bug 9168) Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 CVE-2013-6337 wnpa-sec-2013-63 The SIP dissector could crash. (Bug 9228) Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 CVE-2013-6338 wnpa-sec-2013-64 The OpenWire dissector could go into a large loop. Discovered by Murali. (Bug 9248) Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 CVE-2013-6339 wnpa-sec-2013-65 The TCP dissector could crash. (Bug 9263) Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 CVE-2013-6340 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=848738
https://bugzilla.novell.com/show_bug.cgi?id=848738#c
Andreas Stieger
https://bugzilla.novell.com/show_bug.cgi?id=848738
https://bugzilla.novell.com/show_bug.cgi?id=848738#c1
--- Comment #1 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=848738
https://bugzilla.novell.com/show_bug.cgi?id=848738#c2
Andreas Stieger
https://bugzilla.novell.com/show_bug.cgi?id=848738
https://bugzilla.novell.com/show_bug.cgi?id=848738#c3
--- Comment #3 from Andreas Stieger
Maintenance request for openSUSE 12.2, 12.3 and 13.1:
https://build.opensuse.org/request/show/205587 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=848738
https://bugzilla.novell.com/show_bug.cgi?id=848738#c4
--- Comment #4 from Andreas Stieger
(In reply to comment #2)
Maintenance request for openSUSE 12.2, 12.3 and 13.1:
1.10.3 was copied to 13.1. maintenance request for 12.2 and 12.3 only: https://build.opensuse.org/request/show/205665 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=848738
https://bugzilla.novell.com/show_bug.cgi?id=848738#c5
Victor Pereira
https://bugzilla.novell.com/show_bug.cgi?id=848738
https://bugzilla.novell.com/show_bug.cgi?id=848738#c6
--- Comment #6 from Andreas Stieger
are we, SLE, affected as well?
SLE-11 yes, last update there should be 1.8.10 or so, see Bug 839607 SLE-10 1.6.16 .. 1.6.x is discontinued upstream. Upstream makes no statement about whether discontinued releases are affected. Since all of the items above show from "from 1.8.0" that may very well be the case. Maybe update to 1.8.x as openSUSE did? SLE-9 1.0.16 ancient.... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=848738
https://bugzilla.novell.com/show_bug.cgi?id=848738#c7
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=848738
https://bugzilla.novell.com/show_bug.cgi?id=848738#c
SMASH SMASH
https://bugzilla.novell.com/show_bug.cgi?id=848738
https://bugzilla.novell.com/show_bug.cgi?id=848738#c8
Chunyan Liu
(In reply to comment #5)
are we, SLE, affected as well?
SLE-11 yes, last update there should be 1.8.10 or so, see Bug 839607 I'll update SLE-11.
SLE-10 1.6.16 .. 1.6.x is discontinued upstream. Upstream makes no statement about whether discontinued releases are affected. Since all of the items above show from "from 1.8.0" that may very well be the case. Maybe update to 1.8.x as openSUSE did? As mentioned in Bug#792005: wireshark-1.8.x requires gtk+ >= 2.12 and glib >= 2.14, but SLE-10 only has gtk+ 2.8 and glib 2.8, update to 1.8.x failed. So, for a long time, SLE-10 only updates to 1.6.x.
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=848738
https://bugzilla.novell.com/show_bug.cgi?id=848738#c
Victor Pereira
https://bugzilla.novell.com/show_bug.cgi?id=848738
https://bugzilla.novell.com/show_bug.cgi?id=848738#c
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=848738
https://bugzilla.novell.com/show_bug.cgi?id=848738#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=848738
https://bugzilla.novell.com/show_bug.cgi?id=848738#c10
--- Comment #10 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=848738
https://bugzilla.novell.com/show_bug.cgi?id=848738#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=848738
https://bugzilla.novell.com/show_bug.cgi?id=848738#c11
--- Comment #11 from Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=848738
https://bugzilla.novell.com/show_bug.cgi?id=848738#c12
--- Comment #12 from Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=848738
https://bugzilla.novell.com/show_bug.cgi?id=848738#c13
--- Comment #13 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=848738
https://bugzilla.novell.com/show_bug.cgi?id=848738#c14
Andreas Stieger
https://bugzilla.novell.com/show_bug.cgi?id=848738
https://bugzilla.novell.com/show_bug.cgi?id=848738#c15
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=848738
https://bugzilla.novell.com/show_bug.cgi?id=848738#c16
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=848738
https://bugzilla.novell.com/show_bug.cgi?id=848738#c17
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=848738 https://bugzilla.novell.com/show_bug.cgi?id=848738#c Bug 848738 depends on bug 839607, which changed state. Bug 839607 Summary: VUL-0: wireshark: security updates to 1.8.10 and 1.10.2 http://bugzilla.novell.com/show_bug.cgi?id=839607 What |Old Value |New Value ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=848738
https://bugzilla.novell.com/show_bug.cgi?id=848738#c18
Andreas Stieger
https://bugzilla.novell.com/show_bug.cgi?id=848738
https://bugzilla.novell.com/show_bug.cgi?id=848738#c
Andreas Stieger
https://bugzilla.novell.com/show_bug.cgi?id=848738
https://bugzilla.novell.com/show_bug.cgi?id=848738#c
Swamp Workflow Management
participants (1)
-
bugzilla_noreply@novell.com