[Bug 855980] New: wireshark: security updates to 1.8.12 and 1.10.4
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c0 Summary: wireshark: security updates to 1.8.12 and 1.10.4 Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: All OS/Version: openSUSE 13.1 Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: Andreas.Stieger@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686; rv:26.0) Gecko/20100101 Firefox/26.0 from https://www.wireshark.org/docs/relnotes/wireshark-1.10.4.html * The SIP dissector could go into an infinite loop. wnpa-sec-2013-66 CVE-2013-7112 * The BSSGP dissector could crash. wnpa-sec-2013-67 CVE-2013-7113 * The NTLMSSP v2 dissector could crash. Discovered by Garming Sam. wnpa-sec-2013-68 CVE-2013-7114 from https://www.wireshark.org/docs/relnotes/wireshark-1.8.12.html * The SIP dissector could go into an infinite loop. wnpa-sec-2013-66 CVE-2013-7112 * The NTLMSSP v2 dissector could crash. Discovered by Garming Sam. wnpa-sec-2013-68 CVE-2013-7114 Reproducible: Didn't try -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |ASSIGNED CC| |cyliu@suse.com, | |security-team@suse.de Depends on| |848738 AssignedTo|bnc-team-screening@forge.pr |Andreas.Stieger@gmx.de |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c1 --- Comment #1 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-12-18 01:00:28 CET --- This is an autogenerated message for OBS integration: This bug (855980) was mentioned in https://build.opensuse.org/request/show/211298 Factory / wireshark https://build.opensuse.org/request/show/211300 13.1+12.2+12.3 / wireshark -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c2 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |security-team@suse.de --- Comment #2 from Andreas Stieger <Andreas.Stieger@gmx.de> 2013-12-18 07:49:27 UTC --- Please review update -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c3 Sebastian Krahmer <krahmer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|security-team@suse.de | --- Comment #3 from Sebastian Krahmer <krahmer@suse.com> 2013-12-18 09:58:59 UTC --- Accepted, although it would have been better to have separated submits for 12.2+12.3 and 13.1 because it has been updated to different versions and it makes up a cleaner PI file. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |obs:running:2411:moderate -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c4 Sebastian Krahmer <krahmer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |bjzhang@suse.com Status Whiteboard|obs:running:2411:moderate | --- Comment #4 from Sebastian Krahmer <krahmer@suse.com> 2013-12-18 10:02:37 UTC --- bjzhang, I guess that requires SLE updates as well? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |obs:running:2411:moderate -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|wireshark: security updates |VUL-0: wireshark: security |to 1.8.12 and 1.10.4 |updates to 1.8.12 and | |1.10.4 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c5 --- Comment #5 from Chunyan Liu <cyliu@suse.com> 2013-12-19 06:29:14 UTC --- Will update SLE. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c Chunyan Liu <cyliu@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|bjzhang@suse.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c6 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |security-team@suse.de --- Comment #6 from Andreas Stieger <Andreas.Stieger@gmx.de> 2013-12-19 23:43:30 UTC --- (In reply to comment #3)
Accepted, although it would have been better to have separated submits for 12.2+12.3 and 13.1 because it has been updated to different versions and it makes up a cleaner PI file.
Noted. On that... 1.10.4 seems to have at least one regression, 1.10.5 has been released just now: https://www.wireshark.org/docs/relnotes/wireshark-1.10.5.html * Wireshark stops showing new packets but dumpcap keeps writing them to the temp file. * Wireshark 1.10.4 shuts down when promiscuous mode is unchecked. * Homeplug dissector bug: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address. So we can strip the 13.1 update from the running incident 2411 and make one for 13.1 only with 1.10.5? If not this can probably be included with the next maintenance or security update. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c7 --- Comment #7 from Andreas Stieger <Andreas.Stieger@gmx.de> 2013-12-20 00:17:05 UTC --- (In reply to comment #6)
So we can strip the 13.1 update from the running incident 2411 and make one for 13.1 only with 1.10.5?
See MR to that effect: https://build.opensuse.org/request/show/211796 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c8 Sebastian Krahmer <krahmer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|security-team@suse.de | --- Comment #8 from Sebastian Krahmer <krahmer@suse.com> 2013-12-23 11:09:37 UTC --- Did so. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|obs:running:2411:moderate |obs:running:2411:moderate | |obs:running:2429:moderate -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c12 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|obs:running:2411:moderate |obs:running:2411:moderate |obs:running:2429:moderate |obs:running:2429:moderate | |maint:running:55633:moderat | |e --- Comment #12 from Swamp Workflow Management <swamp@suse.de> 2013-12-27 11:04:30 UTC --- The SWAMPID for this issue is 55633. This issue was rated as moderate. Please submit fixed packages until 2014-01-10. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|obs:running:2411:moderate |obs:running:2429:moderate |obs:running:2429:moderate |maint:running:55633:moderat |maint:running:55633:moderat |e |e | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|obs:running:2429:moderate |maint:running:55633:moderat |maint:running:55633:moderat |e |e | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c13 --- Comment #13 from Swamp Workflow Management <swamp@suse.de> 2014-01-03 21:07:35 UTC --- openSUSE-SU-2014:0013-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 855980 CVE References: CVE-2013-7112,CVE-2013-7113,CVE-2013-7114 Sources used: openSUSE 12.3 (src): wireshark-1.8.12-1.28.1 openSUSE 12.2 (src): wireshark-1.8.12-1.47.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c14 --- Comment #14 from Swamp Workflow Management <swamp@suse.de> 2014-01-03 21:08:29 UTC --- openSUSE-SU-2014:0017-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 855980 CVE References: CVE-2013-7112,CVE-2013-7113,CVE-2013-7114 Sources used: openSUSE 13.1 (src): wireshark-1.10.5-4.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c15 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED AssignedTo|Andreas.Stieger@gmx.de |cyliu@suse.com --- Comment #15 from Andreas Stieger <Andreas.Stieger@gmx.de> 2014-01-03 21:36:47 UTC --- Updates released for openSUSE. Assigning to SLE maintainer. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c16 --- Comment #16 from Swamp Workflow Management <swamp@suse.de> 2014-01-03 22:05:04 UTC --- openSUSE-SU-2014:0020-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 855980 CVE References: CVE-2013-7112,CVE-2013-7114 Sources used: openSUSE 11.4 (src): wireshark-1.8.12-65.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c17 Sebastian Krahmer <krahmer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #17 from Sebastian Krahmer <krahmer@suse.com> 2014-01-21 11:52:00 UTC --- released -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c18 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:55633:moderat |maint:running:55633:moderat |e |e | |maint:released:sle11-sp3:55 | |636 --- Comment #18 from Swamp Workflow Management <swamp@suse.de> 2014-01-21 14:54:53 UTC --- Update released for: wireshark, wireshark-debuginfo, wireshark-debugsource, wireshark-devel Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c19 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:55633:moderat |maint:running:55633:moderat |e |e |maint:released:sle11-sp3:55 |maint:released:sle11-sp1:55 |636 |634 --- Comment #19 from Swamp Workflow Management <swamp@suse.de> 2014-01-21 15:04:33 UTC --- Update released for: wireshark, wireshark-debuginfo, wireshark-debugsource, wireshark-devel Products: SLE-SERVER 11-SP1-TERADATA (x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c20 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:55633:moderat |maint:running:55633:moderat |e |e |maint:released:sle11-sp1:55 |maint:released:sle11-sp2:55 |634 |635 --- Comment #20 from Swamp Workflow Management <swamp@suse.de> 2014-01-21 15:05:42 UTC --- Update released for: wireshark, wireshark-debuginfo, wireshark-debugsource, wireshark-devel Products: SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP2 (i386, x86_64) SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP2 (i386, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:55633:moderat |maint:released:sle11-sp2:55 |e |635 |maint:released:sle11-sp2:55 | |635 | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=855980 https://bugzilla.novell.com/show_bug.cgi?id=855980#c21 --- Comment #21 from Swamp Workflow Management <swamp@suse.de> 2014-01-21 19:04:21 UTC --- SUSE-SU-2014:0115-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 855980,856496,856498 CVE References: CVE-2013-7112,CVE-2013-7113,CVE-2013-7114 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): wireshark-1.8.12-0.2.1 SUSE Linux Enterprise Software Development Kit 11 SP2 (src): wireshark-1.8.12-0.2.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): wireshark-1.8.12-0.2.1 SUSE Linux Enterprise Server 11 SP3 (src): wireshark-1.8.12-0.2.1 SUSE Linux Enterprise Server 11 SP2 for VMware (src): wireshark-1.8.12-0.2.1 SUSE Linux Enterprise Server 11 SP2 (src): wireshark-1.8.12-0.2.1 SUSE Linux Enterprise Desktop 11 SP3 (src): wireshark-1.8.12-0.2.1 SUSE Linux Enterprise Desktop 11 SP2 (src): wireshark-1.8.12-0.2.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com