[Bug 889854] New: Wireshark 1.10.9 fixes several crashes triggered by malformed protocol packages
https://bugzilla.novell.com/show_bug.cgi?id=889854 https://bugzilla.novell.com/show_bug.cgi?id=889854#c0 Summary: Wireshark 1.10.9 fixes several crashes triggered by malformed protocol packages Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: Andreas.Stieger@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 https://www.wireshark.org/lists/wireshark-announce/201407/msg00002.html https://www.wireshark.org/docs/relnotes/wireshark-1.10.9.html Versions affected: 1.10.0 to 1.10.8. (openSUSE 13.1) * The Catapult DCT2000 and IrDA dissectors could underrun a buffer. wnpa-sec-2014-08 CVE-2014-5161 CVE-2014-5162 * The GSM Management dissector could crash. wnpa-sec-2014-09 CVE-2014-5163 * The RLC dissector could crash. wnpa-sec-2014-10 CVE-2014-5164 * The ASN.1 BER dissector could crash. wnpa-sec-2014-11 CVE-2014-5165 Reproducible: Didn't try -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=889854 https://bugzilla.novell.com/show_bug.cgi?id=889854#c Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |ASSIGNED CC| |security-team@suse.de Platform|Other |All AssignedTo|security-team@suse.de |Andreas.Stieger@gmx.de OS/Version|Other |openSUSE 13.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=889854 https://bugzilla.novell.com/show_bug.cgi?id=889854#c1 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |security-team@suse.de --- Comment #1 from Andreas Stieger <Andreas.Stieger@gmx.de> 2014-08-01 09:04:27 UTC --- Maintenance request for openSUSE 13.1 (Wireshark 1.10.8 -> 1.10.9): https://build.opensuse.org/request/show/243356 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=889854 https://bugzilla.novell.com/show_bug.cgi?id=889854#c3 Chunyan Liu <cyliu@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |vpereira@novell.com --- Comment #3 from Chunyan Liu <cyliu@suse.com> 2014-08-04 04:32:12 UTC --- *** Bug 889906 has been marked as a duplicate of this bug. *** http://bugzilla.novell.com/show_bug.cgi?id=889906 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=889854 https://bugzilla.novell.com/show_bug.cgi?id=889854#c4 --- Comment #4 from Chunyan Liu <cyliu@suse.com> 2014-08-04 04:33:35 UTC --- *** Bug 889901 has been marked as a duplicate of this bug. *** http://bugzilla.novell.com/show_bug.cgi?id=889901 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=889854 https://bugzilla.novell.com/show_bug.cgi?id=889854#c5 --- Comment #5 from Chunyan Liu <cyliu@suse.com> 2014-08-04 04:33:58 UTC --- *** Bug 889900 has been marked as a duplicate of this bug. *** http://bugzilla.novell.com/show_bug.cgi?id=889900 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=889854 https://bugzilla.novell.com/show_bug.cgi?id=889854#c6 --- Comment #6 from Chunyan Liu <cyliu@suse.com> 2014-08-04 04:34:24 UTC --- *** Bug 889899 has been marked as a duplicate of this bug. *** http://bugzilla.novell.com/show_bug.cgi?id=889899 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=889854 https://bugzilla.novell.com/show_bug.cgi?id=889854#c Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED CC| |meissner@suse.com InfoProvider|security-team@suse.de | Summary|Wireshark 1.10.9 fixes |VUL-0: Wireshark 1.10.9 |several crashes triggered |fixes several crashes |by malformed protocol |triggered by malformed |packages |protocol packages -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=889854 https://bugzilla.novell.com/show_bug.cgi?id=889854#c7 Alexander Bergmann <abergmann@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED CC| |abergmann@suse.com Resolution| |FIXED --- Comment #7 from Alexander Bergmann <abergmann@suse.com> 2014-08-21 08:51:09 UTC --- Fixed for openSUSE and SLE-12. Closing bug. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=889854 https://bugzilla.novell.com/show_bug.cgi?id=889854#c8 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED CC| |Andreas.Stieger@gmx.de Resolution|FIXED | AssignedTo|Andreas.Stieger@gmx.de |cyliu@suse.com --- Comment #8 from Marcus Meissner <meissner@suse.com> 2014-08-21 12:38:46 UTC --- As wireshark 1.8 is not getting updates from wireshark.org nor statements of affectedness you would need to find this out. is 1.8 affected? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=889854 https://bugzilla.novell.com/show_bug.cgi?id=889854#c9 --- Comment #9 from Chunyan Liu <cyliu@suse.com> 2014-09-17 06:52:38 UTC --- (In reply to comment #8)
As wireshark 1.8 is not getting updates from wireshark.org nor statements of affectedness you would need to find this out.
is 1.8 affected?
Yes, all affect 1.8, which is used in SLE-11 SP3, we need to backport. But looking at openSUSE:Factory, wireshark-1.10 can be built sucessfully against SLE-11-SP3, could we update wireshark on SLE-11-SP3 from 1.8 to 1.10? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=889854 https://bugzilla.novell.com/show_bug.cgi?id=889854#c Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |897055 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com