[Bug 889854] New: Wireshark 1.10.9 fixes several crashes triggered by malformed protocol packages
https://bugzilla.novell.com/show_bug.cgi?id=889854 https://bugzilla.novell.com/show_bug.cgi?id=889854#c0 Summary: Wireshark 1.10.9 fixes several crashes triggered by malformed protocol packages Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: Andreas.Stieger@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 https://www.wireshark.org/lists/wireshark-announce/201407/msg00002.html https://www.wireshark.org/docs/relnotes/wireshark-1.10.9.html Versions affected: 1.10.0 to 1.10.8. (openSUSE 13.1) * The Catapult DCT2000 and IrDA dissectors could underrun a buffer. wnpa-sec-2014-08 CVE-2014-5161 CVE-2014-5162 * The GSM Management dissector could crash. wnpa-sec-2014-09 CVE-2014-5163 * The RLC dissector could crash. wnpa-sec-2014-10 CVE-2014-5164 * The ASN.1 BER dissector could crash. wnpa-sec-2014-11 CVE-2014-5165 Reproducible: Didn't try -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=889854
https://bugzilla.novell.com/show_bug.cgi?id=889854#c
Andreas Stieger
https://bugzilla.novell.com/show_bug.cgi?id=889854
https://bugzilla.novell.com/show_bug.cgi?id=889854#c1
Andreas Stieger
https://bugzilla.novell.com/show_bug.cgi?id=889854
https://bugzilla.novell.com/show_bug.cgi?id=889854#c3
Chunyan Liu
https://bugzilla.novell.com/show_bug.cgi?id=889854
https://bugzilla.novell.com/show_bug.cgi?id=889854#c4
--- Comment #4 from Chunyan Liu
https://bugzilla.novell.com/show_bug.cgi?id=889854
https://bugzilla.novell.com/show_bug.cgi?id=889854#c5
--- Comment #5 from Chunyan Liu
https://bugzilla.novell.com/show_bug.cgi?id=889854
https://bugzilla.novell.com/show_bug.cgi?id=889854#c6
--- Comment #6 from Chunyan Liu
https://bugzilla.novell.com/show_bug.cgi?id=889854
https://bugzilla.novell.com/show_bug.cgi?id=889854#c
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=889854
https://bugzilla.novell.com/show_bug.cgi?id=889854#c7
Alexander Bergmann
https://bugzilla.novell.com/show_bug.cgi?id=889854
https://bugzilla.novell.com/show_bug.cgi?id=889854#c8
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=889854
https://bugzilla.novell.com/show_bug.cgi?id=889854#c9
--- Comment #9 from Chunyan Liu
As wireshark 1.8 is not getting updates from wireshark.org nor statements of affectedness you would need to find this out.
is 1.8 affected?
Yes, all affect 1.8, which is used in SLE-11 SP3, we need to backport. But looking at openSUSE:Factory, wireshark-1.10 can be built sucessfully against SLE-11-SP3, could we update wireshark on SLE-11-SP3 from 1.8 to 1.10? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=889854
https://bugzilla.novell.com/show_bug.cgi?id=889854#c
Andreas Stieger
participants (1)
-
bugzilla_noreply@novell.com