[Bug 831718] New: wireshark: security updates to 1.10.1 and 1.8.9
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c0 Summary: wireshark: security updates to 1.10.1 and 1.8.9 Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: All OS/Version: openSUSE 12.3 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: Andreas.Stieger@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686; rv:22.0) Gecko/20100101 Firefox/22.0
From https://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html
The following vulnerabilities have been fixed. wnpa-sec-2013-45 The Bluetooth SDP dissector could go into a large loop. Discovered by Laurent Butti. (Bug 8831) Versions affected: 1.10.0, 1.8.0 to 1.8.8. CVE-2013-4927 wnpa-sec-2013-47 The DIS dissector could go into a large loop. (Bug 8911) Versions affected: 1.10.0, 1.8.0 to 1.8.8. CVE-2013-4929 wnpa-sec-2013-48 The DVB-CI dissector could crash. Discovered by Laurent Butti. (Bug 8916) Versions affected: 1.10.0, 1.8.0 to 1.8.8. CVE-2013-4930 wnpa-sec-2013-49 The GSM RR dissector (and possibly others) could go into a large loop. (Bug 8923) Versions affected: 1.10.0, 1.8.0 to 1.8.8. CVE-2013-4931 wnpa-sec-2013-50 The GSM A Common dissector could crash. (Bug 8940) Versions affected: 1.10.0, 1.8.0 to 1.8.8. CVE-2013-4932 wnpa-sec-2013-51 The Netmon file parser could crash. Discovered by G. Geshev. (Bug 8742) Versions affected: 1.10.0, 1.8.0 to 1.8.8. CVE-2013-4933 CVE-2013-4934 wnpa-sec-2013-52 The ASN.1 PER dissector could crash. Discovered by Oliver-Tobias Ripka. (Bug 8722) Versions affected: 1.10.0, 1.8.0 to 1.8.8. CVE-2013-4935
From https://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html
The following vulnerabilities have been fixed. wnpa-sec-2013-41 The DCP ETSI dissector could crash. (Bug 8717) Versions affected: 1.10.0, 1.8.0 to 1.8.7 CVE-2013-4083 wnpa-sec-2013-42 The P1 dissector could crash. Discovered by Laurent Butti. (Bug 8826) Versions affected: 1.10.0 CVE-2013-4920 wnpa-sec-2013-43 The Radiotap dissector could crash. Discovered by Laurent Butti. (Bug 8830) Versions affected: 1.10.0 CVE-2013-4921 wnpa-sec-2013-44 The DCOM ISystemActivator dissector could crash. Discovered by Laurent Butti. (Bug 8828) Versions affected: 1.10.0 CVE-2013-4922 CVE-2013-4923 CVE-2013-4924 CVE-2013-4925 CVE-2013-4926 wnpa-sec-2013-45 The Bluetooth SDP dissector could go into a large loop. Discovered by Laurent Butti. (Bug 8831) Versions affected: 1.10.0, 1.8.0 to 1.8.8 CVE-2013-4927 wnpa-sec-2013-46 The Bluetooth OBEX dissector could go into an infinite loop. (Bug 8875) Versions affected: 1.10.0 CVE-2013-4928 wnpa-sec-2013-47 The DIS dissector could go into a large loop. (Bug 8911) Versions affected: 1.10.0, 1.8.0 to 1.8.8 CVE-2013-4929 wnpa-sec-2013-48 The DVB-CI dissector could crash. Discovered by Laurent Butti. (Bug 8916) Versions affected: 1.10.0, 1.8.0 to 1.8.8 CVE-2013-4930 wnpa-sec-2013-49 The GSM RR dissector (and possibly others) could go into a large loop. (Bug 8923) Versions affected: 1.10.0, 1.8.0 to 1.8.8 CVE-2013-4931 wnpa-sec-2013-50 The GSM A Common dissector could crash. (Bug 8940) Versions affected: 1.10.0, 1.8.0 to 1.8.8 CVE-2013-4932 wnpa-sec-2013-51 The Netmon file parser could crash. Discovered by G. Geshev. (Bug 8742) Versions affected: 1.10.0, 1.8.0 to 1.8.8 CVE-2013-4933 CVE-2013-4934 wnpa-sec-2013-52 The ASN.1 PER dissector could crash. Discovered by Oliver-Tobias Ripka. (Bug 8722) Versions affected: 1.10.0, 1.8.0 to 1.8.8 CVE-2013-4935 wnpa-sec-2013-53 The PROFINET Real-Time dissector could crash. (Bug 8904) Versions affected: 1.10.0 CVE-2013-4936 Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |ASSIGNED AssignedTo|security-team@suse.de |Andreas.Stieger@gmx.de -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c1 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |security-team@suse.de --- Comment #1 from Andreas Stieger <Andreas.Stieger@gmx.de> 2013-07-26 23:55:05 UTC --- Maintenance request for 1.8.8 -> 1.8.9 for openSUSE 12.2 and 12.3: https://build.opensuse.org/request/show/184463 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c2 --- Comment #2 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-07-27 02:00:07 CEST --- This is an autogenerated message for OBS integration: This bug (831718) was mentioned in https://build.opensuse.org/request/show/184462 Maintenance / -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c3 --- Comment #3 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-07-27 03:00:08 CEST --- This is an autogenerated message for OBS integration: This bug (831718) was mentioned in https://build.opensuse.org/request/show/184465 Factory / wireshark -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED CC| |meissner@suse.com InfoProvider|security-team@suse.de | Summary|wireshark: security updates |VUL-0: wireshark: security |to 1.10.1 and 1.8.9 |updates to 1.10.1 and 1.8.9 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |obs:running:1892:moderate -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c4 --- Comment #4 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-07-29 09:00:23 CEST --- This is an autogenerated message for OBS integration: This bug (831718) was mentioned in https://build.opensuse.org/request/show/184572 Maintenance / -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|obs:running:1892:moderate | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c5 --- Comment #5 from Swamp Workflow Management <swamp@suse.de> 2013-08-05 09:04:42 UTC --- openSUSE-SU-2013:1295-1: An update that fixes 8 vulnerabilities is now available. Category: security (moderate) Bug References: 831718 CVE References: CVE-2013-4927,CVE-2013-4929,CVE-2013-4930,CVE-2013-4931,CVE-2013-4932,CVE-2013-4933,CVE-2013-4934,CVE-2013-4935 Sources used: openSUSE 12.3 (src): wireshark-1.8.9-1.16.1 openSUSE 12.2 (src): wireshark-1.8.9-1.35.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c6 --- Comment #6 from Swamp Workflow Management <swamp@suse.de> 2013-08-05 12:04:19 UTC --- openSUSE-SU-2013:1300-1: An update that fixes 8 vulnerabilities is now available. Category: security (moderate) Bug References: 831718 CVE References: CVE-2013-4927,CVE-2013-4929,CVE-2013-4930,CVE-2013-4931,CVE-2013-4932,CVE-2013-4933,CVE-2013-4934,CVE-2013-4935 Sources used: openSUSE 11.4 (src): wireshark-1.8.9-53.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c7 Chunyan Liu <cyliu@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cyliu@suse.com --- Comment #7 from Chunyan Liu <cyliu@suse.com> 2013-08-06 07:34:51 UTC --- Updated SLE-11 to 1.8.9. sr#28177 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c9 --- Comment #9 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-08-23 09:00:09 CEST --- This is an autogenerated message for OBS integration: This bug (831718) was mentioned in https://build.opensuse.org/request/show/196054 Evergreen:11.2 / wireshark -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c10 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #10 from Andreas Stieger <Andreas.Stieger@gmx.de> 2013-08-23 12:38:33 UTC --- updates released, closing -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c11 --- Comment #11 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-08-26 08:00:09 CEST --- This is an autogenerated message for OBS integration: This bug (831718) was mentioned in https://build.opensuse.org/request/show/196334 Evergreen:11.2 / wireshark -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c12 Alexander Bergmann <abergmann@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |REOPENED CC| |abergmann@suse.com Resolution|FIXED | --- Comment #12 from Alexander Bergmann <abergmann@suse.com> 2013-09-10 07:44:36 UTC --- Reopened. Still missing SLE11 updates. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |maint:running:52994:moderat | |e -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c13 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:52994:moderat |maint:running:52994:moderat |e |e | |maint:running:54386:moderat | |e --- Comment #13 from Swamp Workflow Management <swamp@suse.de> 2013-09-10 08:39:18 UTC --- The SWAMPID for this issue is 54386. This issue was rated as moderate. Please submit fixed packages until 2013-09-24. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c14 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |ASSIGNED AssignedTo|Andreas.Stieger@gmx.de |cyliu@suse.com --- Comment #14 from Andreas Stieger <Andreas.Stieger@gmx.de> 2013-09-10 09:28:42 UTC --- (In reply to comment #12)
Reopened. Still missing SLE11 updates.
That's odd: (In reply to comment #7)
Updated SLE-11 to 1.8.9. sr#28177
Assigned back to Chun. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c15 --- Comment #15 from Alexander Bergmann <abergmann@suse.com> 2013-09-11 08:42:54 UTC --- Okay, what I actually meant was: "SLE11 is not released yet." This incident should be finished shortly. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c16 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:52994:moderat |maint:running:52994:moderat |e |e |maint:running:54386:moderat |maint:running:54386:moderat |e |e | |maint:released:sle11-sp1:54 | |387 --- Comment #16 from Swamp Workflow Management <swamp@suse.de> 2013-09-12 08:04:22 UTC --- Update released for: wireshark, wireshark-debuginfo, wireshark-debugsource, wireshark-devel Products: SLE-SERVER 11-SP1-TERADATA (x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c17 Alexander Bergmann <abergmann@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |FIXED --- Comment #17 from Alexander Bergmann <abergmann@suse.com> 2013-09-12 09:15:16 UTC --- wireshark 1.8.9 was released today. Closing bug. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c18 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:52994:moderat |maint:running:52994:moderat |e |e |maint:running:54386:moderat |maint:running:54386:moderat |e |e |maint:released:sle11-sp1:54 |maint:released:sle11-sp1:54 |387 |387 | |maint:released:sle11-sp3:54 | |389 --- Comment #18 from Swamp Workflow Management <swamp@suse.de> 2013-09-13 15:54:41 UTC --- Update released for: wireshark, wireshark-debuginfo, wireshark-debugsource, wireshark-devel Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c19 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:52994:moderat |maint:running:52994:moderat |e |e |maint:running:54386:moderat |maint:running:54386:moderat |e |e |maint:released:sle11-sp1:54 |maint:released:sle11-sp1:54 |387 |387 |maint:released:sle11-sp3:54 |maint:released:sle11-sp3:54 |389 |389 | |maint:released:sle11-sp2:54 | |388 --- Comment #19 from Swamp Workflow Management <swamp@suse.de> 2013-09-13 16:15:00 UTC --- Update released for: wireshark, wireshark-debuginfo, wireshark-debugsource, wireshark-devel Products: SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP2 (i386, x86_64) SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP2 (i386, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:52994:moderat |maint:running:52994:moderat |e |e |maint:running:54386:moderat |maint:released:sle11-sp1:54 |e |387 |maint:released:sle11-sp1:54 |maint:released:sle11-sp3:54 |387 |389 |maint:released:sle11-sp3:54 |maint:released:sle11-sp2:54 |389 |388 |maint:released:sle11-sp2:54 | |388 | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=831718 https://bugzilla.novell.com/show_bug.cgi?id=831718#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:52994:moderat |maint:running:52994:moderat |e |e |maint:released:sle11-sp1:54 |maint:released:sle11-sp1:54 |387 |387 |maint:released:sle11-sp3:54 |maint:released:sle11-sp3:54 |389 |389 |maint:released:sle11-sp2:54 |maint:released:sle11-sp2:54 |388 |388 | |maint:running:54386:moderat | |e -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com