[Bug 820566] New: wireshark security updates to 1.8.7 and 1.6.15
https://bugzilla.novell.com/show_bug.cgi?id=820566 https://bugzilla.novell.com/show_bug.cgi?id=820566#c0 Summary: wireshark security updates to 1.8.7 and 1.6.15 Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: All OS/Version: openSUSE 12.3 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: Andreas.Stieger@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686; rv:20.0) Gecko/20100101 Firefox/20.0 https://www.wireshark.org/docs/relnotes/wireshark-1.8.7.html wnpa-sec-2013-23 CVE-2013-2486 CVE-2013-2487 The RELOAD dissector could go into an infinite loop. wnpa-sec-2013-24 The GTPv2 dissector could crash. wnpa-sec-2013-25 The ASN.1 BER dissector could crash. wnpa-sec-2013-26 The PPP CCP dissector could crash. wnpa-sec-2013-27 The DCP ETSI dissector could crash. wnpa-sec-2013-28 The MPEG DSM-CC dissector could crash. wnpa-sec-2013-29 The Websocket dissector could crash. wnpa-sec-2013-30 The MySQL dissector could go into an infinite loop. wnpa-sec-2013-31 The ETCH dissector could go into a large loop. https://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html 1.6.15 wnpa-sec-2013-25 The ASN.1 BER dissector could crash Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=820566 https://bugzilla.novell.com/show_bug.cgi?id=820566#c Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |ASSIGNED AssignedTo|security-team@suse.de |Andreas.Stieger@gmx.de -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=820566 https://bugzilla.novell.com/show_bug.cgi?id=820566#c1 --- Comment #1 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-05-18 09:00:28 CEST --- This is an autogenerated message for OBS integration: This bug (820566) was mentioned in https://build.opensuse.org/request/show/176026 Factory / wireshark -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=820566 https://bugzilla.novell.com/show_bug.cgi?id=820566#c2 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO CC| |cyliu@suse.com InfoProvider| |security-team@suse.de --- Comment #2 from Andreas Stieger <Andreas.Stieger@gmx.de> 2013-05-18 07:04:02 UTC --- maintenance request for openSUSE 12.1 through 12.3: https://build.opensuse.org/request/show/176027 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=820566 https://bugzilla.novell.com/show_bug.cgi?id=820566#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |obs:running:1689:moderate -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=820566 https://bugzilla.novell.com/show_bug.cgi?id=820566#c Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|wireshark security updates |VUL-0: wireshark: security |to 1.8.7 and 1.6.15 |updates to 1.8.7 and 1.6.15 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=820566 https://bugzilla.novell.com/show_bug.cgi?id=820566#c3 --- Comment #3 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-05-23 08:01:16 CEST --- This is an autogenerated message for OBS integration: This bug (820566) was mentioned in https://build.opensuse.org/request/show/176385 Maintenance / https://build.opensuse.org/request/show/176386 Evergreen:11.2 / wireshark -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=820566 https://bugzilla.novell.com/show_bug.cgi?id=820566#c4 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED CC| |Andreas.Stieger@gmx.de InfoProvider|security-team@suse.de | AssignedTo|Andreas.Stieger@gmx.de |security-team@suse.de --- Comment #4 from Andreas Stieger <Andreas.Stieger@gmx.de> 2013-05-23 19:35:54 UTC --- Additional CVEs updated from http://seclists.org/oss-sec/2013/q2/378 The RELOAD dissector could go into an infinite loop wnpa-sec-2013-23 CVE-2013-2486 CVE-2013-2487 The GTPv2 dissector could crash. wnpa-sec-2013-24 CVE-2013-3555 The ASN.1 BER dissector could crash. wnpa-sec-2013-25 CVE-2013-3556 CVE-2013-3557 The PPP CCP dissector could crash. wnpa-sec-2013-26 CVE-2013-3558 The DCP ETSI dissector could crash. wnpa-sec-2013-27 CVE-2013-3559 The MPEG DSM-CC dissector could crash. wnpa-sec-2013-28 CVE-2013-3560 The Websocket dissector could crash. wnpa-sec-2013-29 CVE-2013-3561 CVE-2013-3562 The MySQL dissector could go into an infinite loop. wnpa-sec-2013-30 CVE-2013-3561 The ETCH dissector could go into a large loop. wnpa-sec-2013-31 CVE-2013-3561 Should the update be adjusted accordingly? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=820566 https://bugzilla.novell.com/show_bug.cgi?id=820566#c5 --- Comment #5 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-05-23 22:00:26 CEST --- This is an autogenerated message for OBS integration: This bug (820566) was mentioned in https://build.opensuse.org/request/show/176451 Factory / wireshark -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=820566 https://bugzilla.novell.com/show_bug.cgi?id=820566#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|obs:running:1689:moderate | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=820566 https://bugzilla.novell.com/show_bug.cgi?id=820566#c6 --- Comment #6 from Swamp Workflow Management <swamp@suse.de> 2013-05-31 14:06:22 UTC --- openSUSE-SU-2013:0848-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 820566 CVE References: CVE-2013-2486,CVE-2013-2487 Sources used: openSUSE 12.2 (src): wireshark-1.8.7-1.27.1 openSUSE 12.1 (src): wireshark-1.8.7-3.45.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=820566 https://bugzilla.novell.com/show_bug.cgi?id=820566#c7 --- Comment #7 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-06-02 23:00:25 CEST --- This is an autogenerated message for OBS integration: This bug (820566) was mentioned in https://build.opensuse.org/request/show/177210 Evergreen:11.2 / wireshark -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=820566 https://bugzilla.novell.com/show_bug.cgi?id=820566#c8 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |FIXED --- Comment #8 from Andreas Stieger <Andreas.Stieger@gmx.de> 2013-06-07 14:08:17 UTC --- update released, closing. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=820566 https://bugzilla.novell.com/show_bug.cgi?id=820566#c9 --- Comment #9 from Swamp Workflow Management <swamp@suse.de> 2013-06-10 09:17:21 UTC --- openSUSE-SU-2013:0911-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 820566 CVE References: CVE-2013-2486,CVE-2013-2487 Sources used: openSUSE 11.4 (src): wireshark-1.8.7-45.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=820566 https://bugzilla.novell.com/show_bug.cgi?id=820566#c10 --- Comment #10 from Swamp Workflow Management <swamp@suse.de> 2013-06-10 10:14:34 UTC --- openSUSE-SU-2013:0947-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 820566 CVE References: CVE-2013-2486,CVE-2013-2487 Sources used: openSUSE 12.3 (src): wireshark-1.8.7-1.8.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=820566 SMASH SMASH <smash_bz@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| | | |CVSSv2:NVD:CVE-2013-2486:6. | |1:(AV:A/AC:L/Au:N/C:N/I:N/A | |:C) | |CVSSv2:RedHat:CVE-2013-2486 | |:4.3:(AV:N/AC:M/Au:N/C:N/I: | |N/A:P) | |CVSSv2:RedHat:CVE-2013-2487 | |:4.3:(AV:N/AC:M/Au:N/C:N/I: | |N/A:P) -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com