https://bugzilla.novell.com/show_bug.cgi?id=820566
https://bugzilla.novell.com/show_bug.cgi?id=820566#c0
Summary: wireshark security updates to 1.8.7 and 1.6.15 Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: All OS/Version: openSUSE 12.3 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: Andreas.Stieger@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: ---
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:20.0) Gecko/20100101 Firefox/20.0
https://www.wireshark.org/docs/relnotes/wireshark-1.8.7.html
wnpa-sec-2013-23 CVE-2013-2486 CVE-2013-2487 The RELOAD dissector could go into an infinite loop.
wnpa-sec-2013-24 The GTPv2 dissector could crash.
wnpa-sec-2013-25 The ASN.1 BER dissector could crash.
wnpa-sec-2013-26 The PPP CCP dissector could crash.
wnpa-sec-2013-27 The DCP ETSI dissector could crash.
wnpa-sec-2013-28 The MPEG DSM-CC dissector could crash.
wnpa-sec-2013-29 The Websocket dissector could crash.
wnpa-sec-2013-30 The MySQL dissector could go into an infinite loop.
wnpa-sec-2013-31 The ETCH dissector could go into a large loop.
https://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html
1.6.15 wnpa-sec-2013-25 The ASN.1 BER dissector could crash
Reproducible: Always
Steps to Reproduce: 1. 2. 3.
https://bugzilla.novell.com/show_bug.cgi?id=820566
https://bugzilla.novell.com/show_bug.cgi?id=820566#c
Andreas Stieger Andreas.Stieger@gmx.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |ASSIGNED AssignedTo|security-team@suse.de |Andreas.Stieger@gmx.de
https://bugzilla.novell.com/show_bug.cgi?id=820566
https://bugzilla.novell.com/show_bug.cgi?id=820566#c1
--- Comment #1 from Bernhard Wiedemann bwiedemann@suse.com 2013-05-18 09:00:28 CEST --- This is an autogenerated message for OBS integration: This bug (820566) was mentioned in https://build.opensuse.org/request/show/176026 Factory / wireshark
https://bugzilla.novell.com/show_bug.cgi?id=820566
https://bugzilla.novell.com/show_bug.cgi?id=820566#c2
Andreas Stieger Andreas.Stieger@gmx.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO CC| |cyliu@suse.com InfoProvider| |security-team@suse.de
--- Comment #2 from Andreas Stieger Andreas.Stieger@gmx.de 2013-05-18 07:04:02 UTC --- maintenance request for openSUSE 12.1 through 12.3: https://build.opensuse.org/request/show/176027
https://bugzilla.novell.com/show_bug.cgi?id=820566
https://bugzilla.novell.com/show_bug.cgi?id=820566#c
Swamp Workflow Management swamp@suse.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |obs:running:1689:moderate
https://bugzilla.novell.com/show_bug.cgi?id=820566
https://bugzilla.novell.com/show_bug.cgi?id=820566#c
Marcus Meissner meissner@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|wireshark security updates |VUL-0: wireshark: security |to 1.8.7 and 1.6.15 |updates to 1.8.7 and 1.6.15
https://bugzilla.novell.com/show_bug.cgi?id=820566
https://bugzilla.novell.com/show_bug.cgi?id=820566#c3
--- Comment #3 from Bernhard Wiedemann bwiedemann@suse.com 2013-05-23 08:01:16 CEST --- This is an autogenerated message for OBS integration: This bug (820566) was mentioned in https://build.opensuse.org/request/show/176385 Maintenance / https://build.opensuse.org/request/show/176386 Evergreen:11.2 / wireshark
https://bugzilla.novell.com/show_bug.cgi?id=820566
https://bugzilla.novell.com/show_bug.cgi?id=820566#c4
Andreas Stieger Andreas.Stieger@gmx.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED CC| |Andreas.Stieger@gmx.de InfoProvider|security-team@suse.de | AssignedTo|Andreas.Stieger@gmx.de |security-team@suse.de
--- Comment #4 from Andreas Stieger Andreas.Stieger@gmx.de 2013-05-23 19:35:54 UTC --- Additional CVEs updated from http://seclists.org/oss-sec/2013/q2/378
The RELOAD dissector could go into an infinite loop wnpa-sec-2013-23 CVE-2013-2486 CVE-2013-2487
The GTPv2 dissector could crash. wnpa-sec-2013-24 CVE-2013-3555
The ASN.1 BER dissector could crash. wnpa-sec-2013-25 CVE-2013-3556 CVE-2013-3557
The PPP CCP dissector could crash. wnpa-sec-2013-26 CVE-2013-3558
The DCP ETSI dissector could crash. wnpa-sec-2013-27 CVE-2013-3559
The MPEG DSM-CC dissector could crash. wnpa-sec-2013-28 CVE-2013-3560
The Websocket dissector could crash. wnpa-sec-2013-29 CVE-2013-3561 CVE-2013-3562
The MySQL dissector could go into an infinite loop. wnpa-sec-2013-30 CVE-2013-3561
The ETCH dissector could go into a large loop. wnpa-sec-2013-31 CVE-2013-3561
Should the update be adjusted accordingly?
https://bugzilla.novell.com/show_bug.cgi?id=820566
https://bugzilla.novell.com/show_bug.cgi?id=820566#c5
--- Comment #5 from Bernhard Wiedemann bwiedemann@suse.com 2013-05-23 22:00:26 CEST --- This is an autogenerated message for OBS integration: This bug (820566) was mentioned in https://build.opensuse.org/request/show/176451 Factory / wireshark
https://bugzilla.novell.com/show_bug.cgi?id=820566
https://bugzilla.novell.com/show_bug.cgi?id=820566#c
Swamp Workflow Management swamp@suse.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|obs:running:1689:moderate |
https://bugzilla.novell.com/show_bug.cgi?id=820566
https://bugzilla.novell.com/show_bug.cgi?id=820566#c6
--- Comment #6 from Swamp Workflow Management swamp@suse.de 2013-05-31 14:06:22 UTC --- openSUSE-SU-2013:0848-1: An update that fixes two vulnerabilities is now available.
Category: security (moderate) Bug References: 820566 CVE References: CVE-2013-2486,CVE-2013-2487 Sources used: openSUSE 12.2 (src): wireshark-1.8.7-1.27.1 openSUSE 12.1 (src): wireshark-1.8.7-3.45.1
https://bugzilla.novell.com/show_bug.cgi?id=820566
https://bugzilla.novell.com/show_bug.cgi?id=820566#c7
--- Comment #7 from Bernhard Wiedemann bwiedemann@suse.com 2013-06-02 23:00:25 CEST --- This is an autogenerated message for OBS integration: This bug (820566) was mentioned in https://build.opensuse.org/request/show/177210 Evergreen:11.2 / wireshark
https://bugzilla.novell.com/show_bug.cgi?id=820566
https://bugzilla.novell.com/show_bug.cgi?id=820566#c8
Andreas Stieger Andreas.Stieger@gmx.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |FIXED
--- Comment #8 from Andreas Stieger Andreas.Stieger@gmx.de 2013-06-07 14:08:17 UTC --- update released, closing.
https://bugzilla.novell.com/show_bug.cgi?id=820566
https://bugzilla.novell.com/show_bug.cgi?id=820566#c9
--- Comment #9 from Swamp Workflow Management swamp@suse.de 2013-06-10 09:17:21 UTC --- openSUSE-SU-2013:0911-1: An update that fixes two vulnerabilities is now available.
Category: security (moderate) Bug References: 820566 CVE References: CVE-2013-2486,CVE-2013-2487 Sources used: openSUSE 11.4 (src): wireshark-1.8.7-45.1
https://bugzilla.novell.com/show_bug.cgi?id=820566
https://bugzilla.novell.com/show_bug.cgi?id=820566#c10
--- Comment #10 from Swamp Workflow Management swamp@suse.de 2013-06-10 10:14:34 UTC --- openSUSE-SU-2013:0947-1: An update that fixes two vulnerabilities is now available.
Category: security (moderate) Bug References: 820566 CVE References: CVE-2013-2486,CVE-2013-2487 Sources used: openSUSE 12.3 (src): wireshark-1.8.7-1.8.1
http://bugzilla.novell.com/show_bug.cgi?id=820566
SMASH SMASH smash_bz@suse.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| | | |CVSSv2:NVD:CVE-2013-2486:6. | |1:(AV:A/AC:L/Au:N/C:N/I:N/A | |:C) | |CVSSv2:RedHat:CVE-2013-2486 | |:4.3:(AV:N/AC:M/Au:N/C:N/I: | |N/A:P) | |CVSSv2:RedHat:CVE-2013-2487 | |:4.3:(AV:N/AC:M/Au:N/C:N/I: | |N/A:P)
-
bugzilla_noreply@novell.com