openSUSE-SU-2014:0382-1: moderate: wireshark to 1.8.13/1.10.6 - openSUSE Updates

17 Mar 2014


      openSUSE Security Update: wireshark to 1.8.13/1.10.6
______________________________________________________________________________
Announcement ID:    openSUSE-SU-2014:0382-1
Rating:             moderate
References:         #867485 
Cross-References:   CVE-2014-2281 CVE-2014-2282 CVE-2014-2283
                    CVE-2014-2299
Affected Products:
                    openSUSE 13.1
                    openSUSE 12.3
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
Wireshark was updated to version 1.8.13 on openSUSE 12.3
   and 1.10.6 on openSUSE 13.1 to fix security issues and bugs.
Wireshark update to 1.8.13 [bnc#867485]
   + vulnerabilities fixed:
   * The NFS dissector could crash wnpa-sec-2014-01
   CVE-2014-2281
   * The RLC dissector could crash wnpa-sec-2014-03
   CVE-2014-2283
   * The MPEG file parser could overflow a buffer
   wnpa-sec-2014-04 CVE-2014-2299
   + Further bug fixes and updated protocol support as
   listed in:
   https://www.wireshark.org/docs/relnotes/wireshark-1.8.13.htm
   l
Wireshark update to 1.10.6 [bnc#867485]
   + vulnerabilities fixed:
   * The NFS dissector could crash wnpa-sec-2014-01
   CVE-2014-2281
   * The M3UA dissector could crash wnpa-sec-2014-02
   CVE-2014-2282
   * The RLC dissector could crash wnpa-sec-2014-03
   CVE-2014-2283
   * The MPEG file parser could overflow a buffer
   wnpa-sec-2014-04 CVE-2014-2299
   + Further bug fixes and updated protocol support as
   listed in:
   https://www.wireshark.org/docs/relnotes/wireshark-1.10.6.htm
   l
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-214
- openSUSE 12.3:
zypper in -t patch openSUSE-2014-214
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (i586 x86_64):
wireshark-1.10.6-8.1
      wireshark-debuginfo-1.10.6-8.1
      wireshark-debugsource-1.10.6-8.1
      wireshark-devel-1.10.6-8.1
- openSUSE 12.3 (i586 x86_64):
wireshark-1.8.13-1.32.1
      wireshark-debuginfo-1.8.13-1.32.1
      wireshark-debugsource-1.8.13-1.32.1
      wireshark-devel-1.8.13-1.32.1
References:
http://support.novell.com/security/cve/CVE-2014-2281.html
   http://support.novell.com/security/cve/CVE-2014-2282.html
   http://support.novell.com/security/cve/CVE-2014-2283.html
   http://support.novell.com/security/cve/CVE-2014-2299.html
   https://bugzilla.novell.com/867485