openSUSE Security Update: wireshark to 1.8.4 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0151-1 Rating: moderate References: #780669 #792005 Cross-References: CVE-2012-5592 CVE-2012-5593 CVE-2012-5594 CVE-2012-5595 CVE-2012-5596 CVE-2012-5597 CVE-2012-5598 CVE-2012-5599 CVE-2012-5600 CVE-2012-5601 CVE-2012-5602 Affected Products: openSUSE 11.4/standard/i586/patchinfo.29 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update fixes the following issues for wireshark: - Security update to 1.8.4: https://www.wireshark.org/docs/relnotes/wireshark-1.8.4.html http://seclists.org/oss-sec/2012/q4/378 CVE-2012-5592 Wireshark #1 pcap-ng hostname disclosure (wnpa-sec-2012-30) CVE-2012-5593 Wireshark #2 DoS (infinite loop) in the USB dissector (wnpa-sec-2012-31) CVE-2012-5594 Wireshark #3 DoS (infinite loop) in the sFlow dissector (wnpa-sec-2012-32) CVE-2012-5595 Wireshark #4 DoS (infinite loop) in the SCTP dissector (wnpa-sec-2012-33) CVE-2012-5596 Wireshark #5 DoS (infinite loop) in the EIGRP dissector (wnpa-sec-2012-34) CVE-2012-5597 Wireshark #6 DoS (crash) in the ISAKMP dissector (wnpa-sec-2012-35) CVE-2012-5598 Wireshark #7 DoS (infinite loop) in the iSCSI dissector (wnpa-sec-2012-36) CVE-2012-5599 Wireshark #8 DoS (infinite loop) in the WTP dissector (wnpa-sec-2012-37) CVE-2012-5600 Wireshark #9 DoS (infinite loop) in the RTCP dissector (wnpa-sec-2012-38) CVE-2012-5601 Wireshark #10 DoS (infinite loop) in the 3GPP2 A11 dissector (wnpa-sec-2012-39) CVE-2012-5602 Wireshark #11 DoS (infinite loop) in the ICMPv6 dissector (wnpa-sec-2012-40) And also the bugfix: - bnc#780669: change wireshark.spec BuildRequires lua-devel to lua51-devel to fix lua-support in openSUSE 12.2 Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4/standard/i586/patchinfo.29: zypper in -t patch 2012-18 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4/standard/i586/patchinfo.29 (i586 x86_64): wireshark-1.8.4-33.1 wireshark-debuginfo-1.8.4-33.1 wireshark-debugsource-1.8.4-33.1 wireshark-devel-1.8.4-33.1 References: http://support.novell.com/security/cve/CVE-2012-5592.html http://support.novell.com/security/cve/CVE-2012-5593.html http://support.novell.com/security/cve/CVE-2012-5594.html http://support.novell.com/security/cve/CVE-2012-5595.html http://support.novell.com/security/cve/CVE-2012-5596.html http://support.novell.com/security/cve/CVE-2012-5597.html http://support.novell.com/security/cve/CVE-2012-5598.html http://support.novell.com/security/cve/CVE-2012-5599.html http://support.novell.com/security/cve/CVE-2012-5600.html http://support.novell.com/security/cve/CVE-2012-5601.html http://support.novell.com/security/cve/CVE-2012-5602.html https://bugzilla.novell.com/780669 https://bugzilla.novell.com/792005