openSUSE Security Update: update for wireshark ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0657-1 Rating: moderate References: #763634 Cross-References: CVE-2012-2392 CVE-2012-2393 CVE-2012-2394 Affected Products: openSUSE 12.1 openSUSE 11.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update is a maintenance release of Wireshark. It fixes some vulererabilities when dissecting certain protocols. As packages for these protocols may be received over the network, an attacker may trigger infinite or large loops or crashes of the dissector. Wireshark release notes and advisories: - http://www.wireshark.org/docs/relnotes/wireshark-1.4.13.html - http://www.wireshark.org/security/wnpa-sec-2012-08.html * CVE-2012-2392 - http://www.wireshark.org/security/wnpa-sec-2012-09.html * CVE-2012-2393 - http://www.wireshark.org/security/wnpa-sec-2012-10.html * CVE-2012-2394 Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-297 - openSUSE 11.4: zypper in -t patch openSUSE-2012-297 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): wireshark-1.4.13-3.12.1 wireshark-debuginfo-1.4.13-3.12.1 wireshark-debugsource-1.4.13-3.12.1 wireshark-devel-1.4.13-3.12.1 - openSUSE 11.4 (i586 x86_64): wireshark-1.4.13-0.14.1 wireshark-debuginfo-1.4.13-0.14.1 wireshark-debugsource-1.4.13-0.14.1 wireshark-devel-1.4.13-0.14.1 References: http://support.novell.com/security/cve/CVE-2012-2392.html http://support.novell.com/security/cve/CVE-2012-2393.html http://support.novell.com/security/cve/CVE-2012-2394.html https://bugzilla.novell.com/763634