Bug 807942 - VUL-0: wireshark update to 1.8.6
VUL-0: wireshark update to 1.8.6
Status: RESOLVED FIXED
: 814816 (view as bug list)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
All openSUSE 12.2
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
maint:released:sle11-sp1:51607 maint:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-03-06 23:57 UTC by Andreas Stieger
Modified: 2019-05-01 16:03 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2013-03-06 23:57:23 UTC
User-Agent:       Mozilla/5.0 (X11; Linux i686; rv:19.0) Gecko/20100101 Firefox/19.0

A bugfix release for Wireshark fixes security issues and bugs.
From https://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html

The TCP dissector could crash.
wnpa-sec-2013-10 CVE-2013-2475

The HART/IP dissectory could go into an infinite loop.
wnpa-sec-2013-11 CVE-2013-2476

The CSN.1 dissector could crash.
wnpa-sec-2013-12 CVE-2013-2477

The MS-MMS dissector could crash.
wnpa-sec-2013-13 CVE-2013-2478

The MPLS Echo dissector could go into an infinite loop. 
wnpa-sec-2013-14 CVE-2013-2479

The RTPS and RTPS2 dissectors could crash.
wnpa-sec-2013-15 CVE-2013-2480

The Mount dissector could crash.
wnpa-sec-2013-16 CVE-2013-2481

The AMPQ dissector could go into an infinite loop.
wnpa-sec-2013-17 CVE-2013-2482

The ACN dissector could attempt to divide by zero.
wnpa-sec-2013-18 CVE-2013-2483

The CIMD dissector could crash.
wnpa-sec-2013-19 CVE-2013-2484

The FCSP dissector could go into an infinite loop.
wnpa-sec-2013-20 CVE-2013-2485

The RELOAD dissector could go into an infinite loop.
wnpa-sec-2013-21 CVE-2013-2486 CVE-2013-2487

The DTLS dissector could crash.
wnpa-sec-2013-22 CVE-2013-2488 

Reproducible: Always




Some of these also affect the oldstable 1.6.x series (in SLE) for which 1.6.14 is available.
https://www.wireshark.org/docs/relnotes/wireshark-1.6.14.html
Comment 1 Andreas Stieger 2013-03-07 08:45:11 UTC
Submit request network:utilities / wireshark to openSUSE:Factory / wireshark
https://build.opensuse.org/request/show/157611

Maintenance request for 12.1, 12.2, 12.3:
https://build.opensuse.org/request/show/157612
Comment 2 Marcus Meissner 2013-03-08 15:35:27 UTC
thanks!
opensuse looks good.
Comment 3 Swamp Workflow Management 2013-03-08 15:40:41 UTC
The SWAMPID for this issue is 51554.
This issue was rated as moderate.
Please submit fixed packages until 2013-03-22.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 6 Bernhard Wiedemann 2013-03-14 07:00:08 UTC
This is an autogenerated message for OBS integration:
This bug (807942) was mentioned in
https://build.opensuse.org/request/show/159273 Maintenance /
Comment 7 Bernhard Wiedemann 2013-03-14 09:00:37 UTC
This is an autogenerated message for OBS integration:
This bug (807942) was mentioned in
https://build.opensuse.org/request/show/159285 Evergreen:11.2 / wireshark
Comment 8 Swamp Workflow Management 2013-03-20 10:04:31 UTC
openSUSE-SU-2013:0494-1: An update that fixes 14 vulnerabilities is now available.

Category: security (moderate)
Bug References: 807942
CVE References: CVE-2013-2475,CVE-2013-2476,CVE-2013-2477,CVE-2013-2478,CVE-2013-2479,CVE-2013-2480,CVE-2013-2481,CVE-2013-2482,CVE-2013-2483,CVE-2013-2484,CVE-2013-2485,CVE-2013-2486,CVE-2013-2487,CVE-2013-2488
Sources used:
openSUSE 12.3 (src):    wireshark-1.8.6-1.4.1
openSUSE 12.2 (src):    wireshark-1.8.6-1.23.1
openSUSE 12.1 (src):    wireshark-1.8.6-3.41.1
Comment 9 Swamp Workflow Management 2013-03-20 13:05:56 UTC
openSUSE-SU-2013:0506-1: An update that fixes 14 vulnerabilities is now available.

Category: security (moderate)
Bug References: 807942
CVE References: CVE-2013-2475,CVE-2013-2476,CVE-2013-2477,CVE-2013-2478,CVE-2013-2479,CVE-2013-2480,CVE-2013-2481,CVE-2013-2482,CVE-2013-2483,CVE-2013-2484,CVE-2013-2485,CVE-2013-2486,CVE-2013-2487,CVE-2013-2488
Sources used:
openSUSE 11.4 (src):    wireshark-1.8.6-41.1
Comment 10 Bernhard Wiedemann 2013-03-21 07:00:34 UTC
This is an autogenerated message for OBS integration:
This bug (807942) was mentioned in
https://build.opensuse.org/request/show/160383 Evergreen:11.2 / wireshark
Comment 11 Alexander Bergmann 2013-04-18 12:21:25 UTC
*** Bug 814816 has been marked as a duplicate of this bug. ***
Comment 12 Alexander Bergmann 2013-04-18 12:27:31 UTC
CVE-2012-6054 and CVE-2012-6056 are fixed with release 1.6.14 and 1.8.4.
Comment 13 Alexander Bergmann 2013-04-26 07:42:47 UTC
Packages released. Closing bug.
Comment 14 Swamp Workflow Management 2013-04-26 08:04:33 UTC
Update released for: wireshark, wireshark-debuginfo, wireshark-debugsource, wireshark-devel
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)
Comment 15 Swamp Workflow Management 2013-04-26 10:01:24 UTC
Update released for: wireshark, wireshark-debuginfo, wireshark-devel
Products:
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Comment 16 Swamp Workflow Management 2013-04-26 10:20:35 UTC
Update released for: wireshark, wireshark-debuginfo, wireshark-debugsource, wireshark-devel
Products:
SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)
SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)
Comment 17 Swamp Workflow Management 2013-04-26 11:04:47 UTC
Update released for: wireshark, wireshark-debuginfo, wireshark-devel
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)