Bug 820566 - VUL-0: wireshark: security updates to 1.8.7 and 1.6.15
VUL-0: wireshark: security updates to 1.8.7 and 1.6.15
Status: VERIFIED FIXED
Classification: openSUSE
Product: openSUSE 12.3
Classification: openSUSE
Component: Security
Final
All openSUSE 12.3
: P3 - Medium : Normal (vote)
: ---
Assigned To: Security Team bot
E-mail List
CVSSv2:NVD:CVE-2013-2486:6.1:(AV:A/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-05-18 05:35 UTC by Andreas Stieger
Modified: 2018-10-19 18:09 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2013-05-18 05:35:08 UTC
User-Agent:       Mozilla/5.0 (X11; Linux i686; rv:20.0) Gecko/20100101 Firefox/20.0

https://www.wireshark.org/docs/relnotes/wireshark-1.8.7.html

wnpa-sec-2013-23
CVE-2013-2486
CVE-2013-2487
The RELOAD dissector could go into an infinite loop.

wnpa-sec-2013-24
The GTPv2 dissector could crash.

wnpa-sec-2013-25
The ASN.1 BER dissector could crash.

wnpa-sec-2013-26
The PPP CCP dissector could crash.

wnpa-sec-2013-27
The DCP ETSI dissector could crash.

wnpa-sec-2013-28
The MPEG DSM-CC dissector could crash.

wnpa-sec-2013-29
The Websocket dissector could crash.

wnpa-sec-2013-30
The MySQL dissector could go into an infinite loop.

wnpa-sec-2013-31
The ETCH dissector could go into a large loop.



https://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html

1.6.15
wnpa-sec-2013-25
The ASN.1 BER dissector could crash

Reproducible: Always

Steps to Reproduce:
1.
2.
3.
Comment 1 Bernhard Wiedemann 2013-05-18 07:00:28 UTC
This is an autogenerated message for OBS integration:
This bug (820566) was mentioned in
https://build.opensuse.org/request/show/176026 Factory / wireshark
Comment 2 Andreas Stieger 2013-05-18 07:04:02 UTC
maintenance request for openSUSE 12.1 through 12.3:
https://build.opensuse.org/request/show/176027
Comment 3 Bernhard Wiedemann 2013-05-23 06:01:16 UTC
This is an autogenerated message for OBS integration:
This bug (820566) was mentioned in
https://build.opensuse.org/request/show/176385 Maintenance / 
https://build.opensuse.org/request/show/176386 Evergreen:11.2 / wireshark
Comment 4 Andreas Stieger 2013-05-23 19:35:54 UTC
Additional CVEs updated from http://seclists.org/oss-sec/2013/q2/378

The RELOAD dissector could go into an infinite loop
wnpa-sec-2013-23 CVE-2013-2486 CVE-2013-2487

The GTPv2 dissector could crash.
wnpa-sec-2013-24 CVE-2013-3555

The ASN.1 BER dissector could crash.
wnpa-sec-2013-25 CVE-2013-3556 CVE-2013-3557

The PPP CCP dissector could crash.
wnpa-sec-2013-26 CVE-2013-3558

The DCP ETSI dissector could crash.
wnpa-sec-2013-27 CVE-2013-3559

The MPEG DSM-CC dissector could crash.
wnpa-sec-2013-28 CVE-2013-3560

The Websocket dissector could crash.
wnpa-sec-2013-29 CVE-2013-3561 CVE-2013-3562

The MySQL dissector could go into an infinite loop.
wnpa-sec-2013-30 CVE-2013-3561

The ETCH dissector could go into a large loop.
wnpa-sec-2013-31 CVE-2013-3561



Should the update be adjusted accordingly?
Comment 5 Bernhard Wiedemann 2013-05-23 20:00:26 UTC
This is an autogenerated message for OBS integration:
This bug (820566) was mentioned in
https://build.opensuse.org/request/show/176451 Factory / wireshark
Comment 6 Swamp Workflow Management 2013-05-31 14:06:22 UTC
openSUSE-SU-2013:0848-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 820566
CVE References: CVE-2013-2486,CVE-2013-2487
Sources used:
openSUSE 12.2 (src):    wireshark-1.8.7-1.27.1
openSUSE 12.1 (src):    wireshark-1.8.7-3.45.1
Comment 7 Bernhard Wiedemann 2013-06-02 21:00:25 UTC
This is an autogenerated message for OBS integration:
This bug (820566) was mentioned in
https://build.opensuse.org/request/show/177210 Evergreen:11.2 / wireshark
Comment 8 Andreas Stieger 2013-06-07 14:08:17 UTC
update released, closing.
Comment 9 Swamp Workflow Management 2013-06-10 09:17:21 UTC
openSUSE-SU-2013:0911-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 820566
CVE References: CVE-2013-2486,CVE-2013-2487
Sources used:
openSUSE 11.4 (src):    wireshark-1.8.7-45.1
Comment 10 Swamp Workflow Management 2013-06-10 10:14:34 UTC
openSUSE-SU-2013:0947-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 820566
CVE References: CVE-2013-2486,CVE-2013-2487
Sources used:
openSUSE 12.3 (src):    wireshark-1.8.7-1.8.1