Bug 867485 - (CVE-2014-2281) VUL-0: wireshark 1.10.6 and 1.8.13 maintenance releases fix several vulnerabilities
(CVE-2014-2281)
VUL-0: wireshark 1.10.6 and 1.8.13 maintenance releases fix several vulnerabi...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
All All
: P3 - Medium : Normal
: ---
Assigned To: Chunyan Liu
Security Team bot
maint:released:sle11-sp1:56779 maint...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-03-08 10:02 UTC by Andreas Stieger
Modified: 2014-07-24 10:00 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2014-03-08 10:02:24 UTC
User-Agent:       Mozilla/5.0 (X11; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0

https://www.wireshark.org/docs/relnotes/wireshark-1.10.6.html

* The NFS dissector could crash
  wnpa-sec-2014-01 CVE-2014-2281
* The M3UA dissector could crash
  wnpa-sec-2014-02 CVE-2014-2282
* The RLC dissector could crash
  wnpa-sec-2014-03 CVE-2014-2283
* The MPEG file parser could overflow a buffer
  wnpa-sec-2014-04 CVE-2014-2299

https://www.wireshark.org/docs/relnotes/wireshark-1.8.13.html

* The NFS dissector could crash
  wnpa-sec-2014-01 CVE-2014-2281
* The RLC dissector could crash
  wnpa-sec-2014-03 CVE-2014-2283
* The MPEG file parser could overflow a buffer
  wnpa-sec-2014-04 CVE-2014-2299

Reproducible: Didn't try
Comment 1 Andreas Stieger 2014-03-08 11:32:54 UTC
Maintenance request for openSUSE 12.3 and 13.1:
https://build.opensuse.org/request/show/225145
Comment 2 Bernhard Wiedemann 2014-03-08 12:00:11 UTC
This is an autogenerated message for OBS integration:
This bug (867485) was mentioned in
https://build.opensuse.org/request/show/225147 Factory / wireshark
Comment 3 Marcus Meissner 2014-03-13 10:23:58 UTC
CVE-2014-2281 CVE-2014-2282 CVE-2014-2283 CVE-2014-2299
Comment 4 Swamp Workflow Management 2014-03-17 09:04:36 UTC
openSUSE-SU-2014:0382-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 867485
CVE References: CVE-2014-2281,CVE-2014-2282,CVE-2014-2283,CVE-2014-2299
Sources used:
openSUSE 13.1 (src):    wireshark-1.10.6-8.1
openSUSE 12.3 (src):    wireshark-1.8.13-1.32.1
Comment 5 Swamp Workflow Management 2014-03-17 10:04:19 UTC
openSUSE-SU-2014:0383-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 867485
CVE References: CVE-2014-2281,CVE-2014-2283,CVE-2014-2299
Sources used:
openSUSE 11.4 (src):    wireshark-1.8.13-69.1
Comment 8 Swamp Workflow Management 2014-03-25 09:35:43 UTC
The SWAMPID for this issue is 56778.
This issue was rated as moderate.
Please submit fixed packages until 2014-04-08.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 9 SMASH SMASH 2014-03-25 09:40:11 UTC
Affected packages:

SLE-11-SP3: wireshark
SLE-10-SP3-TERADATA: wireshark
Comment 10 Swamp Workflow Management 2014-04-07 07:06:09 UTC
Update released for: wireshark, wireshark-debuginfo, wireshark-debugsource, wireshark-devel
Products:
SLE-DEBUGINFO 11-SP1-TERADATA (x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)
Comment 11 Swamp Workflow Management 2014-04-07 09:04:21 UTC
Update released for: wireshark, wireshark-debuginfo, wireshark-devel
Products:
SLE-DEBUGINFO 10-SP3-TERADATA (x86_64)
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 12 Swamp Workflow Management 2014-04-07 23:13:01 UTC
Update released for: wireshark, wireshark-debuginfo, wireshark-debugsource, wireshark-devel
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP3 (i386, x86_64)
Comment 13 Swamp Workflow Management 2014-04-08 03:04:23 UTC
SUSE-SU-2014:0487-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 867485
CVE References: CVE-2014-2281,CVE-2014-2282,CVE-2014-2283,CVE-2014-2299
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    wireshark-1.8.13-0.5.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    wireshark-1.8.13-0.5.1
SUSE Linux Enterprise Server 11 SP3 (src):    wireshark-1.8.13-0.5.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    wireshark-1.8.13-0.5.1
Comment 14 Alexander Bergmann 2014-04-09 07:51:39 UTC
Fixed and released. Closing bug.