Bugzilla – Bug 867485
VUL-0: wireshark 1.10.6 and 1.8.13 maintenance releases fix several vulnerabilities
Last modified: 2014-07-24 10:00:10 UTC
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:27.0) Gecko/20100101 Firefox/27.0 https://www.wireshark.org/docs/relnotes/wireshark-1.10.6.html * The NFS dissector could crash wnpa-sec-2014-01 CVE-2014-2281 * The M3UA dissector could crash wnpa-sec-2014-02 CVE-2014-2282 * The RLC dissector could crash wnpa-sec-2014-03 CVE-2014-2283 * The MPEG file parser could overflow a buffer wnpa-sec-2014-04 CVE-2014-2299 https://www.wireshark.org/docs/relnotes/wireshark-1.8.13.html * The NFS dissector could crash wnpa-sec-2014-01 CVE-2014-2281 * The RLC dissector could crash wnpa-sec-2014-03 CVE-2014-2283 * The MPEG file parser could overflow a buffer wnpa-sec-2014-04 CVE-2014-2299 Reproducible: Didn't try
Maintenance request for openSUSE 12.3 and 13.1: https://build.opensuse.org/request/show/225145
This is an autogenerated message for OBS integration: This bug (867485) was mentioned in https://build.opensuse.org/request/show/225147 Factory / wireshark
CVE-2014-2281 CVE-2014-2282 CVE-2014-2283 CVE-2014-2299
openSUSE-SU-2014:0382-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 867485 CVE References: CVE-2014-2281,CVE-2014-2282,CVE-2014-2283,CVE-2014-2299 Sources used: openSUSE 13.1 (src): wireshark-1.10.6-8.1 openSUSE 12.3 (src): wireshark-1.8.13-1.32.1
openSUSE-SU-2014:0383-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 867485 CVE References: CVE-2014-2281,CVE-2014-2283,CVE-2014-2299 Sources used: openSUSE 11.4 (src): wireshark-1.8.13-69.1
The SWAMPID for this issue is 56778. This issue was rated as moderate. Please submit fixed packages until 2014-04-08. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
Affected packages: SLE-11-SP3: wireshark SLE-10-SP3-TERADATA: wireshark
Update released for: wireshark, wireshark-debuginfo, wireshark-debugsource, wireshark-devel Products: SLE-DEBUGINFO 11-SP1-TERADATA (x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64)
Update released for: wireshark, wireshark-debuginfo, wireshark-devel Products: SLE-DEBUGINFO 10-SP3-TERADATA (x86_64) SLE-SERVER 10-SP3-TERADATA (x86_64)
Update released for: wireshark, wireshark-debuginfo, wireshark-debugsource, wireshark-devel Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
SUSE-SU-2014:0487-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 867485 CVE References: CVE-2014-2281,CVE-2014-2282,CVE-2014-2283,CVE-2014-2299 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): wireshark-1.8.13-0.5.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): wireshark-1.8.13-0.5.1 SUSE Linux Enterprise Server 11 SP3 (src): wireshark-1.8.13-0.5.1 SUSE Linux Enterprise Desktop 11 SP3 (src): wireshark-1.8.13-0.5.1
Fixed and released. Closing bug.