First Last Prev Next    This bug is not in your last search results.
Bug 977983 - (CVE-2016-4417) VUL-0: CVE-2016-4417: wireshark: multiple issues in 1.12.x before 1.12.10 and 2.x before 2.0.2
(CVE-2016-4417)
VUL-0: CVE-2016-4417: wireshark: multiple issues in 1.12.x before 1.12.10 and...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Lingshan Zhu
Security Team bot
CVSSv2:NVD:CVE-2016-4419:4.3:(AV:N/AC...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-05-02 07:56 UTC by Sebastian Krahmer
Modified: 2016-11-18 13:29 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2016-05-02 07:56:15 UTC 
Via oss-sec:

there's quite a backlog of Wireshark vulnerabilities which don't
have CVE IDs assigned:

Ixia IxVeriWave file parser crash :
https://www.wireshark.org/security/wnpa-sec-2016-12.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11795

IEEE 802.11 dissector crash :
https://www.wireshark.org/security/wnpa-sec-2016-13.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11818

GSM A-bis OML dissector crash :
https://www.wireshark.org/security/wnpa-sec-2016-14.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11825

ASN.1 BER dissector crash :
https://www.wireshark.org/security/wnpa-sec-2016-15.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12106

SPICE dissector large loop :
https://www.wireshark.org/security/wnpa-sec-2016-16.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12151

NFS dissector crash :
https://www.wireshark.org/security/wnpa-sec-2016-17.html

ASN.1 BER dissector crash :
https://www.wireshark.org/security/wnpa-sec-2016-18.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11822

NCP dissector crash :
https://www.wireshark.org/security/wnpa-sec-2016-19.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11591

TShark reassembly crash :
https://www.wireshark.org/security/wnpa-sec-2016-20.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11799

IEEE 802.11 dissector crash :
https://www.wireshark.org/security/wnpa-sec-2016-21.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11824
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12187

PKTC dissector crash :
https://www.wireshark.org/security/wnpa-sec-2016-22.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12206

PKTC dissector crash :
https://www.wireshark.org/security/wnpa-sec-2016-23.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12242

IAX2 infinite loop :
https://www.wireshark.org/security/wnpa-sec-2016-24.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12260

Wireshark and TShark crash :
https://www.wireshark.org/security/wnpa-sec-2016-25.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12268

GSM CBCH dissector crash :
https://www.wireshark.org/security/wnpa-sec-2016-26.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12278

MS-WSP dissector crash :
https://www.wireshark.org/security/wnpa-sec-2016-27.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12341
Comment 4 Swamp Workflow Management 2016-05-02 22:00:21 UTC 
bugbot adjusting priority
Comment 6 Sebastian Krahmer 2016-05-03 09:01:15 UTC 
So basically, only those issues who got a CVE are new and will
be fixed with the new submissions. We will be first releasing
the running update.
Comment 7 Lingshan Zhu 2016-06-06 07:57:17 UTC 
(In reply to Sebastian Krahmer from comment #5)

Seems not got CVEs yet.

> Just these:
> 
> Ixia IxVeriWave file parser crash :
> https://www.wireshark.org/security/wnpa-sec-2016-12.html
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11795

I can find this fix in version 2.03, but not found in tag 1.12.11. As described in https://www.wireshark.org/security/wnpa-sec-2016-12.html,  only affect v2.0.x.

> 
> IEEE 802.11 dissector crash :
> https://www.wireshark.org/security/wnpa-sec-2016-13.html
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11818
> 
only affect v2.0.x, fix not found in tag 1.12.11

> GSM A-bis OML dissector crash :
> https://www.wireshark.org/security/wnpa-sec-2016-14.html
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11825
> 

Already fixed in v1.12.10,fix found in tag v1.12.11

> ASN.1 BER dissector crash :
> https://www.wireshark.org/security/wnpa-sec-2016-15.html
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12106
> 

Already fixed in v1.12.10, fix found in tag v1.12.11

> SPICE dissector large loop :
> https://www.wireshark.org/security/wnpa-sec-2016-16.html
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12151
> 

only affect v2.0.x, fix not found in tag 1.12.11

> NFS dissector crash :
> https://www.wireshark.org/security/wnpa-sec-2016-17.html
> 
only affect v2.0.x.

> ASN.1 BER dissector crash :
> https://www.wireshark.org/security/wnpa-sec-2016-18.html
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11822
> 

Already fixed in v1.12.10
> 
> seem new. The other ones were handled in:
> 
> https://bugzilla.suse.com/show_bug.cgi?id=976944
Comment 8 Lingshan Zhu 2016-06-13 06:56:09 UTC 
close this bug, the CVEs all fixed in previous update, version 1.12.10
Comment 9 Lingshan Zhu 2016-06-22 09:20:25 UTC 
Sorry I don't know I need to assign it to security team after my works.

assign this bug for security-team@suse.de, please reassign is to me after everything done.
Comment 10 Lingshan Zhu 2016-06-24 07:05:18 UTC 
take again for my tracking.
First Last Prev Next    This bug is not in your last search results.