SUSE SLED12 / SLES12 Security Update : wireshark (SUSE-SU-2015:1713-1)

Wireshark has been updated to 1.12.7. FATE319388 The following vulnerabilities have been fixed : - Wireshark could crash when adding an item to the protocol tree. wnpa-sec-2015-21 CVE-2015-6241 - Wireshark could attempt to free invalid memory. wnpa-sec-2015-22 CVE-2015-6242 - Wireshark could cras...

SUSE-SU-2015:1713-1 Security update for wireshark

Wireshark has been updated to 1.12.7. FATE319388 The following vulnerabilities have been fixed: Wireshark could crash when adding an item to the protocol tree. wnpa-sec-2015-21 CVE-2015-6241 Wireshark could attempt to free invalid memory. wnpa-sec-2015-22 CVE-2015-6242 Wireshark could crash when...

[USN-2735-1] Oxide vulnerabilities

========================================================================== Ubuntu Security Notice USN-2735-1 September 08, 2015 oxide-qt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2735-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2735-1 advisory. It was discovered that the DOM tree could be corrupted during parsing in some circumstances. If a user were tricked in to opening a specially crafted...

Ubuntu: Security Advisory (USN-2735-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : wireshark -- multiple vulnerabilities (9bdd8eb5-564a-11e5-9ad8-14dae9d210b8)

Wireshark development team reports : The following vulnerabilities have been fixed. - wnpa-sec-2015-21 Protocol tree crash. Bug 11309 - wnpa-sec-2015-22 Memory manager crash. Bug 11373 - wnpa-sec-2015-23 Dissector table crash. Bug 11381 - wnpa-sec-2015-24 ZigBee crash. Bug 11389 - wnpa-sec-2015-2...

USN-2735-1: Oxide vulnerabilities

It was discovered that the DOM tree could be corrupted during parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions or cause a denial of service. CVE-2015-1291 An issue was...

Design/Logic Flaw

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service DOM tree corruption via a web...

CVE-2015-1291

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service DOM tree corruption via a web...

CVE-2015-1291

CVE-2015-1291 is a concrete Chrome/Blink vulnerability: the ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp fails to validate node types, enabling a remote attacker to bypass same-origin policy or trigger a denial of service (DOM tree corruption) through crafted JavaScript...

CVE-2015-1291

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service DOM tree corruption via a web...

CVE-2015-1291

Removed by vendor...

Wireshark protocol-tree denial-of-service vulnerability

Wireshark formerly known as Ethereal is a suite of network packet analysis software developed by the Wireshark team. A security vulnerability exists in the 'prototreeaddbytesitem' function in the epan/proto.c file in the protocol-tree implementation of Wireshark versions 1.12.7 prior to 1.12.x. T...

Code injection

The prototreeaddbytesitem function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service application crash vi...

CVE-2015-6241

The prototreeaddbytesitem function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service application crash vi...

UBUNTU-CVE-2015-6241

The prototreeaddbytesitem function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service application crash vi...

CVE-2015-6241

The prototreeaddbytesitem function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service application crash vi...

DEBIAN-CVE-2015-6241

The prototreeaddbytesitem function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service application crash vi...

CVE-2015-6241

The prototreeaddbytesitem function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service application crash vi...

CVE-2015-6241

Wireshark 1.12.x before 1.12.7 is vulnerable to CVE-2015-6241 due to proto_tree_add_bytes_item not terminating a data structure after failing to locate a number in a string, enabling remote crafted packets to cause a denial of service (crash). The issue affects the protocol-tree code in epan/prot...