Security update for wireshark (important)

2014-09-2700:04:33

lists.opensuse.org

0.011 Low

EPSS

Percentile

82.9%

JSON

The wireshark package was upgraded to 1.10.10 from 1.8.x as 1.8 was
discontinued.

This update fixes vulnerabilities that could allow an attacker to crash
Wireshark or make it become unresponsive by sending specific packets onto
the network or have them loaded via a capture file while the dissectors
are running. It also contains a number of other bug fixes.

   * RTP dissector crash. (wnpa-sec-2014-12 CVE-2014-6421 CVE-2014-6422)
   * MEGACO dissector infinite loop. (wnpa-sec-2014-13 CVE-2014-6423)
   * Netflow dissector crash. (wnpa-sec-2014-14 CVE-2014-6424)
   * RTSP dissector crash. (wnpa-sec-2014-17 CVE-2014-6427)
   * SES dissector crash. (wnpa-sec-2014-18 CVE-2014-6428)
   * Sniffer file parser crash. (wnpa-sec-2014-19 CVE-2014-6429
     CVE-2014-6430 CVE-2014-6431 CVE-2014-6432)
   * The Catapult DCT2000 and IrDA dissectors could underrun a buffer.
     (wnpa-sec-2014-08 CVE-2014-5161 CVE-2014-5162, bnc#889901)
   * The GSM Management dissector could crash. (wnpa-sec-2014-09
     CVE-2014-5163, bnc#889906)
   * The RLC dissector could crash. (wnpa-sec-2014-10 CVE-2014-5164,
     bnc#889900)
   * The ASN.1 BER dissector could crash. (wnpa-sec-2014-11
     CVE-2014-5165, bnc#889899)

Further bug fixes as listed in:
<a href=“https://www.wireshark.org/docs/relnotes/wireshark-1.10.10.html”>https://www.wireshark.org/docs/relnotes/wireshark-1.10.10.html</a>
<<a href=“https://www.wireshark.org/docs/relnotes/wireshark-1.10.10.html”>https://www.wireshark.org/docs/relnotes/wireshark-1.10.10.html</a>> and
<a href=“https://www.wireshark.org/docs/relnotes/wireshark-1.10.9.html”>https://www.wireshark.org/docs/relnotes/wireshark-1.10.9.html</a>
<<a href=“https://www.wireshark.org/docs/relnotes/wireshark-1.10.9.html”>https://www.wireshark.org/docs/relnotes/wireshark-1.10.9.html</a>> .

Security Issues:

   * CVE-2014-5161
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5161">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5161</a>&gt;
   * CVE-2014-5162
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5162">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5162</a>&gt;
   * CVE-2014-5163
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5163">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5163</a>&gt;
   * CVE-2014-5164
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5164">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5164</a>&gt;
   * CVE-2014-5165
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5165">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5165</a>&gt;
   * CVE-2014-6421
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6421">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6421</a>&gt;
   * CVE-2014-6422
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6422">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6422</a>&gt;
   * CVE-2014-6423
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6423">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6423</a>&gt;
   * CVE-2014-6424
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6424">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6424</a>&gt;
   * CVE-2014-6427
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6427">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6427</a>&gt;
   * CVE-2014-6428
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6428">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6428</a>&gt;
   * CVE-2014-6429
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6429">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6429</a>&gt;
   * CVE-2014-6430
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6430">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6430</a>&gt;
   * CVE-2014-6431
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6431">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6431</a>&gt;
   * CVE-2014-6432
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6432">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6432</a>&gt;

OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Software Development Kit11.3s390xwireshark-devel< 1.10.10-0.2.1wireshark-devel-1.10.10-0.2.1.s390x.rpm
SUSE Linux Enterprise Software Development Kit11.3i586wireshark-devel< 1.10.10-0.2.1wireshark-devel-1.10.10-0.2.1.i586.rpm
SUSE Linux Enterprise Software Development Kit11.3x86_64wireshark< 1.10.10-0.2.1wireshark-1.10.10-0.2.1.x86_64.rpm
SUSE Linux Enterprise Desktop11.3x86_64wireshark< 1.10.10-0.2.1wireshark-1.10.10-0.2.1.x86_64.rpm
SUSE Linux Enterprise Server11.3ppc64wireshark< 1.10.10-0.2.1wireshark-1.10.10-0.2.1.ppc64.rpm
SUSE Linux Enterprise Software Development Kit11.3ppc64wireshark-devel< 1.10.10-0.2.1wireshark-devel-1.10.10-0.2.1.ppc64.rpm
SUSE Linux Enterprise Software Development Kit11.3i586wireshark< 1.10.10-0.2.1wireshark-1.10.10-0.2.1.i586.rpm
SUSE Linux Enterprise Server11.3i586wireshark< 1.10.10-0.2.1wireshark-1.10.10-0.2.1.i586.rpm
SUSE Linux Enterprise Software Development Kit11.3ia64wireshark-devel< 1.10.10-0.2.1wireshark-devel-1.10.10-0.2.1.ia64.rpm
SUSE Linux Enterprise Software Development Kit11.3x86_64wireshark-devel< 1.10.10-0.2.1wireshark-devel-1.10.10-0.2.1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
SUSE Linux Enterprise Software Development Kit	11.3	s390x	wireshark-devel	< 1.10.10-0.2.1	wireshark-devel-1.10.10-0.2.1.s390x.rpm
SUSE Linux Enterprise Software Development Kit	11.3	i586	wireshark-devel	< 1.10.10-0.2.1	wireshark-devel-1.10.10-0.2.1.i586.rpm
SUSE Linux Enterprise Software Development Kit	11.3	x86_64	wireshark	< 1.10.10-0.2.1	wireshark-1.10.10-0.2.1.x86_64.rpm
SUSE Linux Enterprise Desktop	11.3	x86_64	wireshark	< 1.10.10-0.2.1	wireshark-1.10.10-0.2.1.x86_64.rpm
SUSE Linux Enterprise Server	11.3	ppc64	wireshark	< 1.10.10-0.2.1	wireshark-1.10.10-0.2.1.ppc64.rpm
SUSE Linux Enterprise Software Development Kit	11.3	ppc64	wireshark-devel	< 1.10.10-0.2.1	wireshark-devel-1.10.10-0.2.1.ppc64.rpm
SUSE Linux Enterprise Software Development Kit	11.3	i586	wireshark	< 1.10.10-0.2.1	wireshark-1.10.10-0.2.1.i586.rpm
SUSE Linux Enterprise Server	11.3	i586	wireshark	< 1.10.10-0.2.1	wireshark-1.10.10-0.2.1.i586.rpm
SUSE Linux Enterprise Software Development Kit	11.3	ia64	wireshark-devel	< 1.10.10-0.2.1	wireshark-devel-1.10.10-0.2.1.ia64.rpm
SUSE Linux Enterprise Software Development Kit	11.3	x86_64	wireshark-devel	< 1.10.10-0.2.1	wireshark-devel-1.10.10-0.2.1.x86_64.rpm