Bug 783275

Summary: wireshark maintenance update to 1.8.3
Product: [openSUSE] openSUSE 12.2 Reporter: Andreas Stieger <Andreas.Stieger>
Component: SecurityAssignee: Security Team bot <security-team>
Status: VERIFIED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: meissner
Version: Final   
Target Milestone: ---   
Hardware: All   
OS: openSUSE 12.2   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Andreas Stieger 2012-10-02 20:09:49 UTC 
User-Agent:       Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20100101 Firefox/15.0

From https://www.wireshark.org/docs/relnotes/wireshark-1.8.3.html

The HSRP dissector could go into an infinite loop.
wnpa-sec-2012-26 CVE-2012-5237

The PPP dissector could abort.
wnpa-sec-2012-27 CVE-2012-5238

Martin Wilck discovered an infinite loop in the DRDA dissector.
wnpa-sec-2012-28 CVE-2012-5239 CVE-2012-3548 (see bnc#778000)

Laurent Butti discovered a buffer overflow in the LDP dissector.
wnpa-sec-2012-29 CVE-2012-5240

Reproducible: Always

Steps to Reproduce:
1.
2.
3.
Comment 1 Andreas Stieger 2012-10-02 20:11:30 UTC 
As per bnc#781594, also this should also be a maintenance update to 11.4 and 12.1 as wireskark 1.4 is EOL.
Comment 2 Bernhard Wiedemann 2012-10-02 22:00:13 UTC 
This is an autogenerated message for OBS integration:
This bug (783275) was mentioned in
https://build.opensuse.org/request/show/136811 Factory / wireshark
Comment 3 Andreas Stieger 2012-10-02 22:55:41 UTC 
MR: https://build.opensuse.org/request/show/136821 (11.4, 12.1, from 1.4.13)
MR: https://build.opensuse.org/request/show/136823 (12.2)
Comment 4 Marcus Meissner 2012-10-03 12:36:37 UTC 
*** Bug 778000 has been marked as a duplicate of this bug. ***
Comment 5 Swamp Workflow Management 2012-10-11 08:08:48 UTC 
openSUSE-SU-2012:1328-1: An update that contains security fixes can now be installed.

Category: security (moderate)
Bug References: 781594,783275
CVE References: 
Sources used:
openSUSE 12.2 (src):    wireshark-1.8.3-1.7.1
openSUSE 12.1 (src):    wireshark-1.8.3-3.29.1
openSUSE 11.4 (src):    wireshark-1.8.3-29.1
Comment 6 Bernhard Wiedemann 2012-10-19 06:01:16 UTC 
This is an autogenerated message for OBS integration:
This bug (783275) was mentioned in
https://build.opensuse.org/request/show/138778 Evergreen:11.2 / wireshark
Comment 7 Andreas Stieger 2012-11-13 22:41:39 UTC 
Update released, closing.