Bug 823932

Summary: VUL-0: wireshark: security updates to 1.8.8
Product: [openSUSE] openSUSE 12.3 Reporter: Andreas Stieger <Andreas.Stieger>
Component: SecurityAssignee: Security Team bot <security-team>
Status: VERIFIED DUPLICATE QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P3 - Medium CC: meissner
Version: Final   
Target Milestone: ---   
Hardware: All   
OS: openSUSE 12.3   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Andreas Stieger 2013-06-07 14:10:31 UTC 
User-Agent:       Mozilla/5.0 (X11; Linux i686; rv:21.0) Gecko/20100101 Firefox/21.0

https://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html

     wnpa-sec-2013-32

    The CAPWAP dissector could crash. Discovered by Laurent Butti. (Bug 8725)

    Versions affected: 1.8.0 to 1.8.7, 1.6.0 to 1.6.15.

    wnpa-sec-2013-33

    The GMR-1 BCCH dissector could crash. Discovered by Sylvain Munaut and Laurent Butti. (Bug 7664, Bug 8726 )

    Versions affected: 1.8.0 to 1.8.7.

    wnpa-sec-2013-34

    The PPP dissector could crash. Discovered by Laurent Butti. (Bug 7880, Bug 8727 )

    Versions affected: 1.8.0 to 1.8.7.

    wnpa-sec-2013-35

    The NBAP dissector could crash. (Bug 8697)

    Versions affected: 1.8.0 to 1.8.7.

    wnpa-sec-2013-36

    The RDP dissector could crash. Discovered by Laurent Butti (Bug 8729)

    Versions affected: 1.8.0 to 1.8.7.

    wnpa-sec-2013-37

    The GSM CBCH dissector could crash. Discovered by Laurent Butti (Bug 8730)

    Versions affected: 1.8.0 to 1.8.7.

    wnpa-sec-2013-38

    The Assa Abloy R3 dissector could consume excessive memory and CPU. (Bug 8764)

    Versions affected: 1.8.0 to 1.8.7.

    wnpa-sec-2013-39

    The HTTP dissector could overrun the stack. (Bug 8733)

    Versions affected: 1.8.0 to 1.8.7, 1.6.0 to 1.6.15.

    wnpa-sec-2013-40

    The Ixia IxVeriWave file parser could overflow the heap. Discovered by Sachin Shinde. (Bug 8760)

    Versions affected: 1.8.0 to 1.8.7.

    wnpa-sec-2013-41

    The DCP ETSI dissector could crash. (Bug 8717)

    Versions affected: 1.10.0, 1.8.0 to 1.8.7, 1.6.0 to 1.6.15.

Reproducible: Always

Steps to Reproduce:
1.
2.
3.
Comment 1 Andreas Stieger 2013-06-07 15:22:33 UTC 
maintenance request:
https://build.opensuse.org/request/show/178033
Comment 2 Marcus Meissner 2013-06-14 03:12:32 UTC 
thanks, will go its way :)

btw, did you see the crash regression report?
Comment 3 Alexander Bergmann 2013-06-14 03:38:33 UTC 
Just opened a new bug for the latest wireshark versions:

Bug#824900: VUL-0: wireshark: security updates to 1.6.16 and 1.8.8

Marking this bug also as VUL-0.
Comment 4 Andreas Stieger 2013-06-14 03:42:56 UTC 
(In reply to comment #2)
> thanks, will go its way :)
> 
> btw, did you see the crash regression report?

Yes I saw Bug#824230 - wireshark does not start
Comment 5 Swamp Workflow Management 2013-06-26 08:04:36 UTC 
openSUSE-SU-2013:1084-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 823932
CVE References: CVE-2013-3555,CVE-2013-3556,CVE-2013-3557,CVE-2013-3558,CVE-2013-3559,CVE-2013-3560,CVE-2013-3561,CVE-2013-3562
Sources used:
openSUSE 12.3 (src):    wireshark-1.8.8-1.12.1
openSUSE 12.2 (src):    wireshark-1.8.8-1.31.1
Comment 6 Swamp Workflow Management 2013-06-26 09:04:21 UTC 
openSUSE-SU-2013:1086-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 823932
CVE References: CVE-2013-3555,CVE-2013-3556,CVE-2013-3557,CVE-2013-3558,CVE-2013-3559,CVE-2013-3560,CVE-2013-3561,CVE-2013-3562
Sources used:
openSUSE 11.4 (src):    wireshark-1.8.8-49.1
Comment 7 Bernhard Wiedemann 2013-06-27 00:00:12 UTC 
This is an autogenerated message for OBS integration:
This bug (823932) was mentioned in
https://build.opensuse.org/request/show/181117 Evergreen:11.2 / wireshark
Comment 8 Marcus Meissner 2013-07-05 14:27:38 UTC 
SLE issues are tracked in bug 824900

*** This bug has been marked as a duplicate of bug 824900 ***