Bug 856495 (CVE-2013-7113) - VUL-0: CVE-2013-7113: wireshark: BSSGP dissector could crash
Summary: VUL-0: CVE-2013-7113: wireshark: BSSGP dissector could crash
Status: RESOLVED FIXED
Alias: CVE-2013-7113
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Deadline: 2014-03-18
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: maint:released:sle10-sp3:56536 maint:...
Keywords:
Depends on:
Blocks:
 
Reported: 2013-12-20 12:08 UTC by Victor Pereira
Modified: 2014-03-27 10:03 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2013-12-20 12:08:10 UTC 
CVE-2013-7113

Wireshark recently made an announcement on their website about new version launched, which also included some security fixes:
Wireshark 1.10.4: http://www.wireshark.org/lists/wireshark-announce/201312/msg00000.html


References:
https://bugzilla.redhat.com/show_bug.cgi?id=1044509
https://bugs.gentoo.org/show_bug.cgi?id=494612
Comment 1 Swamp Workflow Management 2013-12-20 23:00:18 UTC 
bugbot adjusting priority
Comment 2 Thomas Biege 2014-01-09 15:35:25 UTC 
Upstream patch:

http://anonsvn.wireshark.org/viewvc?view=revision&revision=53803
Comment 3 Thomas Biege 2014-01-09 15:36:46 UTC 
CVE-2013-7113: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Input Validation (CWE-20)
Comment 5 Swamp Workflow Management 2014-03-04 16:35:45 UTC 
The SWAMPID for this issue is 56534.
This issue was rated as moderate.
Please submit fixed packages until 2014-03-18.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 6 Swamp Workflow Management 2014-03-24 16:04:22 UTC 
Update released for: wireshark, wireshark-debuginfo, wireshark-devel
Products:
SLE-DEBUGINFO 10-SP3-TERADATA (x86_64)
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 7 Swamp Workflow Management 2014-03-24 18:04:22 UTC 
Update released for: wireshark, wireshark-debuginfo, wireshark-debugsource, wireshark-devel
Products:
SLE-DEBUGINFO 11-SP1-TERADATA (x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)
Comment 8 Swamp Workflow Management 2014-03-24 21:53:11 UTC 
Update released for: wireshark, wireshark-debuginfo, wireshark-debugsource, wireshark-devel
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP3 (i386, x86_64)
Comment 9 Swamp Workflow Management 2014-03-25 01:04:25 UTC 
SUSE-SU-2014:0431-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 856495
CVE References: CVE-2013-7113
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    wireshark-1.8.12-0.4.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    wireshark-1.8.12-0.4.1
SUSE Linux Enterprise Server 11 SP3 (src):    wireshark-1.8.12-0.4.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    wireshark-1.8.12-0.4.1
Comment 10 Marcus Meissner 2014-03-27 10:03:16 UTC 
released