Bug 856496 (CVE-2013-7114) - VUL-0: CVE-2013-7114: wireshark: NTLMSSP v2 dissector could crash
Summary: VUL-0: CVE-2013-7114: wireshark: NTLMSSP v2 dissector could crash
Status: RESOLVED FIXED
Alias: CVE-2013-7114
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Deadline: 2014-01-10
Assignee: Chunyan Liu
QA Contact: Security Team bot
URL:
Whiteboard: maint:released:sle11-sp2:55635
Keywords:
Depends on:
Blocks:
 
Reported: 2013-12-20 12:10 UTC by Victor Pereira
Modified: 2014-01-21 19:04 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2013-12-20 12:10:40 UTC 
CVE-2013-7114

Wireshark recently made an announcement on their website about new versions launched, which also included some security fixes:
Wireshark 1.8.12: http://www.wireshark.org/lists/wireshark-announce/201312/msg00001.html
Wireshark 1.10.4: http://www.wireshark.org/lists/wireshark-announce/201312/msg00000.html

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1044510
https://bugs.gentoo.org/show_bug.cgi?id=494612
Comment 1 Swamp Workflow Management 2013-12-20 23:00:22 UTC 
bugbot adjusting priority
Comment 3 Swamp Workflow Management 2013-12-27 11:04:12 UTC 
The SWAMPID for this issue is 55633.
This issue was rated as moderate.
Please submit fixed packages until 2014-01-10.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 4 Sebastian Krahmer 2014-01-21 11:52:54 UTC 
released
Comment 5 Swamp Workflow Management 2014-01-21 14:55:02 UTC 
Update released for: wireshark, wireshark-debuginfo, wireshark-debugsource, wireshark-devel
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP3 (i386, x86_64)
Comment 6 Swamp Workflow Management 2014-01-21 15:04:52 UTC 
Update released for: wireshark, wireshark-debuginfo, wireshark-debugsource, wireshark-devel
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)
Comment 7 Swamp Workflow Management 2014-01-21 15:05:54 UTC 
Update released for: wireshark, wireshark-debuginfo, wireshark-debugsource, wireshark-devel
Products:
SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)
SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)
Comment 8 Swamp Workflow Management 2014-01-21 19:04:33 UTC 
SUSE-SU-2014:0115-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 855980,856496,856498
CVE References: CVE-2013-7112,CVE-2013-7113,CVE-2013-7114
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    wireshark-1.8.12-0.2.1
SUSE Linux Enterprise Software Development Kit 11 SP2 (src):    wireshark-1.8.12-0.2.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    wireshark-1.8.12-0.2.1
SUSE Linux Enterprise Server 11 SP3 (src):    wireshark-1.8.12-0.2.1
SUSE Linux Enterprise Server 11 SP2 for VMware (src):    wireshark-1.8.12-0.2.1
SUSE Linux Enterprise Server 11 SP2 (src):    wireshark-1.8.12-0.2.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    wireshark-1.8.12-0.2.1
SUSE Linux Enterprise Desktop 11 SP2 (src):    wireshark-1.8.12-0.2.1