openSUSE alert openSUSE-SU-2012:1067-1 (wireshark) [LWN.net]


From:
    	       opensuse-security@opensuse.org 
To:
    	       opensuse-updates@opensuse.org 
Subject:
    	       openSUSE-SU-2012:1067-1: moderate: wireshark: update to 1.8.2 
Date:
    	       Thu, 30 Aug 2012 14:08:33 +0200 (CEST)
Message-ID:
    	       <20120830120833.264103224A@maintenance.suse.de>
Archive-link:
    	       Article, Thread
              
   openSUSE Security Update: wireshark: update to 1.8.2
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2012:1067-1
Rating:             moderate
References:         #776083 
Cross-References:   CVE-2012-4285 CVE-2012-4286 CVE-2012-4287
                    CVE-2012-4288 CVE-2012-4289 CVE-2012-4290
                    CVE-2012-4291 CVE-2012-4292 CVE-2012-4293
                    CVE-2012-4294 CVE-2012-4295 CVE-2012-4296
                    CVE-2012-4297 CVE-2012-4298
Affected Products:
                    openSUSE 12.2
______________________________________________________________________________

   An update that fixes 14 vulnerabilities is now available.

Description:

   Wireshark was updated to 1.8.2:
   * The DCP ETSI dissector could trigger a zero division.
   (wnpa-sec-2012-13 CVE-2012-4285)
   * The MongoDB dissector could go into a large loop.
   (wnpa-sec-2012-14 CVE-2012-4287)
   * The XTP dissector could go into an infinite loop.
   (wnpa-sec-2012-15 CVE-2012-4288)
   * The ERF dissector could overflow a buffer.
   (wnpa-sec-2012-16 CVE-2012-4294 CVE-2012-4295)
   * The AFP dissector could go into a large loop.
   (wnpa-sec-2012-17 CVE-2012-4289)
   * The RTPS2 dissector could overflow a buffer.
   (wnpa-sec-2012-18 CVE-2012-4296)
   * The GSM RLC MAC dissector could overflow a buffer.
   (wnpa-sec-2012-19 CVE-2012-4297)
   * The CIP dissector could exhaust system memory.
   (wnpa-sec-2012-20 CVE-2012-4291)
   * The STUN dissector could crash. (wnpa-sec-2012-21
   CVE-2012-4292)
   * The EtherCAT Mailbox dissector could abort.
   (wnpa-sec-2012-22 CVE-2012-4293)
   * The CTDB dissector could go into a large loop.
   (wnpa-sec-2012-23 CVE-2012-4290)
   * The pcap-ng file parser could trigger a zero
   division. (wnpa-sec-2012-24 CVE-2012-4286)
   * The Ixia IxVeriWave file parser could overflow a
   buffer. (wnpa-sec-2012-25 CVE-2012-4298) Further bug fixes
   and updated protocol support as listed in:
   http://www.wireshark.org/docs/relnotes/wireshark-1.8.2.html


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 12.2:

      zypper in -t patch openSUSE-2012-540

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 12.2 (i586 x86_64):

      wireshark-1.8.2-1.3.1
      wireshark-debuginfo-1.8.2-1.3.1
      wireshark-debugsource-1.8.2-1.3.1
      wireshark-devel-1.8.2-1.3.1


References:

   http://support.novell.com/security/cve/CVE-2012-4285.html
   http://support.novell.com/security/cve/CVE-2012-4286.html
   http://support.novell.com/security/cve/CVE-2012-4287.html
   http://support.novell.com/security/cve/CVE-2012-4288.html
   http://support.novell.com/security/cve/CVE-2012-4289.html
   http://support.novell.com/security/cve/CVE-2012-4290.html
   http://support.novell.com/security/cve/CVE-2012-4291.html
   http://support.novell.com/security/cve/CVE-2012-4292.html
   http://support.novell.com/security/cve/CVE-2012-4293.html
   http://support.novell.com/security/cve/CVE-2012-4294.html
   http://support.novell.com/security/cve/CVE-2012-4295.html
   http://support.novell.com/security/cve/CVE-2012-4296.html
   http://support.novell.com/security/cve/CVE-2012-4297.html
   http://support.novell.com/security/cve/CVE-2012-4298.html
   https://bugzilla.novell.com/776083
(Log in to post comments)