openSUSE alert openSUSE-SU-2012:1633-1 (wireshark) [LWN.net]


From:
    	       opensuse-security@opensuse.org 
To:
    	       opensuse-updates@opensuse.org 
Subject:
    	       openSUSE-SU-2012:1633-1: moderate: wireshark to 1.8.4 
Date:
    	       Mon, 10 Dec 2012 12:08:39 +0100 (CET)
Message-ID:
    	       <20121210110839.861F732160@maintenance.suse.de>
Archive-link:
    	       Article, Thread
              
   openSUSE Security Update: wireshark to 1.8.4
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2012:1633-1
Rating:             moderate
References:         #780669 #792005 
Cross-References:   CVE-2012-5592 CVE-2012-5593 CVE-2012-5594
                    CVE-2012-5595 CVE-2012-5596 CVE-2012-5597
                    CVE-2012-5598 CVE-2012-5599 CVE-2012-5600
                    CVE-2012-5601 CVE-2012-5602
Affected Products:
                    openSUSE 12.2
                    openSUSE 12.1
______________________________________________________________________________

   An update that fixes 11 vulnerabilities is now available.

Description:

   This update fixes the following issues for wireshark:

   - Security update to 1.8.4:

   https://www.wireshark.org/docs/relnotes/wireshark-1.8.4.html
   http://seclists.org/oss-sec/2012/q4/378

   CVE-2012-5592 Wireshark #1 pcap-ng hostname disclosure
   (wnpa-sec-2012-30)

   CVE-2012-5593 Wireshark #2 DoS (infinite loop) in the USB
   dissector (wnpa-sec-2012-31)

   CVE-2012-5594 Wireshark #3 DoS (infinite loop) in the sFlow
   dissector (wnpa-sec-2012-32)

   CVE-2012-5595 Wireshark #4 DoS (infinite loop) in the SCTP
   dissector (wnpa-sec-2012-33)

   CVE-2012-5596 Wireshark #5 DoS (infinite loop) in the EIGRP
   dissector (wnpa-sec-2012-34)

   CVE-2012-5597 Wireshark #6 DoS (crash) in the ISAKMP
   dissector (wnpa-sec-2012-35)

   CVE-2012-5598 Wireshark #7 DoS (infinite loop) in the iSCSI
   dissector (wnpa-sec-2012-36)

   CVE-2012-5599 Wireshark #8 DoS (infinite loop) in the WTP
   dissector (wnpa-sec-2012-37)

   CVE-2012-5600 Wireshark #9 DoS (infinite loop) in the RTCP
   dissector (wnpa-sec-2012-38)

   CVE-2012-5601 Wireshark #10 DoS (infinite loop) in the
   3GPP2 A11 dissector (wnpa-sec-2012-39)

   CVE-2012-5602 Wireshark #11 DoS (infinite loop) in the
   ICMPv6 dissector (wnpa-sec-2012-40)

   And also the bugfix:
   - bnc#780669: change wireshark.spec BuildRequires lua-devel
   to lua51-devel to fix lua-support in openSUSE 12.2


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 12.2:

      zypper in -t patch openSUSE-2012-844

   - openSUSE 12.1:

      zypper in -t patch openSUSE-2012-844

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 12.2 (i586 x86_64):

      wireshark-1.8.4-1.15.1
      wireshark-debuginfo-1.8.4-1.15.1
      wireshark-debugsource-1.8.4-1.15.1
      wireshark-devel-1.8.4-1.15.1

   - openSUSE 12.1 (i586 x86_64):

      wireshark-1.8.4-3.33.1
      wireshark-debuginfo-1.8.4-3.33.1
      wireshark-debugsource-1.8.4-3.33.1
      wireshark-devel-1.8.4-3.33.1


References:

   http://support.novell.com/security/cve/CVE-2012-5592.html
   http://support.novell.com/security/cve/CVE-2012-5593.html
   http://support.novell.com/security/cve/CVE-2012-5594.html
   http://support.novell.com/security/cve/CVE-2012-5595.html
   http://support.novell.com/security/cve/CVE-2012-5596.html
   http://support.novell.com/security/cve/CVE-2012-5597.html
   http://support.novell.com/security/cve/CVE-2012-5598.html
   http://support.novell.com/security/cve/CVE-2012-5599.html
   http://support.novell.com/security/cve/CVE-2012-5600.html
   http://support.novell.com/security/cve/CVE-2012-5601.html
   http://support.novell.com/security/cve/CVE-2012-5602.html
   https://bugzilla.novell.com/780669
   https://bugzilla.novell.com/792005
(Log in to post comments)