Mageia alert MGASA-2012-0134 (wireshark) [LWN.net]


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2012-0134: wireshark-1.6.8-1.mga2 (2/core) 
Date:
    	       Wed, 27 Jun 2012 18:42:26 +0200
Message-ID:
    	       <20120627164226.GA19306@valstar.mageia.org>
Archive-link:
    	       Article, Thread
              
MGASA-2012-0134
Date: 	June 27th, 2012
Affected releases: 	2


Description:
This wireshark update addresses the following CVEs:

Infinite and large loops in ANSI MAP, BACapp, Bluetooth HCI, IEEE 802.3,
LTP, and R3 dissectors have been fixed. Discovered by Laurent Butti
(http://www.wireshark.org/security/wnpa-sec-2012-08.html

[CVE-2012-2392])

The DIAMETER dissector could try to allocate memory improperly and crash
(http://www.wireshark.org/security/wnpa-sec-2012-09.html

[CVE-2012-2393])

Wireshark could crash on SPARC processors due to misaligned memory.
Discovered by Klaus Heckelmann
(http://www.wireshark.org/security/wnpa-sec-2012-10.html

[CVE-2012-2394])

Other fixes in this release:
fixes 12 various other bugs (not security-related)


Updated Packages:
dumpcap-1.6.8-1.mga2
lib(64)wireshark1-1.6.8-1.mga2
lib(64)wireshark-devel-1.6.8-1.mga2
rawshark-1.6.8-1.mga2
tshark-1.6.8-1.mga2
wireshark-1.6.8-1.mga2
wireshark-tools-1.6.8-1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2392

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2393

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2394

https://bugs.mageia.org/show_bug.cgi?id=6543

https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...
(Log in to post comments)