Debian-LTS alert DLA-198-1 (wireshark)
| From: | Balint Reczey <balint@balintreczey.hu> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 198-1] wireshark security update | |
| Date: | Wed, 22 Apr 2015 11:45:28 +0200 | |
| Message-ID: | <55376DB8.7010100@balintreczey.hu> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package : wireshark Version : 1.8.2-5wheezy15~deb6u1 CVE ID : CVE-2015-2191 CVE-2015-2188 CVE-2015-0564 CVE-2015-0562 CVE-2014-8714 CVE-2014-8713 CVE-2014-8712 CVE-2014-8711 CVE-2014-8710 CVE-2014-6432 CVE-2014-6431 CVE-2014-6430 CVE-2014-6429 CVE-2014-6428 CVE-2014-6423 CVE-2014-6422 The following vulnerabilities were discovered in the Squeeze's Wireshark version: CVE-2015-2188 The WCP dissector could crash CVE-2015-0564 Wireshark could crash while decypting TLS/SSL sessions CVE-2015-0562 The DEC DNA Routing Protocol dissector could crash CVE-2014-8714 TN5250 infinite loops CVE-2014-8713 NCP crashes CVE-2014-8712 NCP crashes CVE-2014-8711 AMQP crash CVE-2014-8710 SigComp UDVM buffer overflow CVE-2014-6432 Sniffer file parser crash CVE-2014-6431 Sniffer file parser crash CVE-2014-6430 Sniffer file parser crash CVE-2014-6429 Sniffer file parser crash CVE-2014-6428 SES dissector crash CVE-2014-6423 MEGACO dissector infinite loop CVE-2014-6422 RTP dissector crash Since back-porting upstream patches to 1.2.11-6+squeeze15 did not fix all the outstanding issues and some issues are not even tracked publicly the LTS Team decided to sync squeeze-lts's wireshark package with wheezy-security to provide the best possible security support. Note that upgrading Wireshark from 1.2.x to 1.8.x introduces several backward-incompatible changes in package structure, shared library API/ABI, availability of dissectors and in syntax of command line parameters. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVN224AAoJEPZk0la0aRp9XboP/0VJygAKv91+16dBUkhqvR2Y R4DGPmJJP27zdXS8OMHFVfEBqeoLno9qQVqZGVCqW0TfU3RyHkQl0GX/ojRj+yy1 Z8dD+MbpUqNmgNelityjsiXmvNn42SK3Uvu9Ys6qOAWaAirrx3HiNPSRtvnQLq/Q kzB86dM+EdhDyqyHIKct/TPGIBExOebKQeBdZJOsGykIDSs/D3gpVLtnXhXGpuci f5+h8tal+yoFGA6nqmHsNMVEoHGZPHzPHATywiQhUcPrhBQAebLfpB0C831vkhD9 +7N451WA5r3pw9nI+psNARqKPg73GKKl+/pI/Mk3/MfSkU6WmtNx61yAG1uqWLKv vY8OyiprCToPznqWdASpfnLCjtOLw6g1LAkIZO+Se4n1I9v0Jwoi56WmCKEUoXBJ 7i/5W2XPzbfocEc2OVCVVqV99Ds5wM4uuZqwtO8TYZjxmWA71qcKknaTrjLX93DP +X4WVFXKhpDJG0E0lWXKoa5QBirstl6E9Up1jpMG/uh7WZmfBvLLqvCZbFYKkgBm 7hImI2UwYq+0vNmWXTp1zyvg4qFu74AgmgeLHoCWs1WReeC2PIYtqwg0ODZWvwsE CWybNhcz3zM+OC9Z+7XQgy0TqFCbr5g5L93ZdqTQlE9PBFm7LnTGMMnX2Oug/vG5 Q0EFsaK+lGkrIMa5AOsP =NQby -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-lts-announce-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: https://lists.debian.org/55376DB8.7010100@balintreczey.hu