Mageia alert MGASA-2016-0091 (wireshark)


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2016-0091: Updated wireshark packages fix security vulnerabilities 
Date:
    	       Wed, 2 Mar 2016 19:29:23 +0100
Message-ID:
    	       <20160302182923.7553A9F698@duvel.mageia.org>
MGASA-2016-0091 - Updated wireshark packages fix security vulnerabilities

Publication date: 02 Mar 2016
URL: http://advisories.mageia.org/MGASA-2016-0091.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2016-2522,
     CVE-2016-2523,
     CVE-2016-2524,
     CVE-2016-2525,
     CVE-2016-2526,
     CVE-2016-2527,
     CVE-2016-2528,
     CVE-2016-2529,
     CVE-2016-2530,
     CVE-2016-2531,
     CVE-2016-2532

Description:
Updated wireshark packages fix security vulnerabilities:

ASN.1 BER dissector crash (CVE-2016-2522).

DNP dissector infinite loop (CVE-2016-2523).

X.509AF dissector crash (CVE-2016-2524).

HTTP/2 dissector crash (CVE-2016-2525).

HiQnet dissector crash (CVE-2016-2526).

3GPP TS 32.423 Trace file parser crash (CVE-2016-2527).

LBMC dissector crash (CVE-2016-2528).

iSeries file parser crash (CVE-2016-2529).

RSL dissector crash (CVE-2016-2530, CVE-2016-2531).

LLRP dissector crash (CVE-2016-2532).

The wireshark package has been updated to version 2.0.2, fixing these issues as
well as other dissector crashes, a dissector loop issue, another file parser
crash, and several other bugs.  See the upstream release notes for details.

References:
- https://bugs.mageia.org/show_bug.cgi?id=17848
- https://www.wireshark.org/security/wnpa-sec-2016-02.html
- https://www.wireshark.org/security/wnpa-sec-2016-03.html
- https://www.wireshark.org/security/wnpa-sec-2016-04.html
- https://www.wireshark.org/security/wnpa-sec-2016-05.html
- https://www.wireshark.org/security/wnpa-sec-2016-06.html
- https://www.wireshark.org/security/wnpa-sec-2016-07.html
- https://www.wireshark.org/security/wnpa-sec-2016-08.html
- https://www.wireshark.org/security/wnpa-sec-2016-09.html
- https://www.wireshark.org/security/wnpa-sec-2016-10.html
- https://www.wireshark.org/security/wnpa-sec-2016-11.html
- https://www.wireshark.org/security/wnpa-sec-2016-12.html
- https://www.wireshark.org/security/wnpa-sec-2016-13.html
- https://www.wireshark.org/security/wnpa-sec-2016-14.html
- https://www.wireshark.org/security/wnpa-sec-2016-15.html
- https://www.wireshark.org/security/wnpa-sec-2016-16.html
- https://www.wireshark.org/security/wnpa-sec-2016-17.html
- https://www.wireshark.org/security/wnpa-sec-2016-18.html
- https://www.wireshark.org/docs/relnotes/wireshark-2.0.2.html
- https://www.wireshark.org/news/20160226.html
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2522
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2523
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2524
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2525
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2526
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2527
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2528
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2529
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2530
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2531
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2532

SRPMS:
- 5/core/wireshark-2.0.2-1.mga5
From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2016-0091: Updated wireshark packages fix security vulnerabilities
Date:		Wed, 2 Mar 2016 19:29:23 +0100
Message-ID:		<20160302182923.7553A9F698@duvel.mageia.org>