oss-sec mailing list archives
CVE Request -- wireshark: Wireshark 1.6.12 and Wireshark 1.8.4 fixes
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Thu, 29 Nov 2012 13:07:14 -0500 (EST)
Hello Kurt, Steve, vendors, Wireshark upstream has recently released v1.6.12 and v1.8.4 versions, correcting the following security issues: * #1 pcap-ng hostname disclosure (wnpa-sec-2012-30) http://www.wireshark.org/security/wnpa-sec-2012-30.html https://bugzilla.redhat.com/show_bug.cgi?id=881855 * #2 DoS (infinite loop) in the USB dissector (wnpa-sec-2012-31) http://www.wireshark.org/security/wnpa-sec-2012-31.html https://bugzilla.redhat.com/show_bug.cgi?id=881822 * #3 DoS (infinite loop) in the sFlow dissector (wnpa-sec-2012-32) http://www.wireshark.org/security/wnpa-sec-2012-32.html https://bugzilla.redhat.com/show_bug.cgi?id=881816 * #4 DoS (infinite loop) in the SCTP dissector (wnpa-sec-2012-33) http://www.wireshark.org/security/wnpa-sec-2012-33.html https://bugzilla.redhat.com/show_bug.cgi?id=881809 * #5 DoS (infinite loop) in the EIGRP dissector (wnpa-sec-2012-34) http://www.wireshark.org/security/wnpa-sec-2012-34.html https://bugzilla.redhat.com/show_bug.cgi?id=881805 * #6 DoS (crash) in the ISAKMP dissector (wnpa-sec-2012-35) http://www.wireshark.org/security/wnpa-sec-2012-35.html https://bugzilla.redhat.com/show_bug.cgi?id=881790 * #7 DoS (infinite loop) in the iSCSI dissector (wnpa-sec-2012-36) http://www.wireshark.org/security/wnpa-sec-2012-36.html https://bugzilla.redhat.com/show_bug.cgi?id=881771 * #8 DoS (infinite loop) in the WTP dissector (wnpa-sec-2012-37) http://www.wireshark.org/security/wnpa-sec-2012-37.html https://bugzilla.redhat.com/show_bug.cgi?id=881748 * #9 DoS (infinite loop) in the RTCP dissector (wnpa-sec-2012-38) http://www.wireshark.org/security/wnpa-sec-2012-38.html https://bugzilla.redhat.com/show_bug.cgi?id=881742 * #10 DoS (infinite loop) in the 3GPP2 A11 dissector (wnpa-sec-2012-39) http://www.wireshark.org/security/wnpa-sec-2012-39.html https://bugzilla.redhat.com/show_bug.cgi?id=881706 * #11 DoS (infinite loop) in the ICMPv6 dissector (wnpa-sec-2012-40) http://www.wireshark.org/security/wnpa-sec-2012-40.html https://bugzilla.redhat.com/show_bug.cgi?id=881701 Other references: http://www.wireshark.org/docs/relnotes/wireshark-1.6.12.html http://www.wireshark.org/docs/relnotes/wireshark-1.8.4.html http://www.wireshark.org/security/ https://bugs.gentoo.org/show_bug.cgi?id=445138 https://bugs.mageia.org/show_bug.cgi?id=8239 Could you allocate CVE ids for these? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team P.S.: Particular Red Hat bugzilla entries contain further information (upstream bug, reproducer && patches where available).
Current thread:
- CVE Request -- wireshark: Wireshark 1.6.12 and Wireshark 1.8.4 fixes Jan Lieskovsky (Nov 29)
- Re: CVE Request -- wireshark: Wireshark 1.6.12 and Wireshark 1.8.4 fixes Kurt Seifried (Nov 29)