oss-sec mailing list archives

CVE Request -- wireshark: Wireshark 1.6.12 and Wireshark 1.8.4 fixes

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Thu, 29 Nov 2012 13:07:14 -0500 (EST)

Hello Kurt, Steve, vendors,

  Wireshark upstream has recently released v1.6.12 and v1.8.4 versions,
correcting the following security issues:

* #1 pcap-ng hostname disclosure (wnpa-sec-2012-30)
http://www.wireshark.org/security/wnpa-sec-2012-30.html
https://bugzilla.redhat.com/show_bug.cgi?id=881855

* #2 DoS (infinite loop) in the USB dissector (wnpa-sec-2012-31)
http://www.wireshark.org/security/wnpa-sec-2012-31.html
https://bugzilla.redhat.com/show_bug.cgi?id=881822

* #3 DoS (infinite loop) in the sFlow dissector (wnpa-sec-2012-32)
http://www.wireshark.org/security/wnpa-sec-2012-32.html
https://bugzilla.redhat.com/show_bug.cgi?id=881816

* #4 DoS (infinite loop) in the SCTP dissector (wnpa-sec-2012-33)
http://www.wireshark.org/security/wnpa-sec-2012-33.html
https://bugzilla.redhat.com/show_bug.cgi?id=881809

* #5 DoS (infinite loop) in the EIGRP dissector (wnpa-sec-2012-34)
http://www.wireshark.org/security/wnpa-sec-2012-34.html
https://bugzilla.redhat.com/show_bug.cgi?id=881805

* #6 DoS (crash) in the ISAKMP dissector (wnpa-sec-2012-35)
http://www.wireshark.org/security/wnpa-sec-2012-35.html
https://bugzilla.redhat.com/show_bug.cgi?id=881790

* #7 DoS (infinite loop) in the iSCSI dissector (wnpa-sec-2012-36)
http://www.wireshark.org/security/wnpa-sec-2012-36.html
https://bugzilla.redhat.com/show_bug.cgi?id=881771

* #8 DoS (infinite loop) in the WTP dissector (wnpa-sec-2012-37)
http://www.wireshark.org/security/wnpa-sec-2012-37.html
https://bugzilla.redhat.com/show_bug.cgi?id=881748

* #9 DoS (infinite loop) in the RTCP dissector (wnpa-sec-2012-38)
http://www.wireshark.org/security/wnpa-sec-2012-38.html
https://bugzilla.redhat.com/show_bug.cgi?id=881742

* #10 DoS (infinite loop) in the 3GPP2 A11 dissector (wnpa-sec-2012-39)
http://www.wireshark.org/security/wnpa-sec-2012-39.html
https://bugzilla.redhat.com/show_bug.cgi?id=881706

* #11 DoS (infinite loop) in the ICMPv6 dissector (wnpa-sec-2012-40)
http://www.wireshark.org/security/wnpa-sec-2012-40.html
https://bugzilla.redhat.com/show_bug.cgi?id=881701

Other references:
http://www.wireshark.org/docs/relnotes/wireshark-1.6.12.html
http://www.wireshark.org/docs/relnotes/wireshark-1.8.4.html
http://www.wireshark.org/security/
https://bugs.gentoo.org/show_bug.cgi?id=445138
https://bugs.mageia.org/show_bug.cgi?id=8239

Could you allocate CVE ids for these?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

P.S.: Particular Red Hat bugzilla entries contain further information
      (upstream bug, reproducer && patches where available).

Current thread:

CVE Request -- wireshark: Wireshark 1.6.12 and Wireshark 1.8.4 fixes Jan Lieskovsky (Nov 29)
- Re: CVE Request -- wireshark: Wireshark 1.6.12 and Wireshark 1.8.4 fixes Kurt Seifried (Nov 29)