Re: CVE Request: wireshark releases

[Andreas Stieger <astieger () suse com>]

Hello,

On 06/08/2016 09:28 AM, Marcus Meissner wrote:
> Please assign CVEs to the current wireshark releases (if not done so).
>
> Wireshark 2.0.4
> https://www.wireshark.org/lists/wireshark-announce/201606/msg00000.html
>
> Wireshark 1.12.12
> https://www.wireshark.org/lists/wireshark-announce/201606/msg00001.html

Specifically:


https://www.wireshark.org/security/wnpa-sec-2016-29
<https://www.wireshark.org/security/wnpa-sec-2016-29.html>
SPOOLS infinite loop. Fixed in 2.0.4, 1.12.12.
https://github.com/wireshark/wireshark/commit/b4d16b4495b732888e12baf5b8a7e9bf2665e22b


https://www.wireshark.org/security/wnpa-sec-2016-30
<https://www.wireshark.org/security/wnpa-sec-2016-30.html>
IEEE 802.11 dissector crash. Fixed in 2.0.4, 1.12.12.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11585
https://github.com/wireshark/wireshark/commit/9b0b20b8d5f8c9f7839d58ff6c5900f7e19283b4


https://www.wireshark.org/security/wnpa-sec-2016-31
<https://www.wireshark.org/security/wnpa-sec-2016-31.html>
IEEE 802.11 dissector crash, different from wpna-sec-2016-30. Fixed in
2.0.4.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12175
https://github.com/wireshark/wireshark/commit/b6d838eebf4456192360654092e5587c5207f185


https://www.wireshark.org/security/wnpa-sec-2016-32
<https://www.wireshark.org/security/wnpa-sec-2016-32.html>
UMTS FP crash. Fixed in 2.0.4, 1.12.12.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12191
https://github.com/wireshark/wireshark/commit/7d7190695ce2ff269fdffb04e87139995cde21f4


https://www.wireshark.org/security/wnpa-sec-2016-33
<https://www.wireshark.org/security/wnpa-sec-2016-33.html>
USB dissector crash. Fixed in 2.0.4, 1.12.12.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12356
https://github.com/wireshark/wireshark/commit/2cb5985bf47bdc8bea78d28483ed224abdd33dc6


https://www.wireshark.org/security/wnpa-sec-2016-34
<https://www.wireshark.org/security/wnpa-sec-2016-34.html>
Toshiba file parser crash. Fixed in 2.0.4, 1.12.12.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12394
https://github.com/wireshark/wireshark/commit/3270dfac43da861c714df76513456b46765ff47f
https://github.com/wireshark/wireshark/commit/5efb45231671baa2db2011d8f67f9d6e72bc455b


https://www.wireshark.org/security/wnpa-sec-2016-35
<https://www.wireshark.org/security/wnpa-sec-2016-35.html>
CoSine file parser crash. Fixed in 2.0.4, 1.12.12.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12395
https://github.com/wireshark/wireshark/commit/a66628e425db725df1ac52a3c573a03357060ddd
https://github.com/wireshark/wireshark/commit/f5ec0afb766f19519ea9623152cca3bbe2229500


https://www.wireshark.org/security/wnpa-sec-2016-36
<https://www.wireshark.org/security/wnpa-sec-2016-36.html>
NetScreen file parser crash. Fixed in 2.0.4, 1.12.12.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12396
https://github.com/wireshark/wireshark/commit/11edc83b98a61e890d7bb01855389d40e984ea82
https://github.com/wireshark/wireshark/commit/6a140eca7b78b230f1f90a739a32257476513c78


https://www.wireshark.org/security/wnpa-sec-2016-37
<https://www.wireshark.org/security/wnpa-sec-2016-37.html>
Ethernet dissector crash. Fixed in 2.0.4.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12440
https://github.com/wireshark/wireshark/commit/2c13e97d656c1c0ac4d76eb9d307664aae0e0cf7


https://www.wireshark.org/security/wnpa-sec-2016-38
<https://www.wireshark.org/security/wnpa-sec-2016-38.html>
WBXML infinite loop. Fixed in 1.12.12.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12408
https://github.com/wireshark/wireshark/commit/b8e0d416898bb975a02c1b55883342edc5b4c9c0


Andreas

-- 
Andreas Stieger <astieger () suse com>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)