[SECURITY] Fedora 18 Update: wireshark-1.8.2-1.fc18

updates at fedoraproject.org updates at fedoraproject.org
Mon Sep 17 22:53:33 UTC 2012

Fedora Update Notification
2012-08-16 16:48:42

Name        : wireshark
Product     : Fedora 18
Version     : 1.8.2
Release     : 1.fc18
URL         : http://www.wireshark.org/
Summary     : Network traffic analyzer
Description :
Wireshark is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering
library, contains command-line utilities, contains plugins and
documentation for wireshark. A graphical user interface is packaged
separately to GTK+ package.

Update Information:

Upgrade to wireshark 1.8.2

The following vulnerabilities have been fixed.

wnpa-sec-2012-13:The DCP ETSI dissector could trigger a zero division.
wnpa-sec-2012-14: The MongoDB dissector could go into a large loop.
wnpa-sec-2012-15: The XTP dissector could go into an infinite loop.
wnpa-sec-2012-16: The ERF dissector could overflow a buffer.
wnpa-sec-2012-17: AFP dissector could go into a large loop.
wnpa-sec-2012-18: RTPS2 dissector could overflow a buffer.
wnpa-sec-2012-19: GSM RLC MAC dissector could overflow a buffer.
wnpa-sec-2012-20: CIP dissector could exhaust system memory.
wnpa-sec-2012-21: STUN dissector could crash.
wnpa-sec-2012-22: EtherCAT Mailbox dissector could abort.
wnpa-sec-2012-23: CTDB dissector could go into a large loop.
wnpa-sec-2012-24: pcap-ng file parser could trigger a zero division.
wnpa-sec-2012-25: Ixia IxVeriWave file parser could overflow a buffer.

See http://www.wireshark.org/docs/relnotes/wireshark-1.8.2.html for details.

  [ 1 ] Bug #848544 - CVE-2012-4287 wireshark: DoS via excessive CPU consumption in MongoDB dissector (wnpa-sec-2012-14)
  [ 2 ] Bug #848554 - CVE-2012-4294 CVE-2012-4295 wireshark: buffer overflow in ERF dissector (wnpa-sec-2012-16)
  [ 3 ] Bug #848584 - CVE-2012-4286 wireshark: crash due to zero division in pcnap-ng file parser (wnpa-sec-2012-24)
  [ 4 ] Bug #848588 - CVE-2012-4298 wireshark: buffer overflow in Ixia IxVeriWave file parser (wnpa-sec-2012-25)

This update can be installed with the "yum" update program.  Use 
su -c 'yum update wireshark' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list