[SECURITY] Fedora 18 Update: wireshark-1.8.2-1.fc18
updates at fedoraproject.org
updates at fedoraproject.org
Mon Sep 17 22:53:33 UTC 2012
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-11981
2012-08-16 16:48:42
--------------------------------------------------------------------------------
Name : wireshark
Product : Fedora 18
Version : 1.8.2
Release : 1.fc18
URL : http://www.wireshark.org/
Summary : Network traffic analyzer
Description :
Wireshark is a network traffic analyzer for Unix-ish operating systems.
This package lays base for libpcap, a packet capture and filtering
library, contains command-line utilities, contains plugins and
documentation for wireshark. A graphical user interface is packaged
separately to GTK+ package.
--------------------------------------------------------------------------------
Update Information:
Upgrade to wireshark 1.8.2
The following vulnerabilities have been fixed.
wnpa-sec-2012-13:The DCP ETSI dissector could trigger a zero division.
wnpa-sec-2012-14: The MongoDB dissector could go into a large loop.
wnpa-sec-2012-15: The XTP dissector could go into an infinite loop.
wnpa-sec-2012-16: The ERF dissector could overflow a buffer.
wnpa-sec-2012-17: AFP dissector could go into a large loop.
wnpa-sec-2012-18: RTPS2 dissector could overflow a buffer.
wnpa-sec-2012-19: GSM RLC MAC dissector could overflow a buffer.
wnpa-sec-2012-20: CIP dissector could exhaust system memory.
wnpa-sec-2012-21: STUN dissector could crash.
wnpa-sec-2012-22: EtherCAT Mailbox dissector could abort.
wnpa-sec-2012-23: CTDB dissector could go into a large loop.
wnpa-sec-2012-24: pcap-ng file parser could trigger a zero division.
wnpa-sec-2012-25: Ixia IxVeriWave file parser could overflow a buffer.
See http://www.wireshark.org/docs/relnotes/wireshark-1.8.2.html for details.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #848544 - CVE-2012-4287 wireshark: DoS via excessive CPU consumption in MongoDB dissector (wnpa-sec-2012-14)
https://bugzilla.redhat.com/show_bug.cgi?id=848544
[ 2 ] Bug #848554 - CVE-2012-4294 CVE-2012-4295 wireshark: buffer overflow in ERF dissector (wnpa-sec-2012-16)
https://bugzilla.redhat.com/show_bug.cgi?id=848554
[ 3 ] Bug #848584 - CVE-2012-4286 wireshark: crash due to zero division in pcnap-ng file parser (wnpa-sec-2012-24)
https://bugzilla.redhat.com/show_bug.cgi?id=848584
[ 4 ] Bug #848588 - CVE-2012-4298 wireshark: buffer overflow in Ixia IxVeriWave file parser (wnpa-sec-2012-25)
https://bugzilla.redhat.com/show_bug.cgi?id=848588
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update wireshark' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list