SUSE-SU-2012:0576-1: moderate: Security update for wireshark

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Apr 30 19:08:15 MDT 2012


   SUSE Security Update: Security update for wireshark
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0576-1
Rating:             moderate
References:         #754474 #754476 #754477 
Cross-References:   CVE-2012-1593 CVE-2012-1595 CVE-2012-1596
                   
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP2
                    SUSE Linux Enterprise Software Development Kit 11 SP1
                    SUSE Linux Enterprise Server 11 SP2
                    SUSE Linux Enterprise Server 11 SP1 for VMware
                    SUSE Linux Enterprise Server 11 SP1
                    SUSE Linux Enterprise Desktop 11 SP2
                    SUSE Linux Enterprise Desktop 11 SP1
______________________________________________________________________________

   An update that fixes three vulnerabilities is now
   available. It includes one version update.

Description:


   This version upgrade of wireshark fixes the following
   security  vulnerabilities:

   * The ANSI A dissector could dereference a NULL pointer
   and crash. ( CVE-2012-1593
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1593
   > )
   * The pcap and pcap-ng file parsers could crash trying
   to read ERF data. (CVE-2012-1595
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1595
   > )
   * The MP2T dissector could try to allocate too much
   memory and crash. ( CVE-2012-1596
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1596
   > )

   Additionally, various other non-security bugs have been
   fixed.

Indications:

   Everyone using wireshark should update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP2:

      zypper in -t patch sdksp1-wireshark-6170

   - SUSE Linux Enterprise Software Development Kit 11 SP1:

      zypper in -t patch sdksp1-wireshark-6170

   - SUSE Linux Enterprise Server 11 SP2:

      zypper in -t patch slessp1-wireshark-6170

   - SUSE Linux Enterprise Server 11 SP1 for VMware:

      zypper in -t patch slessp1-wireshark-6170

   - SUSE Linux Enterprise Server 11 SP1:

      zypper in -t patch slessp1-wireshark-6170

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp1-wireshark-6170

   - SUSE Linux Enterprise Desktop 11 SP1:

      zypper in -t patch sledsp1-wireshark-6170

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.4.12]:

      wireshark-devel-1.4.12-0.3.2

   - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 1.4.12]:

      wireshark-1.4.12-0.3.2

   - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.4.12]:

      wireshark-devel-1.4.12-0.3.2

   - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64) [New Version: 1.4.12]:

      wireshark-1.4.12-0.3.2

   - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.4.12]:

      wireshark-1.4.12-0.3.2

   - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 1.4.12]:

      wireshark-1.4.12-0.3.2

   - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.4.12]:

      wireshark-1.4.12-0.3.2

   - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 1.4.12]:

      wireshark-1.4.12-0.3.2

   - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 1.4.12]:

      wireshark-1.4.12-0.3.2


References:

   http://support.novell.com/security/cve/CVE-2012-1593.html
   http://support.novell.com/security/cve/CVE-2012-1595.html
   http://support.novell.com/security/cve/CVE-2012-1596.html
   https://bugzilla.novell.com/754474
   https://bugzilla.novell.com/754476
   https://bugzilla.novell.com/754477
   http://download.novell.com/patch/finder/?keywords=ed4618865c926eab6615eb507ae1ca53



More information about the sle-security-updates mailing list