SUSE-SU-2012:0576-1: moderate: Security update for wireshark
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Apr 30 19:08:15 MDT 2012
SUSE Security Update: Security update for wireshark
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0576-1
Rating: moderate
References: #754474 #754476 #754477
Cross-References: CVE-2012-1593 CVE-2012-1595 CVE-2012-1596
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP2
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP1 for VMware
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP1
______________________________________________________________________________
An update that fixes three vulnerabilities is now
available. It includes one version update.
Description:
This version upgrade of wireshark fixes the following
security vulnerabilities:
* The ANSI A dissector could dereference a NULL pointer
and crash. ( CVE-2012-1593
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1593
> )
* The pcap and pcap-ng file parsers could crash trying
to read ERF data. (CVE-2012-1595
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1595
> )
* The MP2T dissector could try to allocate too much
memory and crash. ( CVE-2012-1596
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1596
> )
Additionally, various other non-security bugs have been
fixed.
Indications:
Everyone using wireshark should update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP2:
zypper in -t patch sdksp1-wireshark-6170
- SUSE Linux Enterprise Software Development Kit 11 SP1:
zypper in -t patch sdksp1-wireshark-6170
- SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp1-wireshark-6170
- SUSE Linux Enterprise Server 11 SP1 for VMware:
zypper in -t patch slessp1-wireshark-6170
- SUSE Linux Enterprise Server 11 SP1:
zypper in -t patch slessp1-wireshark-6170
- SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp1-wireshark-6170
- SUSE Linux Enterprise Desktop 11 SP1:
zypper in -t patch sledsp1-wireshark-6170
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.4.12]:
wireshark-devel-1.4.12-0.3.2
- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 1.4.12]:
wireshark-1.4.12-0.3.2
- SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.4.12]:
wireshark-devel-1.4.12-0.3.2
- SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64) [New Version: 1.4.12]:
wireshark-1.4.12-0.3.2
- SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.4.12]:
wireshark-1.4.12-0.3.2
- SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 1.4.12]:
wireshark-1.4.12-0.3.2
- SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.4.12]:
wireshark-1.4.12-0.3.2
- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 1.4.12]:
wireshark-1.4.12-0.3.2
- SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 1.4.12]:
wireshark-1.4.12-0.3.2
References:
http://support.novell.com/security/cve/CVE-2012-1593.html
http://support.novell.com/security/cve/CVE-2012-1595.html
http://support.novell.com/security/cve/CVE-2012-1596.html
https://bugzilla.novell.com/754474
https://bugzilla.novell.com/754476
https://bugzilla.novell.com/754477
http://download.novell.com/patch/finder/?keywords=ed4618865c926eab6615eb507ae1ca53
More information about the sle-security-updates
mailing list