SUSE-SU-2013:0714-1: moderate: Security update for wireshark
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Apr 26 08:04:29 MDT 2013
SUSE Security Update: Security update for wireshark
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:0714-1
Rating: moderate
References: #807942
Cross-References: CVE-2013-2475 CVE-2013-2476 CVE-2013-2477
CVE-2013-2478 CVE-2013-2479 CVE-2013-2480
CVE-2013-2481 CVE-2013-2482 CVE-2013-2483
CVE-2013-2484 CVE-2013-2485 CVE-2013-2486
CVE-2013-2487 CVE-2013-2488
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 10 SP4
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 10 SP4
SLE SDK 10 SP4
______________________________________________________________________________
An update that fixes 14 vulnerabilities is now available.
It includes one version update.
Description:
wireshark has been updated to 1.8.6 which fixes bugs and
security issues:
Vulnerabilities fixed:
* The TCP dissector could crash. wnpa-sec-2013-10
CVE-2013-2475
* The HART/IP dissectory could go into an infinite
loop. wnpa-sec-2013-11 CVE-2013-2476
* The CSN.1 dissector could crash. wnpa-sec-2013-12
CVE-2013-2477
* The MS-MMS dissector could crash. wnpa-sec-2013-13
CVE-2013-2478
* The MPLS Echo dissector could go into an infinite
loop. wnpa-sec-2013-14 CVE-2013-2479
* The RTPS and RTPS2 dissectors could crash.
wnpa-sec-2013-15 CVE-2013-2480
* The Mount dissector could crash. wnpa-sec-2013-16
CVE-2013-2481
* The AMPQ dissector could go into an infinite loop.
wnpa-sec-2013-17 CVE-2013-2482
* The ACN dissector could attempt to divide by zero.
wnpa-sec-2013-18 CVE-2013-2483
* The CIMD dissector could crash. wnpa-sec-2013-19
CVE-2013-2484
* The FCSP dissector could go into an infinite loop.
wnpa-sec-2013-20 CVE-2013-2485
* The RELOAD dissector could go into an infinite loop.
wnpa-sec-2013-21 CVE-2013-2486 CVE-2013-2487
* The DTLS dissector could crash. wnpa-sec-2013-22
CVE-2013-2488
More information about further bug fixes and updated
protocol support are listed here:
http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html
<http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html
>
Security Issue references:
* CVE-2013-2475
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2475
>
* CVE-2013-2476
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2476
>
* CVE-2013-2477
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2477
>
* CVE-2013-2478
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2478
>
* CVE-2013-2479
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2479
>
* CVE-2013-2480
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2480
>
* CVE-2013-2481
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2481
>
* CVE-2013-2482
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2482
>
* CVE-2013-2483
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2483
>
* CVE-2013-2484
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2484
>
* CVE-2013-2485
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2485
>
* CVE-2013-2486
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2486
>
* CVE-2013-2487
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2487
>
* CVE-2013-2488
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2488
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP2:
zypper in -t patch sdksp2-wireshark-7490
- SUSE Linux Enterprise Server 11 SP2 for VMware:
zypper in -t patch slessp2-wireshark-7490
- SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp2-wireshark-7490
- SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp2-wireshark-7490
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.6]:
wireshark-devel-1.8.6-0.2.1
- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 1.8.6]:
wireshark-1.8.6-0.2.1
- SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 1.8.6]:
wireshark-1.8.6-0.2.1
- SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.6]:
wireshark-1.8.6-0.2.1
- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):
wireshark-1.6.14-0.5.1
wireshark-devel-1.6.14-0.5.1
- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 1.8.6]:
wireshark-1.8.6-0.2.1
- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):
wireshark-1.6.14-0.5.1
- SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):
wireshark-devel-1.6.14-0.5.1
References:
http://support.novell.com/security/cve/CVE-2013-2475.html
http://support.novell.com/security/cve/CVE-2013-2476.html
http://support.novell.com/security/cve/CVE-2013-2477.html
http://support.novell.com/security/cve/CVE-2013-2478.html
http://support.novell.com/security/cve/CVE-2013-2479.html
http://support.novell.com/security/cve/CVE-2013-2480.html
http://support.novell.com/security/cve/CVE-2013-2481.html
http://support.novell.com/security/cve/CVE-2013-2482.html
http://support.novell.com/security/cve/CVE-2013-2483.html
http://support.novell.com/security/cve/CVE-2013-2484.html
http://support.novell.com/security/cve/CVE-2013-2485.html
http://support.novell.com/security/cve/CVE-2013-2486.html
http://support.novell.com/security/cve/CVE-2013-2487.html
http://support.novell.com/security/cve/CVE-2013-2488.html
https://bugzilla.novell.com/807942
http://download.novell.com/patch/finder/?keywords=3db4a4d24062a3721e7cba8ec8f8d3a4
http://download.novell.com/patch/finder/?keywords=60a3f6bd75943bedb717cfb3ac997f9a
More information about the sle-security-updates
mailing list